A signature is a unique digital fingerprint that verifies the authenticity and integrity of requests made to TikTok. Signatures ensure that an app (in our case, TikTok's website) has not been modified/tampered with. These signatures appear as query parameters in a URL on TikTok.

If a signature is incorrectly formatted or not provided, TikTok will reject the request to whatever URL you are trying to read from as they will identify you as malicious website traffic and not an actual customer using their website.

TikTokLive and its sister libraries scrape the TikTok website to get the URL of the livestream websocket server.

Connecting to this server allows us to receive information (Comments, Gifts, etc.) by decoding its messages. In order to do this, we need to generate signatures that identify us as the TikTok app and avoid TikTok's automatic spam detection.

The tiktok.eulerstream.com FQDN hosts the RESTful API responsible for generating signatures, making the initial request to TikTok, and returning the WebSocket URL needed to connect.

The end-result is that TikTokLive and its sister libraries use this API to do the token/signature generation for them, so that they do not have to. This has several benefits and drawbacks:

1. If TikTok make a change that breaks signature generation, no library update is needed by you, we just fix the API
2. TikTok do not have a 100% knowledge of how we do things, so if they wanted to block us, it would be harder (NOTE: As of 2023 TikTok are no longer attempting to block the library)
3. Because the generation is private, our library does not put TikTok at risk of mass data harvesting. If the signature generation was in the library it could be repurposed for any part of the TikTok site and be used maliciously
4. We limit abuse of the library. For example, if someone tries to view-bot a stream using it, we simply block their proxies. Doing this means that TikTok don't have to block us to prevent spam anymore. We have effectively gotten rid of any pressure to stop the library because it is almost entirely used by creators to produce livestream tools.

1. This is an open source library. As such, having a core component not being open source is dubious
2. We are now responsible for making sure this API runs 24/7, which is incredibly difficult given we have lives
3. We become arbiters of what is and is not acceptable use of our library, which is a difficult position to be in

Hosting the sign server is done for free. It costs us money and time. It sucks that it can't be open source, but it has to be.

All TikTok LIVE libraries currently support the use of your own signature server. This means you can use the open source tool but connect it to YOUR OWN signature generation API. Anyone can do this.

Companies basing themselves off of this library are heavily recommended to rely on their own signature generation. Reverse-engineering the signatures necessary is not hard and companies can hire individuals on Upwork to do it for cheap.

For more information about the sign server, visit https://github.com/isaackogan/TikTokLive/wiki/Signature-Server.