search

drawrowfly / tiktok-scraper

TikTok Scraper. Download video posts, collect user/trend/hashtag/music feed metadata, sign URL and etc.
4.44k stars 805 forks source link

Question: when exactly is signing a request required? #752

Closed issuefiler closed 2 years ago

issuefiler commented 2 years ago

By “signing,” I mean this:

https://github.com/drawrowfly/tiktok-scraper/blob/5224f5cdfc3842a99b77b382249b960d2c87791c/src/helpers/Signature.ts#L6-L28 https://github.com/drawrowfly/tiktok-scraper/blob/5224f5cdfc3842a99b77b382249b960d2c87791c/src/core/TikTok.ts#L919-L936

I just made a request to https://m.tiktok.com/api/challenge/item_list _without the _signature query string_ and it gave me proper results for the hashtag.

These were my query string (URISearchParams):

{
    challengeID: hashtag_identifier,
    count: 30,
    cursor: 0,
    aid: 1988,
    verifyFp: undefined
}

Question

Exactly when does TikTok require the request signature generated by the sign()? What’s the point of sign()ing? Is it just to disguise the requests as normal (“not made by bots”) ones?

drawrowfly commented 2 years ago

It was required a while ago, currently there is a different type of signature, but the point is to protect social network from mean developers like us :)