Skip to main content

Generate a test access token

Now that you've created a test TikTok Seller account, you're ready to generate a test access token.

A test access token is an OAuth 2.0 credential that you present to the TikTok Shop API resource server to access the data of the TikTok Shop test Seller that consented to sharing their data with your TikTok Shop App.

In order to generate a test access token, you'll first need to go to your test Seller account, consent to share data with your test TikTok Shop App, and retrieve the authorization code in the return URL that you specified when you created your test TikTok Shop App. You'll then pass the authorization code to the TikTok Shop Authorization Server to retrieve an access token and a refresh token.

To generate a test access token, begin by navigating to the TikTok Shop Partner Center Console.

  1. Click on Development Kits -> Development Shops.
  2. Click on the test account. In the right hand pane, under Start Testing, click on the Authorize App button.
  3. In the Authorize a service dialog box, enable the radio button for your TikTok Shop App.
  4. You'll be redirected to the TikTok Shop Seller center for your test Seller account. Select the duration, enter a contact email though it's not used, and finally click the Confirm to install button.
  5. You'll be redirected to the Authorize dialog box. Select the checkbox next to the acknowledgement, and click the Authorize button.
  6. You'll be redirect to the redirect URL that you specified for your TikTok Shop App when you created it. If you don't have a service at the redirect URL to receive the authorization code, the URL address in your browser will contain your callback URL, so copy and paste the URL to a text document. Select the value that the code parameter is set to, this is your authorization code.
  7. Your authorization code is valid for 30 minutes only, so you'll need to move quickly on the next step. You'll be making an HTTP call to the TikTok Shop authorization server. You can use your favorite way to call HTTP services for this step, including just formatting a URL and pasting it into your browser's address bar. The server address is https://auth.tiktok-shops.com/api/v2/token/get and there are four required query parameters:

app_key: Your TikTok Shop App application key that was generated for you when you created your TikTok Shop App. app_secret: Your TikTok Shop App secret that was generated for you when you created your TikTok Shop App. auth_code: The code parameter from step 6. grant_type: This is a string that must always be set to authorized_code. Your authorization code is valid for 30 minutes only, so you'll need to move quickly on the next step. You'll be making an HTTP call to the TikTok Shop authorization server. You can use your favorite way to call HTTP services for this step, including just formatting a URL and pasting it into your browser's address bar. The server address is https://auth.tiktok-shops.com/api/v2/token/get

and there are four required query parameters: 1. app_key: Your TikTok Shop App application key that was generated for you when you created your TikTok Shop App. 2. app_secret: Your TikTok Shop App secret that was generated for you when you created your TikTok Shop App. 3. auth_code: The code parameter from step 6. 4. grant_type: This is a string that must always be set to authorized_code.

  1. The response body for the call in step 7 includes a JSON object named data. For the purposes of making your first API call, we'll focus on four properties in this object:

access_token: This is the access token necessary to make your first API call. access_token_expire_in: This the expiration date and time for the access_token. It's in Unix epoch time. refresh_token: This is the refresh token you'll use to generate a new access_token once the current date is greater than access_token_expire_in. refresh_token_expire_in: This is the expiration date and time of the refresh token in Unix epoch format. Once this date and time has been reached, you must re-authorize your TikTok Shop App starting at step 2 above. The response body for the call in step 7 includes a JSON object named data

. For the purposes of making your first API call, we'll focus on four properties in this object: 1. access_token: This is the access token necessary to make your first API call. 2. access_token_expire_in: This the expiration date and time for the access_token. It's in Unix epoch time. 3. refresh_token: This is the refresh token you'll use to generate a new access_token once the current date is greater than access_token_expire_in. 4. refresh_token_expire_in: This is the expiration date and time of the refresh token in Unix epoch format. Once this date and time has been reached, you must re-authorize your TikTok Shop App starting at step 2 above.

Example call flow

For step 7 above, you can create the URL to paste into your browser by copying the string and substituting the parameter values for those associated with your test TikTok Shop App:

PLAINTEXTWord Wrap

https://auth.tiktok-shops.com/api/v2/token/get?app_key=123abcd  
&app_secret=15abf8a4972afd1f275d5b19bfa9a17e0d142aa7
&auth_code=TTP_FeBoANmHP3yqdoUI9fZOCw
&grant_type=authorized_code

If all the parameter values are valid, your browser window will display the response in JSON text format. For example:

PLAINTEXTWord Wrap

{      
"code":0,
"message":"success",
"data":{
"access_token":"TTP_Fw8rBwAAAAAkW03FYd09DG-9INtpw361hWthei8S3fHX8iPJ5AUv99fLSCYD9-UucaqxTgNRzKZxi5-tfFMtdWqglEt5_iCk",
"access_token_expire_in":1660556783,
"refresh_token":"TTP_NTUxZTNhYTQ2ZDk2YmRmZWNmYWY2YWY2YzkxNGYwNjQ3YjkzYTllYjA0YmNlMw",
"refresh_token_expire_in":1691487031,
"open_id":"7010736057180325637",
"seller_name":"Jjj test shop",
"seller_base_region":"ID",
"user_type":0,
"granted_scopes": [
"seller.affiliate_collaboration.read",
"seller.affiliate_collaboration.write"
]
},
"request_id":"2022080809462301024509910319695C45"
}

The fields in the response are defined as follows:

ParameterTypeDescriptionSample
codeintA machine-readable response code that represents the request result. 0 indicates success. For more information about failure codes, refer to Common error codes.0
messagestringA human-readable message that describes the success or failure of the API request.success
request_idstringID to track the API request.2022080809462301024509910319695C45
dataobjectThe response data payload.
└ access_tokenstringUser access token needed to make calls to TikTok Shop Open API endpoints. Pass this value in the x-tts-access-token header of an API request to authorize the request.TTP_RLM6CIADWF606TZGFO5XGA
└ access_token_expire_inUnix timestampExpiration timestamp for access token, with default expiration time set to seven days. The unix timestamp represents the date and time the access token will expire.1630401330
└ refresh_tokenstringA token to refresh the access token.TTP_C2XWDN63ON-FOHJSMR0WSG
└ refresh_token_expire_inUnix timestampExpiration timestamp for refresh token. The unix timestamp represents the date and time the refresh token will expire.1630401510
└ open_idstringAn ID used to identify the user who has authorized the retrieval of their data in API calls.ephr6QAAAADhos3OBMztFEwRCWQGzDmfXm_7O2OTJyaYKA15pIaiEg
└ seller_namestringThe name of the seller you are authorizing for your app.Test Name
└ seller_base_regionstringThe region where the seller is based.US
└ user_typeintType of user, with possible values: 0: Seller; 1: Creator, 3: Partner1
└ granted_scopes[]stringThe authorized API scopes for the app. This field includes the Scope Key value of the authorized API scopes. Image["seller.affiliate_collaboration.read","seller.affiliate_collaboration.write"]

Next steps

To continue on the journey to making your first API call, make note of your access_token value. You will make use of the refresh token in advanced topics, but we don't need to make note of it at this time.

Your next step is to create a cryptographic hash to sign your API call.