Skip to main content

Authentication

TikTok Miner uses API keys to authenticate requests. All API requests must include a valid API key in the request headers.

Getting Your API Key

  1. Sign in to your TikTok Miner dashboard
  2. Navigate to Settings > API Keys
  3. Click Generate New API Key
  4. Copy your API key and store it securely
Keep your API keys secure! Do not share them in publicly accessible areas such as GitHub repositories, client-side code, or public documentation.

Making Authenticated Requests

Include your API key in the Authorization header of every request: 
curl https://your-domain.com/api/creators/search \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

API Key Types

Production Keys

Production API keys have full access to all features and are used for live applications.
  • Full rate limits apply
  • Charges apply for API usage
  • Suitable for production environments

Test Keys

Test API keys are used for development and testing:
  • Reduced rate limits
  • Access to test data only
  • No charges for usage
  • Prefix: test_
# Production key
Authorization: Bearer sk_live_abc123def456

# Test key
Authorization: Bearer sk_test_xyz789uvw012

Environment Variables

Store your API keys in environment variables:
.env
TIKTOK_MINER_API_KEY=sk_live_your_api_key_here
Then use them in your code: 
const apiKey = process.env.TIKTOK_MINER_API_KEY;

const response = await fetch('https://your-domain.com/api/creators/search', {
  headers: {
    'Authorization': `Bearer ${apiKey}`,
    'Content-Type': 'application/json'
  }
});

Authentication Errors

Missing API Key

{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "API key is required"
  }
}

Invalid API Key

{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid API key"
  }
}

Expired API Key

{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "API key has expired. Please generate a new one."
  }
}

Security Best Practices

Generate new API keys every 90 days and revoke old ones:
  1. Generate a new API key
  2. Update your applications to use the new key
  3. Monitor for any usage of the old key
  4. Revoke the old key after verification
Create separate API keys for:
  • Development environment
  • Staging environment
  • Production environment
This allows you to revoke keys without affecting other environments.
Track API key usage in your dashboard:
  • Request count per key
  • Last used timestamp
  • Unusual activity patterns
  • Geographic anomalies
Restrict API key usage to specific IP addresses:
  1. Go to Settings > API Keys
  2. Select your API key
  3. Add allowed IP addresses
  4. Save changes

OAuth Integration

For platform-specific data access (Instagram, TikTok, etc.), you may need OAuth tokens:

Platform Authentication Flow

import { TikTokApifyService } from './services/tiktok-apify-service';

const service = new TikTokApifyService({
  apifyApiKey: process.env.APIFY_API_KEY!,
  enableCaching: true,
  cacheTTL: 3600000 // 1 hour
});

// Initialize OAuth flow
const { authUrl, state } = await service.initializeOAuthFlow(userId);

// Redirect user to authUrl
res.redirect(authUrl);

// Handle callback
const tokens = await service.handleOAuthCallback(code, state);

Storing Platform Tokens

Platform OAuth tokens are stored securely in the PlatformAuth table: 
interface PlatformAuth {
  id: string;
  userId: string;
  platform: string; // 'instagram', 'twitter', 'youtube', 'tiktok'
  accessToken: string;
  refreshToken?: string;
  expiresAt?: Date;
  platformUserId?: string;
  metadata?: any;
}

Next Steps

Creator Search

Start searching for creators

Profile Data

Fetch creator profiles

Build docs developers (and LLMs) love

Get started for freeTalk to us