Working version

examples/user-info.js

@@ -1,5 +1,6 @@
 const Signer = require("../");
 const axios = require("axios"); // NOTE: not adding this to package.json, you'll need to install it manually
+const querystring = require('querystring');
 
 // The `username` of your TikTok profile.
 const USER_UNIQUE_ID = "tiktok";
@@ -10,45 +11,32 @@ const USER_AGENT =
 
 // This the final URL you make a request to for the API call, it is ALWAYS this, do not mistaken it for the signed URL
 const TT_REQ_PERM_URL =
-  "https://www.tiktok.com/api/user/detail/?aid=1988&app_language=en&app_name=tiktok_web&battery_info=1&browser_language=en-US&browser_name=Mozilla&browser_online=true&browser_platform=Win32&browser_version=5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F105.0.0.0%20Safari%2F537.36%20Edg%2F105.0.1343.53&channel=tiktok_web&cookie_enabled=true&device_id=7149974697697428997&device_platform=web_pc&focus_state=true&from_page=user&history_len=3&is_fullscreen=false&is_page_visible=true&language=en&os=windows&priority_region=&referer=&region=RO&screen_height=1440&screen_width=2560&secUid=&tz_name=Europe%2FBucharest&uniqueId=emmax_jnr&webcast_language=en&msToken=byMTrhcGuu6WHrJslbbA1f-QJKLaiUiTZhGBvn1i43c1MzTB192fsxadbUpRs4vZp2Zsvjg2DYODyEZr8jFV6etAdBoBG8-MnqhcH7pyE9DL8s42m2I-SYVPYZiVakOchCol2UGPQW1QiBYdOQ==&X-Bogus=DFSzswVYmHtANH7ZSKy6IGXyYJU3&_signature=_02B4Z6wo00001kU0aZwAAIDDZpVHMLhlGFZFNG0AAPKD0f";
+  "https://www.tiktok.com/api/user/detail/?WebIdLastTime=1684959661&abTestVersion=%5Bobject%20Object%5D&aid=1988&appType=m&app_language=en&app_name=tiktok_web&browser_language=en-US&browser_name=Mozilla&browser_online=true&browser_platform=Win32&browser_version=5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F123.0.0.0%20Safari%2F537.36%20Edg%2F123.0.0.0&channel=tiktok_web&cookie_enabled=true&device_id=7236846595559933400&device_platform=web_pc&focus_state=true&from_page=user&history_len=8&is_fullscreen=false&is_page_visible=true&language=en&os=windows&priority_region=RO&referer=https%3A%2F%2Fwww.tiktok.com%2Fbusiness-suite%2Fmessages%3Ffrom%3Dhomepage%26lang%3Den&region=RO&root_referer=https%3A%2F%2Fwww.tiktok.com%2Fbusiness-suite%2Fmessages%3Ffrom%3Dhomepage%26lang%3Den&screen_height=1080&screen_width=1920&secUid=&tz_name=Europe%2FBucharest&uniqueId=&user=%5Bobject%20Object%5D&verifyFp=verify_lv1bd0o8_AA3QC5jZ_70uk_4haw_BYSy_P6oIpsr0LMUE&webcast_language=en&msToken=gGkV_K79_CgoknlGzARe-cvv4ZSaZef9sjd_u6jSxLNHchbi_ZF9hPG_35EoQcHxHDAJkb4dDW9gec1CKXWV3ELFQ6bVUUSQBsj1Vfi_feLstK-6SHMxJMVc-Zvm6xA9AMUG&X-Bogus=DFSzswVue6zANHsMt5bgO74m8icv&_signature=_02B4Z6wo00001Xk8yMwAAIDCifeiRAutXwV5PMxAADhW65";
 
 // If you're getting empty results change the verifyFp, msToken, X-Bogus and _signature params
-const queryParams = {
-  aid: "1988",
-  app_language: "en",
-  app_name: "tiktok_web",
-  battery_info: "1",
-  browser_language: "en-US",
-  browser_name: "Mozilla",
-  browser_online: "true",
-  browser_platform: "Win32",
-  browser_version:
-    "5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.53",
-  channel: "tiktok_web",
-  cookie_enabled: "true",
-  device_platform: "web_pc",
-  focus_state: "true",
-  from_page: "user",
-  history_len: "3",
-  is_fullscreen: "false",
-  is_page_visible: "true",
-  language: "en",
-  os: "windows",
-  priority_region: "",
-  referer: "",
-  region: "US",
-  screen_height: "1440",
-  screen_width: "2560",
+
+// Parse the URL
+const parsedUrl = new URL(TT_REQ_PERM_URL);
+
+// Extract the query parameters
+const parsedQuery = querystring.parse(parsedUrl.search.slice(1));
+
+const PARAMS = {
+  count: 30,
+  device_id: '7236846595559933400',
   secUid: "",
   uniqueId: USER_UNIQUE_ID,
-  webcast_language: "en",
+  cursor: 0,
 };
+// Merge parsedQuery with PARAMS
+const mergedParams = { ...parsedQuery, ...PARAMS };
+
 
 async function main() {
   const signer = new Signer(null, USER_AGENT);
   await signer.init();
 
-  const qsObject = new URLSearchParams(queryParams);
+  const qsObject = new URLSearchParams(mergedParams);
   const qs = qsObject.toString();
 
   const unsignedUrl = `https://www.tiktok.com/api/user/detail?${qs}`;
@@ -57,26 +45,23 @@ async function main() {
   const navigator = await signer.navigator();
   await signer.close();
 
-  // We don't take the `signed_url` from the response, we use the `x-tt-params` header instead because TikTok has
-  // some weird security considerations. I'm not sure if it's a local encode or they actually make a call to their
-  // servers to get the signature back, but your API call params are in the `x-tt-params` header, which is used
-  // when making the request to the static URL `TT_REQ_PERM_URL` above. I'm assuming because the library launches
-  // a headless browser, it's a local encode.
+
   const { "x-tt-params": xTtParams, signed_url } = signature;
   const { user_agent: userAgent } = navigator;
-  const res = await testApiReq({ userAgent, xTtParams }, TT_REQ_PERM_URL);
+
+  const res = await testApiReq({ userAgent, xTtParams, signed_url });
   const { data } = res;
   console.log(data);
 }
 
-async function testApiReq({ userAgent, xTtParams }, url) {
+async function testApiReq({ userAgent, xTtParams, signed_url }) {
   const options = {
     method: "GET",
     headers: {
       "user-agent": userAgent,
       "x-tt-params": xTtParams,
     },
-    url: url,
+    url: signed_url,
   };
   return axios(options);
 }

examples/user-videos.js

@@ -1,5 +1,6 @@
 const Signer = require("..");
 const axios = require("axios"); // NOTE: not adding this to package.json, you'll need to install it manually
+const querystring = require('querystring');
 
 // Get your SEC_UID from https://t.tiktok.com/api/user/detail/?aid=1988&uniqueId=username&language=it
 // where `username` is your TikTok username.
@@ -12,57 +13,52 @@ const TT_REQ_USER_AGENT =
 
 // This the final URL you make a request to for the API call, it is ALWAYS this, do not mistaken it for the signed URL
 const TT_REQ_PERM_URL =
-  "https://www.tiktok.com/api/post/item_list/?aid=1988&app_language=en&app_name=tiktok_web&battery_info=1&browser_language=en-US&browser_name=Mozilla&browser_online=true&browser_platform=Win32&browser_version=5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F107.0.0.0%20Safari%2F537.36%20Edg%2F107.0.1418.56&channel=tiktok_web&cookie_enabled=true&device_id=7165118680723998214&device_platform=web_pc&focus_state=true&from_page=user&history_len=3&is_fullscreen=false&is_page_visible=true&os=windows&priority_region=RO&referer=&region=RO&screen_height=1440&screen_width=2560&tz_name=Europe%2FBucharest&webcast_language=en&msToken=G3C-3f8JVeDj9OTvvxfaJ_NppXWzVflwP1dOclpUOmAv4WmejB8kFwndJufXBBrXbeWNqzJgL8iF5zn33da-ZlDihRoWRjh_TDSuAgqSGAu1-4u2YlvCATAM2jl2J1dwNPf0_fk9dx1gJxQ21S0=&X-Bogus=DFSzswVYxTUANS/JS8OTqsXyYJUo&_signature=_02B4Z6wo00001CoOkNwAAIDBCa--cQz5e0wqDpRAAGoE8f";
+  "https://www.tiktok.com/api/post/item_list/?aid=1988&app_language=en&app_name=tiktok_web&battery_info=1&browser_language=en-US&browser_name=Mozilla&browser_online=true&browser_platform=Win32&browser_version=5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F107.0.0.0%20Safari%2F537.36%20Edg%2F107.0.1418.56&channel=tiktok_web&cookie_enabled=true&device_platform=web_pc&focus_state=true&from_page=user&history_len=3&is_fullscreen=false&is_page_visible=true&os=windows&priority_region=RO&referer=&region=RO&screen_height=1440&screen_width=2560&tz_name=Europe%2FBucharest&webcast_language=en&msToken=G3C-3f8JVeDj9OTvvxfaJ_NppXWzVflwP1dOclpUOmAv4WmejB8kFwndJufXBBrXbeWNqzJgL8iF5zn33da-ZlDihRoWRjh_TDSuAgqSGAu1-4u2YlvCATAM2jl2J1dwNPf0_fk9dx1gJxQ21S0=&X-Bogus=DFSzswVYxTUANS/JS8OTqsXyYJUo&_signature=_02B4Z6wo00001CoOkNwAAIDBCa--cQz5e0wqDpRAAGoE8f";
+
+// Parse the URL
+const parsedUrl = new URL(TT_REQ_PERM_URL);
+
+// Extract the query parameters
+const parsedQuery = querystring.parse(parsedUrl.search.slice(1));
 
 const PARAMS = {
-  aid: "1988",
   count: 30,
+  device_id: '7165118680723998211',
   secUid: SEC_UID,
   cursor: 0,
-  cookie_enabled: true,
-  screen_width: 0,
-  screen_height: 0,
-  browser_language: "",
-  browser_platform: "",
-  browser_name: "",
-  browser_version: "",
-  browser_online: "",
-  timezone_name: "Europe/London",
 };
 
+// Merge parsedQuery with PARAMS
+const mergedParams = { ...parsedQuery, ...PARAMS };
+
 async function main() {
   const signer = new Signer(null, TT_REQ_USER_AGENT);
   await signer.init();
 
-  const qsObject = new URLSearchParams(PARAMS);
+  const qsObject = new URLSearchParams(mergedParams);
   const qs = qsObject.toString();
 
-  const unsignedUrl = `https://m.tiktok.com/api/post/item_list/?${qs}`;
+  const unsignedUrl = `https://www.tiktok.com/api/post/item_list/?${qs}`;
   const signature = await signer.sign(unsignedUrl);
   const navigator = await signer.navigator();
   await signer.close();
 
-  // We don't take the `signed_url` from the response, we use the `x-tt-params` header instead because TikTok has
-  // some weird security considerations. I'm not sure if it's a local encode or they actually make a call to their
-  // servers to get the signature back, but your API call params are in the `x-tt-params` header, which is used
-  // when making the request to the static URL `TT_REQ_PERM_URL` above. I'm assuming because the library launches
-  // a headless browser, it's a local encode.
-  const { "x-tt-params": xTtParams } = signature;
+  const { "x-tt-params": xTtParams, signed_url } = signature;
   const { user_agent: userAgent } = navigator;
 
-  const res = await testApiReq({ userAgent, xTtParams });
+  const res = await testApiReq({ userAgent, xTtParams, signed_url });
   const { data } = res;
   console.log(data);
 }
 
-async function testApiReq({ userAgent, xTtParams }) {
+async function testApiReq({ userAgent, xTtParams, signed_url }) {
   const options = {
     method: "GET",
     headers: {
       "user-agent": userAgent,
       "x-tt-params": xTtParams,
     },
-    url: TT_REQ_PERM_URL,
+    url: signed_url,
   };
   return axios(options);
 }