Official OAuth 2.0
Each account authenticates through TikTok's own Login Kit. Tokens never touch a third-party server.
Connect any number of your TikTok accounts through the official OAuth consent flow. Post comments, schedule them for the perfect time, and stop juggling browser tabs.
A focused tool, not a sprawling SaaS. Every feature exists because switching tabs to comment on the same video three times in a row was slowing you down.
Each account authenticates through TikTok's own Login Kit. Tokens never touch a third-party server.
Access and refresh tokens are AES-256-GCM encrypted at rest with per-record IVs. Stored in a local JSON file, never plaintext.
Pick any future date and time. node-cron polls every minute and posts at the right moment, even after restarts.
Five minutes before any TikTok call we refresh the access token if it's about to expire. You never see a 401.
See every pending, succeeded, failed, and cancelled comment in chronological order. Cancel anything that hasn't run yet.
Sign up with email + password. Each user's TikTok accounts and comment history are scoped to them only.
No databases to spin up, no cron daemons to babysit, no complex deploys. Self-host on your laptop in minutes.
Add the Login Kit and Content Posting API products at
developers.tiktok.com.
Request the four scopes:
user.info.basic, video.list,
comment.list.manage, comment.publish.
Create your account in the dashboard, then click Connect TikTok Account. TikTok's official consent screen handles login and scope approval. Repeat for every account you own.
Paste a video URL, pick an account, write your comment, and either post immediately or pick a future time. Watch the queue and history update live.
Dark, focused, and built around the four things you actually do: connect accounts, post comments, watch the queue, and review history.
The whole thing is open source and runs on your own machine. The paid tiers below describe a hosted version we are exploring — they are not active yet.
Run it on your laptop or a $5 VPS.
Hosted by us. Backups, monitoring, no setup.
For small social media teams.
Yes — every API call goes through TikTok's official Login Kit and
v2 Content APIs at open.tiktokapis.com. You can only
comment as accounts that have explicitly granted the
comment.publish scope to your app.
In a local JSON file inside the data/ folder of your
install. Both access_token and
refresh_token are AES-256-GCM encrypted with a key from
your ENCRYPTION_KEY env var. The file is created with
0600 permissions.
Only with their consent — they have to log in through TikTok's own OAuth screen on your install. There's no way to attach an account without going through TikTok itself.
We refresh it automatically. Before any TikTok API call we check
tokenExpiresAt - now > 5 minutes; if not, we hit
POST /v2/oauth/token/ with the refresh token and
persist the new tokens before continuing.
Only as a salted scrypt hash (N=32768, r=8, p=1). The
plaintext password never touches disk. Sessions are HttpOnly
cookies signed with HS256 JWTs.
Yes. Each user signs up separately, and TikTok accounts are scoped per user — you can't see or post from another user's TikTok.
Two minutes from git clone to your first scheduled
comment.