Docs
About Signatures

About Signatures

All about the signatures used in the TikTokLive libraries.

What is a signature?

A signature is a unique digital fingerprint that verifies the authenticity and integrity of requests made to TikTok. These signatures appear as query parameters in all API requests on TikTok.

If a signature is incorrectly formatted or not provided, TikTok will reject the request to whatever URL you are trying to read from as they will identify you as malicious website traffic and not an actual customer using their website.

The Euler Stream service generates these signatures for you. Then, 3rd-party libraries use them to connect to TikTok's internal Webcast API directly.

Euler Stream does not scrape TikTok.

Why do requests need to be signed?

TikTokLive and its sister libraries scrape the TikTok web HTML to get the URL of a livestream's websocket server.

Connecting to this server allows creators to receive information (Comments, Gifts, etc.) about their stream. In order to do this, we generate signatures for you to use to connect to the TikTok WebSocket server.

What is "tiktok.eulerstream.com"

The tiktok.eulerstream.com API is responsible for generating signatures so that you can connect to TikTok.

The end-result is that the TikTok LIVE libraries use the API to do the token/signature generation for them, so that they do not have to. This has several benefits and drawbacks:

Benefits

  1. If TikTok make a change that breaks signature generation, no library update is needed by you, we just fix the API
  2. TikTok do not have a 100% knowledge of how we do things, so if they wanted to block us, it would be harder (NOTE: As of 2023 TikTok are no longer attempting to block the library)
  3. Because the generation is private, our library does not put TikTok at risk of mass data harvesting. If the signature generation was in the library it could be repurposed for any part of the TikTok site and be used maliciously
  4. We limit abuse of the library. For example, if someone tries to view-bot a stream using it, we simply block their proxies. Doing this means that TikTok don't have to block us to prevent spam anymore. We have effectively gotten rid of any pressure to stop the library because it is almost entirely used by creators to produce livestream tools.

Drawbacks

  1. This is an open source library. As such, having a core component not being open source is dubious
  2. We are now responsible for making sure this API runs 24/7, which is incredibly difficult given we have lives
  3. We become arbiters of what is and is not acceptable use of our library, which is a difficult position to be in

The Takeaway

Hosting the sign server is done for free. It costs us money and time. It sucks that it can't be open source, but it has to be.

All TikTok LIVE libraries currently support the use of your own signature server. This means you can use the open source tool but connect it to YOUR OWN signature generation API. Anyone can do this.

Companies basing themselves off of this library are heavily recommended to rely on their own signature generation. Reverse-engineering the signatures necessary is not hard and companies can hire individuals on Upwork to do it for cheap.