Closed pthieu closed 2 years ago
Hi there,
Here's a working example of what you are trying to achieve.
dynamicParams
should be changed , in your case you have to change secUid
with your user ID.
@carcabot that makes sense. I know I can get secUid
in DevTools if I go to TikTok, but is there an easier way?
Also, are you open to PRs? I'm interested in creating a JS example in the example folder so it shouldn't affect functionality.
secUid should be available on any profile page source, or you can use a 3rd party library to gather user data easily.
Feel free to submit any PR that can help the community.
Greetings.
I found an easy way to get it for the time being: https://t.tiktok.com/api/user/detail/?aid=1988&uniqueId={username}&language=it
Will open up a PR when I get a working example.
@carcabot
Is this a captcha getting in the way?
My code:
const Signer = require('tiktok-signature');
const rp = require('request-promise');
const SEC_UID =
'put your id here';
const USER_AGENT =
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.109 Safari/537.36';
async function main() {
const signer = new Signer(null, USER_AGENT);
await signer.init();
const dynamicParams = `https://t.tiktok.com/api/post/item_list/?aid=1988&count=30&secUid=${SEC_UID}&cursor=0`;
const signature = await signer.sign(dynamicParams);
const navigator = await signer.navigator();
await signer.close();
// console.log(signature);
// console.log(navigator);
const { signed_url: signedURL, x_tt_params: xTtParams } = signature;
const { user_agent: userAgent } = navigator;
const res = await testSignedUrl({ userAgent, signedURL, xTtParams });
console.log(res);
debugger;
}
async function testSignedUrl({ userAgent, signedURL, xTtParams }) {
const options = {
method: 'GET',
headers: {
'user-agent': userAgent,
'x-tt-params': xTtParams,
},
uri: signedURL,
json: true,
};
return rp(options);
}
main();
Response:
{
code: '10000',
from: '',
type: 'verify',
version: '',
region: 'sg',
subtype: 'whirl',
detail: 'Y0MNaZRNCAOhTGciztQp1ImbLDRv0KqUIpRBhcHUJFUbbwLKpE3J6l16sJn4t67GjTR0Mux0BhBYHvK0S6VDduj8EZtEM0B3MzuHq9xiz1wy9SWM4Tmg7kJHaHXsdyqy*gX2OpDXdOLxmejq38bw9eUhGKTakWeJW07L7Rtmxkq-nOoXn*DuCwEd2b8YQ*jcvgMn6E4z2vD4PyqkLnxl7Eb4utk7Pp7BSyLejoGkt*fYT2fPBvzi-Ok9HWwmAE6zj7VW5dRkWAIziLgz7DwAqnB8WbhBm*rh8nFrFwuZhT0LP0uZXxhZAVMvpB*0NQ8-A9rPueABtxNAlCVlbLH1Ag9ePLq41ra6DF5D1oFZdACAoZuwCEpEigCyNXL8eRH3h*04yA4lmqjA',
verify_event: '',
fp: 'verify_5b161567bda98b6a50c0414d99909d4b',
scene: '',
verify_ticket: '',
channel_mobile: '',
sms_content: '',
mobile: '',
email: ''
}
I read https://github.com/carcabot/tiktok-signature/issues/90 and https://github.com/carcabot/tiktok-signature/issues/86 and tried to change my user-agent
but it didn't work.
I did also read your trick in https://github.com/carcabot/tiktok-signature/issues/140#issuecomment-1054432454
I don't provide that in the dynamicParams
, not sure if this is needed? How would I go about programmatically generating this or can it be any value?
dynamicParams
should contain all parameters because are mandatory.
secUid
, cursor
and count
can be modified dynamically.
dynamicParams = "https://m.tiktok.com/api/post/item_list/?aid=1988&count=30&cursor=0&secUid=MS4wLjABAAAAQ09e6Ck9CQrQQYAPLehEKMlvVS8XzmGcbNHTGXsXIZSIj7Pe21eYtDq0nzKy6-5V&cookie_enabled=true&screen_width=&screen_height=&browser_language=&browser_platform=&browser_name=&browser_version=&browser_online=&timezone_name=Europe/London"
Here's a working example in nodeJS:
const Signer = require("../../tiktok-signature");
const rp = require("request-promise");
const SEC_UID = "MS4wLjABAAAAQ09e6Ck9CQrQQYAPLehEKMlvVS8XzmGcbNHTGXsXIZSIj7Pe21eYtDq0nzKy6-5V";
const USER_AGENT =
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.109 Safari/537.36";
async function main() {
const signer = new Signer(null, USER_AGENT);
await signer.init();
const dynamicParams = `https://m.tiktok.com/api/post/item_list/?aid=1988&count=30&cursor=0&secUid=${SEC_UID}&cookie_enabled=true&screen_width=&screen_height=&browser_language=&browser_platform=&browser_name=&browser_version=&browser_online=&timezone_name=Europe/London`;
const signature = await signer.sign(dynamicParams);
const navigator = await signer.navigator();
await signer.close();
console.log(signature);
// console.log(navigator);
const { signed_url: signedURL, x_tt_params: xTtParams } = signature;
const { user_agent: userAgent } = navigator;
const res = await testSignedUrl({ userAgent, xTtParams });
console.log(res);
debugger;
}
async function testSignedUrl({ userAgent, xTtParams }) {
const options = {
method: "GET",
headers: {
"user-agent": userAgent,
"x-tt-params": xTtParams,
},
uri: 'https://m.tiktok.com/api/post/item_list/?aid=1988&app_language=en&app_name=tiktok_web&battery_info=1&browser_language=en-US&browser_name=Mozilla&browser_online=true&browser_platform=Win32&browser_version=5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F98.0.4758.102%20Safari%2F537.36%20Edg%2F98.0.1108.62&channel=tiktok_web&cookie_enabled=true&device_id=7002566096994190854&device_platform=web_pc&focus_state=true&from_page=user&history_len=2&is_fullscreen=false&is_page_visible=true&os=windows&priority_region=RO&referer=®ion=RO&root_referer&screen_height=1080&screen_width=1920&tz_name=Europe%2FBucharest&verifyFp=verify_dca8729afe5c502257ed30b0b070dbdb&webcast_language=en&msToken=ke4xktLgsxyAhsw7mGoAII-6L3--7SZyUDxD7M1_-TNM_2bSagox_yzIeYOpoBC-kPlNMdT-9trNOv3X7q4iLqrHyHY8_p5cheQ-GCrOGnAPjgrgb6bNGgX1H03HwC5q-mZXBzgQ&X-Bogus=DFSzswVLOezANCYfS5qBc2XyYJA4&_signature=_02B4Z6wo00001WyqqDQAAIDATwuGmbdoOXlsqqyAADk7e9',
json: true,
};
return rp(options);
}
main();
uri
from testSignedUrl
function should be the same all the time.
@carcabot so TikTok requires the static URL to be called but gets the parameters from their backend but needs the x-tt-params
header to know what to look for? Wow they're really into their security.
I moved over to axios
from request
but will send a PR sometime soon.
Oh one more thing @carcabot: I didn't dive into the library code too much so this part is unknown to me. To sign the URL and get x-tt-params
, is it a local encode function in the browser or do the libs actually make a request to TikTok's servers to get the signature
?
I'm assuming because we need to launch a headless browser, it's a local encode.
Is your feature request related to a problem? Please describe. Awesome work here. I'm just a bit confused about the usage for the module and think an example would help me and maybe some others who are checking out the repo.
An example of how to sign a user-specific URL and then invoke that URL.
Describe the solution you'd like I want to call the
https://m.tiktok.com/api/post/item_list
API and retrieve a list of videos from a specific user (say my own user). I would like example code of how to insert myuser id
into the payload to be signed.Then an example on how to take the response payload to construct the signed URL to make the actual API call.
This would be similar to the trending list example, but would provide extra steps on how to insert the
user id
.