Appearance
TikTok
OAuth 2.0 via TikTok Login Kit + Content Posting API v2. The token exchange returns both access_token and refresh_token, and the user info comes from /v2/user/info/. Sosyabot stores expiresAt from expires_in.
Authentication at a glance
| Field | Value |
|---|---|
| Auth model | OAuth 2.0 |
| Required ENV | TIKTOK_CLIENT_KEY, TIKTOK_CLIENT_SECRET |
| Callback URL | ${BASE_URL}/api/v1/auth/tiktok/callback |
| Scopes / permissions | user.info.basic, video.publish |
| Auto token refresh | No — manual reconnect on expiry |
How to connect
- Open Connections → TikTok → Connect.
- Sign in to TikTok and grant the requested scopes.
- Confirm the account on the post-connect screen.
Token refresh
A refreshAccessToken() helper exists in social.tiktok.service.ts but TikTok is not wired into the auto-refresh sweep. Tokens are refreshed manually at posting time as needed.
Notes
- Posting requires the TikTok app to be approved for
video.publish. Sandbox-tier apps can authenticate but won't publish — the API returns a permission error. - Sosyabot keys the channel by
open_id(TikTok's anonymous user identifier), not by username. - The profile URL is reconstructed as
https://tiktok.com/@<username>only when the username field is present in the userinfo response.
Troubleshooting
If the channel shows needs_reconnect, the access token was rejected by TikTok. Common causes:
- The user revoked Sosyabot's authorization on the platform.
- The platform invalidated the token (password change, security event).
- Your OAuth app credentials rotated and the existing tokens no longer match.
Re-run the connect flow above. See Troubleshooting for the workspace-wide checklist.