WinningHunter HTTP API reference
This document lists JSON HTTP endpoints for programmatic integrations (API key + credits). Deep parameter docs live in the topic guides: TikTok Shop filters, Meta ad library, Brands.
Replace {origin} with your site base URL (for example https://app.winninghunter.com).
Versioning
- Canonical for new work:
/api/v1/...— especially all/api/v1/tiktok-shop/*programmatic routes and/api/v1/brands,/api/v1/magic-ai, etc. An API key does not use the dashboard-only/api/tiktok-shop/*or/api/brandslist routes the same way as/api/v1/.... - Aliases (still supported where registered): e.g.
/api/adlibraryis the same metered surface as/api/v1/adlibrary;/api/store-trackerand/api/store-explorerlikewise. Prefer/api/v1/...for new integrations — not every/api/v1/Xhas an/api/Xtwin.
Authentication
1. API key (external / programmatic)
Used by the endpoints listed under Programmatic API (API key) below, including all /api/v1/tiktok-shop/* routes. Prefer /api/v1/...; a few non-TikTok routes also have legacy /api/... aliases — see Versioning above.
- Header (preferred):
X-API-Key: <your key>
orAuthorization: Bearer <your key> - Query (fallback):
?api_key=<your key> - Plan: An eligible account with API access is required after the key is resolved.
- Metering: Requests consume monthly API credits and are subject to a 60 requests / minute rate limit per user (see Rate limits and Credits & billing).
- Response type: JSON (
Content-Type: application/json).
Keys are created on the in-app API page while you are logged in: open /api in the browser.
2. Browser session (dashboard)
Most /api/* routes used by the web UI expect a logged-in session (cookies). Many also require an eligible subscription in addition to login. These are not the same as the public API key flow unless you send the same headers while logged in.
3. MCP connector auth (OAuth or API key)
MCP endpoint: /mcp.
- Connector OAuth (recommended): For connector UIs that do not allow custom headers (for example Claude custom connector), use OAuth authorization code flow.
- Authorization endpoint:
/mcp/oauth/authorize - Token endpoint:
/mcp/oauth/token - Discovery metadata:
/.well-known/oauth-authorization-server/mcp
- Authorization endpoint:
- Header API key (supported):
X-API-Key: <your key>(orAuthorization: Bearer <your key>) for clients that support custom headers (Cursor/Desktop configs, n8n, scripts).
Programmatic API (API key + credits)
These routes share the same API key auth, credits, and rate limits as the rest of the programmatic surface.
| Method | Path | Purpose | Handler |
|---|---|---|---|
| GET | /api/v1/adlibrary |
Search the Meta ad library (Facebook / Instagram ads); query shape in Meta ad library. | StandardApi::apiDashboard → Dashboard::getFbAds |
| POST | /api/v1/magic-ai |
Magic AI features; request body, filters, and pagination in Magic AI. | StandardApi::apiMagicAi → Magicai::post |
| GET | /api/v1/store-tracker |
Shopify store tracker — how many stores you track and related limits. | StandardApi::apiStoreTracker → Salestracker::getAmountStoresTracked |
| POST | /api/v1/store-explorer |
Shopify store explorer — search and drill-down shop data. | StandardApi::apiStoreExplorer → Salestracker::getExploreShopsStoreData |
| POST | /api/v1/store-explorer/visual-search |
Find similar Shopify stores by product image (image upload or image_url) with optional Explore Shops filters. |
StandardApi::apiStoreExplorerVisualSearch → Salestracker::postExploreShopsVisualSearch |
| GET | /api/v1/brands |
Brand tracker — list brands tracked for this API key. | StandardApi::apiBrands → Brandstracker::getBrands |
| GET | /api/v1/ad-transcript |
Fetch stored ad transcript and analysis metadata. | StandardApi::apiAdTranscript → Dashboard::getAdTranscript |
| POST | /api/v1/ad-transcript-generate |
Generate or cache video transcript for an ad. | StandardApi::apiAdTranscriptGenerate → Dashboard::generateAdTranscript |
| POST | /api/v1/ad-similar-script-generate |
Generate similar ad script from transcript context. | StandardApi::apiAdSimilarScriptGenerate → Dashboard::generateSimilarScript |
Meta ad library (parameters, upgrade responses): Meta ad library. Magic AI (body, filters, pagination): Magic AI. Store explorer (search + visual search): Store explorer. Brands (API key list + session detail tabs): Brands & Brand tracker. In short, /api/v1/adlibrary accepts the same query shape as the in-app Meta ads search; /api/v1/brands returns the tracked-brands list for API keys. Brand detail tabs (/api/brands/ads, …) stay session-authenticated — not under /api/v1/brands/*.
Session-only helpers (browser login — not the metered JSON API):
| Method | Path | Notes |
|---|---|---|
| GET | /api |
API key management page (HTML, logged in). |
| POST | /api/regenerate |
Regenerate API key (session; requires eligible account). |
| GET | /api/usage |
Usage JSON (session). |
| GET | /api/logs |
Paginated request logs (session). |
TikTok Shop public API (/api/v1/tiktok-shop/*)
All paths below are prefixed with /api/v1/tiktok-shop/. They accept GET, POST, or GET or POST as indicated. Behaviour matches the TikTok Shop areas in the web app, but each call is billed and authorized as the API key owner.
Filters & query bodies: See TikTok Shop · filters & query params for explore/count entity filters, pagination, aliases, and POST JSON merging. Detailed JSON bodies for shops, products, and creators are in TikTok Shop · details & aggregates.
GET or POST: both verbs are registered; use whichever matches your client.
Categories
| HTTP | Path suffix | Purpose |
|---|---|---|
| GET or POST | categories/explore |
List or search product categories (filters apply). |
| GET or POST | categories/count |
Count categories matching filters. |
| GET | categories/hierarchy |
Category tree / hierarchy. |
| GET | categories/layers |
Categories grouped by layer depth. |
| GET | categories/summary |
Summary stats for one category. |
| GET | categories/history |
Historical stats for a category. |
| GET | categories/siblings |
Related categories (siblings). |
| POST | categories/top-products |
Top products in a category. |
| POST | categories/top-shops |
Top shops in a category. |
| POST | categories/top-creators |
Top creators in a category. |
Shops
| HTTP | Path suffix | Purpose |
|---|---|---|
| GET or POST | shops/explore |
List or search TikTok shops (filters apply). |
| GET or POST | shops/count |
Count shops matching filters. |
| GET | shops/summary |
Summary for one shop. |
| POST | shops/products |
Products sold by a shop. |
| GET | shops/details |
Detailed shop profile. |
| GET | shop-details |
Same as shops/details (alternate path). |
Shop detail (aggregates & sub-resources)
| HTTP | Path suffix | Purpose |
|---|---|---|
| POST | shop-detail |
Full shop detail (body selects shop and tabs). |
| POST | shop-detail/total |
Aggregate totals for a shop. |
| POST | shop-detail/extraTotal |
Extra aggregate metrics. |
| POST | shop-detail/history |
Shop metrics over time. |
| POST | shop-detail/searchCooperativeCreators |
Creators cooperating with the shop. |
| POST | shop-detail/product/queryList |
Paginated product list for the shop. |
| POST | shop-detail/searchVideos |
Videos featuring the shop. |
| POST | shop-detail/searchNewProducts |
New products for the shop. |
| POST | shop-detail/salesStrategy/selfPromotion |
Self-promotion creator insights. |
| POST | shop-detail/salesStrategy/affiliate |
Affiliate strategy insights. |
Creators
| HTTP | Path suffix | Purpose |
|---|---|---|
| GET or POST | creators/explore |
List or search creators (filters apply). |
| GET or POST | creators/count |
Count creators matching filters. |
Creator detail
| HTTP | Path suffix | Purpose |
|---|---|---|
| POST | creator-detail |
Full creator detail. |
| POST | creator-detail/total |
Creator aggregate totals. |
| POST | creator-detail/history |
Creator metrics history. |
| POST | creator-detail/searchShopList |
Shops linked to the creator. |
| POST | creator-detail/searchCooperativeShops |
Shops cooperating with the creator. |
| POST | creator-detail/searchProducts |
Products associated with the creator. |
| POST | creator-detail/video/queryList |
Videos for the creator. |
Videos (list)
| HTTP | Path suffix | Purpose |
|---|---|---|
| GET or POST | videos/explore |
List or search videos (filters apply). |
| GET or POST | videos/count |
Count videos matching filters. |
Products (list)
| HTTP | Path suffix | Purpose |
|---|---|---|
| GET | products |
Product list (simpler listing). |
| GET or POST | products/explore |
List or search products (filters apply). |
| GET or POST | products/count |
Count products matching filters. |
Product detail
| HTTP | Path suffix | Purpose |
|---|---|---|
| POST | product-detail |
Full product detail (POST body). |
| GET | product-details |
Product details (GET variant). |
| POST | product-detail/total |
Product aggregate totals. |
| POST | product-detail/history |
Product sales / metrics history. |
| POST | product-detail/salesTrend |
Sales trend time series. |
| POST | product-detail/creator/queryList |
Creators selling the product. |
| POST | product-detail/video/queryList |
Videos featuring the product. |
| POST | product-detail/searchCreators |
Search creators for the product. |
| POST | product-detail/searchVideos |
Search videos for the product. |
| POST | product-detail/creator/getConversionRadio |
Creator conversion metrics. |
| GET | product-other-visits |
Related visit counts for product context. |
| GET | category-visit-events |
Category-level visit analytics counts. |
| GET | detail-visit-events |
Detail-page visit analytics counts. |
Path parameters ({id})
These URLs include {id} (alphanumeric, _, -). Prefix: /api/v1/tiktok-shop/.
| HTTP | Path pattern | Purpose |
|---|---|---|
| GET | product-detail/{id} |
Product detail by stable ID. |
| GET | products/{id}/sales-channel |
Sales channels for a product. |
| GET | videos/{id} |
Video record by ID. |
| GET | videos/{id}/metrics |
Engagement and performance metrics for a video. |
| GET | videos/{id}/products |
Products shown or linked in a video. |
| GET | videos/{id}/history |
Historical metrics for a video. |
| GET | videos/{id}/similar |
Similar videos. |
| GET | creators/{id}/history |
Historical metrics for a creator. |
Search, credits, trending, country
| HTTP | Path suffix | Purpose |
|---|---|---|
| GET | credits |
Remaining TikTok Shop API credits for the key. |
| GET | trending |
Trending products. |
| GET | search |
Product search. |
| GET | suggestions |
Autocomplete / suggestion strings. |
| POST | request-country |
Set or resolve shop country for subsequent calls. |
Video transcript / AI helpers
| HTTP | Path suffix | Purpose |
|---|---|---|
| GET | video/transcript |
Fetch an existing transcript. |
| POST | video/transcript/generate |
Generate a transcript. |
| POST | video/script/similar |
AI-generated similar script from a video. |
GET /api/v1/tiktok-shop/video/transcript
Fetches a previously generated transcript from MongoDB (tiktok_video_transcriptions). Does not consume quota.
| Parameter | Type | Notes |
|---|---|---|
video_id |
string | Required. TikTok video ID to look up. |
Response: JSON object { transcript, segments, script_analysis, similar_scripts }. All fields are null / [] when no transcript exists yet.
POST /api/v1/tiktok-shop/video/transcript/generate
Generates (or returns a cached) transcript for a TikTok video using OpenAI Whisper. The result is persisted to MongoDB and returned. This endpoint is session-only — it requires a logged-in browser session; it is not accessible with just an API key.
Auth / plan gates (evaluated in order):
| Gate | Failure response |
|---|---|
Auth::isLoggedIn() |
{"success":false,"message":"Not logged in"} |
| Cache hit (transcript already exists in MongoDB) | {"success":true,"transcript":"...","segments":[...],"source":"cached"} — returns immediately, no quota consumed. |
Auth::isValidPlan(1) (Basic plan or higher) |
{"success":false,"message":"Upgrade your plan to generate video scripts"} |
| Monthly script-generation quota > 0 | {"success":false,"message":"No script generations left this month. Limit resets in 30 days."} |
POST body (form-encoded or JSON):
| Parameter | Type | Notes |
|---|---|---|
video_id |
string | Required. TikTok video ID. |
video_url |
string | Optional fallback playback URL if the video is not in the videos MongoDB collection. |
video_cdn_url |
string | Optional CDN URL; preferred over video_url when both are supplied as fallback. |
The server first resolves the playback URL from MongoDB (videos.video_play_url_cdn). If not found, it falls back to video_cdn_url then video_url from the request body. Audio is extracted via ffmpeg, then sent to the Whisper API.
Success response:
{
"success": true,
"transcript": "Full transcript text...",
"segments": [
{ "start": 0.0, "end": 2.5, "text": "Hello..." }
],
"source": "generated",
"script_generations_remaining": 14
}
Error responses (beyond the gate table above):
| HTTP | Body | Cause |
|---|---|---|
| 200 | {"success":false,"message":"Video not found or no playable URL available"} |
No URL could be resolved. |
| 200 | {"success":false,"message":"Could not prepare audio (ffmpeg missing or download failed)"} |
ffmpeg unavailable or download error. |
| 200 | {"success":false,"message":"Transcription failed"} |
Whisper returned no text. |
POST /api/v1/tiktok-shop/video/script/similar
Generates a similar ad script based on an existing transcript using GPT. Consumes one monthly script-generation credit. Session-only.
POST body:
| Parameter | Type | Notes |
|---|---|---|
video_id |
string | Required. Source video ID (used to attach the result in MongoDB). |
transcript |
string | Required. The transcript text to base the new script on. |
brand_name |
string | Optional brand context. |
product_name |
string | Optional product context. |
product_description |
string | Optional product description. |
production_level |
string | Low, Medium (default), High. |
target_audience |
string | Optional audience description. |
tone_of_voice |
string | Optional tone guidance. |
additional_info |
string | Optional extra instructions. |
Success response:
{
"success": true,
"script": { "framework_used": "AIDA", "rows": [...] },
"script_analysis": { "framework": {...}, "ad_pattern": {...}, "creative_strategies": [...] },
"similar_scripts": [...],
"script_generations_remaining": 13
}
Favorites
| HTTP | Path suffix | Purpose |
|---|---|---|
| GET | favorites |
List saved favorites. |
| POST | favorites/toggle |
Toggle favorite on an entity. |
| POST | favorites/add |
Add a favorite. |
| POST | favorites/remove |
Remove a favorite. |
| POST | favorites/check |
Check whether an entity is favorited. |
Filter presets (TikTok Shop)
| HTTP | Path suffix | Purpose |
|---|---|---|
| GET | filter-presets |
List saved filter presets. |
| POST | filter-presets/save |
Save a new preset. |
| POST | filter-presets/update |
Update a preset. |
| POST | filter-presets/delete |
Delete a preset. |
Detailed query strings, POST JSON bodies, and filter aliases are documented in TikTok Shop · filters & query params.
Session-based JSON (dashboard)
The in-app UI calls JSON endpoints under paths like /api/tiktok-shop/..., /api/product-detail/..., and /api/brands/... using your browser session, not the API key. For programmatic integrations, use /api/v1/... and the guides linked at the top of this page. Session brand tabs (/api/brands/ads, date filters, folders, boards, …) are covered in Brands & Brand tracker.