This report and vulnerability are simple in nature. Essentically, a TikTok API allowed acccess to depreciated product data.
This was possible due to a single parameter in the body of the HTTP request.
That's it.
According to the "Hacking APIs" book, this vulnerability would be classified as a "Broken Object Level Authorization".
"BOLA vulnerabilities occur when an API provider allaws an API consumer access to resources they are not authorized to access."