How to Post to TikTok via API: A Developer's Guide to Automated TikTok Publishing

The TikTok publishing problem

TikTok is the highest-traffic video platform for most content verticals. It is also the hardest to publish to programmatically.

If you have tried to add automated TikTok posting to your app or workflow, you have probably hit the wall: your app needs to pass TikTok’s full audit before posts can be visible to anyone. Until you pass, every post your app creates goes to private visibility. You cannot test with real users. You cannot verify your integration works in production conditions.

This is by design. TikTok has made publishing access genuinely difficult to obtain, for reasons that are worth understanding before you decide how to proceed.

How TikTok’s publishing API works

TikTok’s publishing API is called the Content Posting API. It lives at https://open.tiktokapis.com and uses OAuth 2.0 for authentication.

There are two publishing modes:

• Direct post (video.publish scope) — Content is published immediately to the creator’s profile, visible to their audience based on their privacy settings
• Upload to inbox (video.upload scope) — Content goes to the creator’s drafts for them to review and post manually

For automated workflows, you almost always want direct post. But video.publish requires passing TikTok’s full app audit before it can be used publicly. video.upload is easier to get, but puts the creator in the loop for every post — which defeats most automation use cases.

The app audit: what TikTok actually evaluates

TikTok’s audit process is not a rubber-stamp review. It is a thorough evaluation that takes 2–4 weeks and typically involves multiple rounds of feedback.

TikTok evaluates:

Your use case. What does your app do? Why does it need to publish to TikTok? Apps that don’t have a clear, legitimate use case get rejected.

UX compliance. Before every post, your app must show the creator’s username and avatar. This is not just a recommendation — it is a hard requirement that TikTok verifies during review. Your UI must include this step.

Privacy controls. Every post must allow the creator to select a privacy level (public, friends, or private). Your app must display a privacy selector before posting.

Interaction controls. Users must be able to configure duet, stitch, and comment settings for each post. Your app must expose these controls.

Commercial content disclosures. TikTok requires toggles for branded content and brand promotion, with legal declarations displayed to the creator. If your app might be used for sponsored content, you need these in the UI.

Content policy compliance. No watermarks, brand logos, or promotional text added to content. TikTok prohibits this, and violating it during review will end the application.

If any of these are missing, TikTok rejects the review and you start again. Multiple rounds of feedback are common.

Development mode restrictions

While your audit is pending, your app operates in development mode:

• All posts from your app are set to SELF_ONLY (private, visible only to the creator)
• Only 5 user accounts can authorize your app within any 24-hour window
• You cannot onboard real users or run production workflows

This means you need to build the full integration — including all the UX compliance elements — before you can verify it works with real TikTok accounts. The audit evaluates a finished app, not a prototype.

The required API flow

For apps that have passed the audit, publishing a video requires these steps:

Step 1: Query creator info

Before every post, you must query the creator’s available privacy levels and interaction settings:

POST https://open.tiktokapis.com/v2/post/publish/creator_info/query/
Authorization: Bearer {USER_ACCESS_TOKEN}
Content-Type: application/json; charset=UTF-8

The request body is empty — the access token identifies the creator.

The response includes:

• creator_username and creator_avatar_url — Must be shown in your UI before posting
• privacy_level_options — The allowed privacy levels for this creator’s account
• max_video_post_duration_sec — The maximum video length allowed for this creator

Your post request must use a privacy_level value from the privacy_level_options array. If the creator’s account settings change between when you query and when you post, the post will fail.

Rate limit: 20 requests per minute per user access token.

Step 2: Initialize the post

For video publishing via URL pull (TikTok downloads from your URL):

POST https://open.tiktokapis.com/v2/post/publish/video/init/
Authorization: Bearer {USER_ACCESS_TOKEN}
Content-Type: application/json; charset=UTF-8

{
  "post_info": {
    "title": "Caption text #hashtag",
    "privacy_level": "PUBLIC_TO_EVERYONE",
    "disable_duet": false,
    "disable_stitch": false,
    "disable_comment": false
  },
  "source_info": {
    "source": "PULL_FROM_URL",
    "video_url": "https://example.com/video.mp4"
  }
}

Returns a publish_id.

For file upload instead of URL pull, use source: FILE_UPLOAD with video_size, chunk_size, and total_chunk_count. The response includes an upload_url — upload via PUT with Content-Range headers. The upload URL expires after 1 hour.

Rate limit: 6 requests per minute per user access token.

Step 3: Poll for status

Publishing is asynchronous. Poll /v2/post/publish/status/fetch/ with the publish_id:

{
  "publish_id": "{PUBLISH_ID}"
}

Status values:

• PROCESSING_DOWNLOAD — TikTok is downloading from your URL
• PROCESSING_UPLOAD — File upload in progress
• PUBLISH_COMPLETE — Successfully posted
• FAILED — Processing failed, check fail_reason

Rate limit: 30 requests per minute per user access token.

Video and photo requirements

Video:

Photo posts (up to 35 images):

Use /v2/post/publish/content/init/ with media_type: PHOTO and post_mode: DIRECT_POST. Photo URLs must be publicly accessible. Caption title is limited to 90 characters; description supports 4,000 characters.

What can go wrong

TikTok’s API has failure modes that other platforms do not:

Privacy level mismatch. If you use a privacy level not in the creator’s privacy_level_options, the post fails. Creator account settings can change, so the value you cached from a previous query may no longer be valid.

Token expiry. TikTok access tokens expire in 24 hours. Without an automated refresh flow, your integration stops working every day. Refresh tokens last 365 days.

Daily post limits. TikTok caps posts per day per creator at approximately 15. TikTok does not expose the exact limit via API — you find out by hitting it. The per-app daily active creator cap is set at audit time based on your estimated usage.

Content moderation. A PUBLISH_COMPLETE status does not guarantee the post stays visible. TikTok moderates content after publishing. Posts can be removed after the fact.

Watermark violations. TikTok’s terms prohibit adding brand logos, watermarks, or promotional text to content via your app. In production, violations can result in disabled accounts.

The caption field

TikTok’s caption field (title) supports up to 2,200 characters. Hashtags work inline — add #hashtag to the caption string. @mentions are supported. Emojis work. There is no markdown formatting.

Photo posts split the caption into title (90 characters) and description (4,000 characters).

Posting to TikTok without building the integration

The audit process, UX requirements, and per-post creator info queries are unavoidable when you build your own TikTok integration. They are TikTok’s requirements for API access.

Postproxy has a completed TikTok audit with all required scopes approved. When you publish through Postproxy, you skip the audit timeline, the UX compliance requirements (Postproxy handles them internally), and the per-post creator info flow.

The request is the same as any other platform:

curl -X POST "https://api.postproxy.dev/api/posts" \
     -H "Authorization: Bearer YOUR_API_KEY" \
     -H "Content-Type: application/json" \
     -d '{
       "post": {
         "body": "We just shipped something new. Here is a quick look."
       },
       "profiles": ["tiktok"],
       "media": ["https://example.com/video.mp4"]
     }'

To publish the same post to TikTok and other platforms simultaneously:

curl -X POST "https://api.postproxy.dev/api/posts" \
     -H "Authorization: Bearer YOUR_API_KEY" \
     -H "Content-Type: application/json" \
     -d '{
       "post": {
         "body": "We just shipped something new. Here is a quick look."
       },
       "profiles": ["tiktok", "instagram", "youtube"],
       "media": ["https://example.com/video.mp4"]
     }'

Postproxy handles creator info queries, privacy level validation, video upload, status polling, token refresh, and rate limit monitoring. You connect a TikTok account once via OAuth, then publish through the API.

What Postproxy handles for TikTok:

• Completed TikTok app audit with video.publish scope approved
• OAuth 2.0 token management and 24-hour token refresh
• Creator info queries before every post
• Privacy level validation against creator’s available options
• Video uploads via URL pull with status polling
• Photo posts with multi-image support
• Daily limit monitoring per creator account

For the complete technical reference on TikTok’s Content Posting API, the detailed integration guide covers every endpoint and parameter.

Connect your TikTok account and start publishing through the Postproxy API. For more on publishing across platforms, see the social media API guide.