Cookie Management
Why Cookies?
Douyin and TikTok authenticate web API requests using browser session cookies — not API keys. The scraper impersonates a logged-in browser session using cookies you provide. Without valid cookies, platform-specific endpoints return authentication errors.
Cookie Lifetime
| Platform | Typical Session Lifetime |
|---|---|
| Douyin | 7–30 days |
| TikTok | 7–30 days |
| TikTok (app) | Similar |
Cookies expire. When they do, affected endpoints will return errors. The /api/hybrid/video_data endpoint for TikTok URLs continues to work without cookies.
Which Service Name to Use
When calling POST /api/hybrid/update_cookie, the service param must be one of:
| Service Name | Affects |
|---|---|
douyin | All Douyin web endpoints |
tiktok_web | TikTok web API endpoints |
tiktok_app | TikTok app API endpoints (optional) |
Manual Cookie Update
No container restart required. The API reads cookies at call time.
curl -X POST http://video-scraper-api:80/api/hybrid/update_cookie \
-H "Content-Type: application/json" \
-d '{
"service": "douyin",
"cookie": "YOUR_FULL_COOKIE_STRING_HERE"
}'
Repeat for tiktok_web and tiktok_app as needed.
How to Get a Cookie (Manual Method)
- Open Chrome or Firefox
- Log into douyin.com or tiktok.com
- Open DevTools → Network tab
- Reload the page
- Click any request to douyin.com or tiktok.com
- In the Request Headers, find the
Cookieheader - Copy the entire value — it's a long semicolon-separated string
Alternatively, use a browser extension like Cookie-Editor (FOSS, available for Chrome/Firefox):
- Install the extension
- Navigate to the site
- Click the extension → Export → Export as
Header String
Automated Cookie Refresh (Recommended)
Manual cookie rotation doesn't scale. The recommended automated approach uses Playwright with a persistent browser context:
How it works:
- You log in once interactively using
cookie-login-setup.py— this saves an authenticated browser profile to disk - A daily cron job (
cookie-refresh.py) opens a headless browser using the saved profile, extracts fresh cookies, and pushes them to the API - No repeated logins — the saved profile maintains the session
Why this is low-risk: The script doesn't automate the login — it reads from an already-authenticated persistent session. ByteDance's bot detection is focused on login behavior, not cookie extraction from existing sessions.
Files (managed by DevOps Dan):
/opt/nops-labs/Video-Scraper-API/
├── cookie-login-setup.py ← Run once interactively
├── cookie-refresh.py ← Runs daily via cron
└── browser-profile/ ← Saved Playwright browser state
└── douyin/
└── tiktok/
Cron log:
/opt/nops-labs/Video-Scraper-API/logs/cookie-refresh.log
Check this log if a cookie-dependent endpoint starts returning errors.
Diagnosing Cookie Expiry
If a Douyin or TikTok endpoint returns errors:
- Check the log:
tail -50 /opt/nops-labs/Video-Scraper-API/logs/cookie-refresh.log - Run the refresh manually:
python3 /opt/nops-labs/Video-Scraper-API/cookie-refresh.py - If the session itself expired (login required): re-run
cookie-login-setup.pyto re-authenticate
The hybrid endpoint for TikTok will continue working even when TikTok cookies are stale.