Products & Scopes

This page explains how each TikTok product and scope works within HookHatch, and how we use them in our app.

Products

• Login Kit: We use TikTok OAuth to authenticate users into HookHatch. After consent, we obtain an access_token and the user's open_id to identify the account.
• Content Posting API: Allows users to upload and publish videos from HookHatch to their TikTok account.

Scopes

• user.info.basic: Read basic profile to personalize the UI (e.g., display name / avatar).
• video.upload: Upload videos to TikTok on behalf of the user after explicit authorization.
• video.publish: Publish uploaded videos to the user’s TikTok account.

How it works

1. User logs in via TikTok Login Kit and grants the requested scopes.
2. HookHatch receives an authorization code on our verified callback URL, exchanges it for an access_token, and stores tokens securely.
3. When a user initiates a post, we prepare metadata and upload the video (video.upload), then publish (video.publish) per the user’s instruction.
4. Users can revoke access at any time from their TikTok app. On revoke, token usage is immediately disabled on our side.

We request only the scopes necessary for core functionality and do not access or store any data outside of this scope set.