How to Post to TikTok via API (2026 Guide)

The TikTok publishing problem

TikTok is the highest-traffic video platform for most content verticals. It is also the hardest to publish to programmatically.

If you have tried to add automated TikTok posting to your app or workflow, you have probably hit the wall: your app needs to pass TikTok’s full audit before posts can be visible to anyone. Until you pass, every post your app creates goes to private visibility. You cannot test with real users. You cannot verify your integration works in production conditions.

This is by design. TikTok has made publishing access genuinely difficult to obtain, for reasons that are worth understanding before you decide how to proceed.

How TikTok’s publishing API works

TikTok’s publishing API is called the Content Posting API. It lives at https://open.tiktokapis.com and uses OAuth 2.0 for authentication.

There are two publishing modes:

• Direct post (video.publish scope) — Content is published immediately to the creator’s profile, visible to their audience based on their privacy settings
• Upload to inbox (video.upload scope) — Content goes to the creator’s drafts for them to review and post manually

For automated workflows, you almost always want direct post. But video.publish requires passing TikTok’s full app audit before it can be used publicly. video.upload is easier to get, but puts the creator in the loop for every post — which defeats most automation use cases.

The app audit: what TikTok actually evaluates

TikTok’s audit process is not a rubber-stamp review. It is a thorough evaluation that takes 2–4 weeks and typically involves multiple rounds of feedback.

TikTok evaluates:

Your use case. What does your app do? Why does it need to publish to TikTok? Apps that don’t have a clear, legitimate use case get rejected.

UX compliance. Before every post, your app must show the creator’s username and avatar. This is not just a recommendation — it is a hard requirement that TikTok verifies during review. Your UI must include this step.

Privacy controls. Every post must allow the creator to select a privacy level (public, friends, or private). Your app must display a privacy selector before posting.

Interaction controls. Users must be able to configure duet, stitch, and comment settings for each post. Your app must expose these controls.

Commercial content disclosures. TikTok requires toggles for branded content and brand promotion, with legal declarations displayed to the creator. If your app might be used for sponsored content, you need these in the UI.

Content policy compliance. No watermarks, brand logos, or promotional text added to content. TikTok prohibits this, and violating it during review will end the application.

If any of these are missing, TikTok rejects the review and you start again. Multiple rounds of feedback are common.

Development mode restrictions

While your audit is pending, your app operates in development mode:

• All posts from your app are set to SELF_ONLY (private, visible only to the creator)
• Only 5 user accounts can authorize your app within any 24-hour window
• You cannot onboard real users or run production workflows

This means you need to build the full integration — including all the UX compliance elements — before you can verify it works with real TikTok accounts. The audit evaluates a finished app, not a prototype.

The required API flow

For apps that have passed the audit, publishing a video requires these steps:

Step 1: Query creator info

Before every post, you must query the creator’s available privacy levels and interaction settings by sending a POST request to /v2/post/publish/creator_info/query/:

POST https://open.tiktokapis.com/v2/post/publish/creator_info/query/
Authorization: Bearer {USER_ACCESS_TOKEN}
Content-Type: application/json; charset=UTF-8

The request body is empty — the access token identifies the creator.

Response:

{
  "data": {
    "creator_avatar_url": "https://...",
    "creator_username": "user123",
    "creator_nickname": "Display Name",
    "privacy_level_options": ["PUBLIC_TO_EVERYONE", "MUTUAL_FOLLOW_FRIENDS", "SELF_ONLY"],
    "comment_disabled": false,
    "duet_disabled": false,
    "stitch_disabled": false,
    "max_video_post_duration_sec": 600
  }
}

Key fields:

• creator_username and creator_avatar_url — Must be shown in your UI before posting
• privacy_level_options — The allowed privacy levels for this creator’s account. Your post request must use a value from this array
• max_video_post_duration_sec — The maximum video length allowed for this creator. Use this to validate video length before uploading

If the creator’s account settings change between when you query and when you post, the post will fail with a privacy level mismatch.

Rate limit: 20 requests per minute per user access token.

Step 2: Initialize the post

The /v2/post/publish/video/init/ endpoint initializes a video publish. TikTok supports two upload modes: URL pull and direct file upload.

URL pull (TikTok downloads from your URL)

POST https://open.tiktokapis.com/v2/post/publish/video/init/
Authorization: Bearer {USER_ACCESS_TOKEN}
Content-Type: application/json; charset=UTF-8

{
  "post_info": {
    "title": "Caption text #hashtag",
    "privacy_level": "PUBLIC_TO_EVERYONE",
    "disable_duet": false,
    "disable_stitch": false,
    "disable_comment": false
  },
  "source_info": {
    "source": "PULL_FROM_URL",
    "video_url": "https://example.com/video.mp4"
  }
}

Returns a publish_id to track the post status.

Direct file upload

For file upload, send the same POST to /v2/post/publish/video/init/ with source: FILE_UPLOAD:

{
  "post_info": {
    "title": "Your video caption",
    "privacy_level": "PUBLIC_TO_EVERYONE",
    "disable_duet": false,
    "disable_stitch": false,
    "disable_comment": false
  },
  "source_info": {
    "source": "FILE_UPLOAD",
    "video_size": 50000000,
    "chunk_size": 10000000,
    "total_chunk_count": 5
  }
}

The response includes a publish_id and an upload_url. Upload the video via PUT to the upload_url with these headers:

Content-Type: video/mp4
Content-Length: {CHUNK_SIZE}
Content-Range: bytes {FIRST}-{LAST}/{TOTAL}

The upload URL expires after 1 hour.

Rate limit: 6 requests per minute per user access token.

Post info fields reference

Step 3: Poll for status

Publishing is asynchronous. Use /v2/post/publish/status/fetch/ to poll for the publish status with the publish_id from the init response:

POST https://open.tiktokapis.com/v2/post/publish/status/fetch/
Authorization: Bearer {USER_ACCESS_TOKEN}
Content-Type: application/json; charset=UTF-8

{
  "publish_id": "{PUBLISH_ID}"
}

Status values:

• PROCESSING_DOWNLOAD — TikTok is downloading from your URL
• PROCESSING_UPLOAD — File upload in progress
• SEND_TO_USER_INBOX — Draft sent to creator’s inbox (upload mode only)
• PUBLISH_COMPLETE — Successfully posted
• FAILED — Processing failed, check fail_reason

Processing time varies by file size — under 30 seconds for files up to 512 MB, around a minute for 1 GB. Public posts go through moderation after processing, which typically takes under a minute but can occasionally take hours.

Rate limit: 30 requests per minute per user access token.

Publishing photos

Photo posts support up to 35 images in a single post via URL pull. Photos use a different endpoint than videos.

POST to /v2/post/publish/content/init/:

{
  "media_type": "PHOTO",
  "post_mode": "DIRECT_POST",
  "post_info": {
    "title": "Photo title",
    "description": "Photo description with #hashtags",
    "privacy_level": "PUBLIC_TO_EVERYONE",
    "disable_comment": false,
    "auto_add_music": true
  },
  "source_info": {
    "source": "PULL_FROM_URL",
    "photo_images": [
      "https://example.com/photo1.jpg",
      "https://example.com/photo2.jpg"
    ],
    "photo_cover_index": 0
  }
}

title is limited to 90 characters. description supports up to 4,000 characters. Photo URLs must be publicly accessible.

Rate limit: 6 requests per minute per user access token.

Video and photo requirements

Video:

Photo posts:

Photo URLs must be publicly accessible. Up to 35 images per post. Caption title is limited to 90 characters; description supports 4,000 characters.

What can go wrong

TikTok’s API has failure modes that other platforms do not:

Privacy level mismatch. If you use a privacy level not in the creator’s privacy_level_options, the post fails. Creator account settings can change, so the value you cached from a previous query may no longer be valid.

Token expiry. TikTok access tokens expire in 24 hours. Without an automated refresh flow, your integration stops working every day. Refresh tokens last 365 days.

Daily post limits. TikTok caps posts per day per creator at approximately 15. TikTok does not expose the exact limit via API — you find out by hitting it. The per-app daily active creator cap is set at audit time based on your estimated usage.

Content moderation. A PUBLISH_COMPLETE status does not guarantee the post stays visible. TikTok moderates content after publishing. Posts can be removed after the fact.

Watermark violations. TikTok’s terms prohibit adding brand logos, watermarks, or promotional text to content via your app. In production, violations can result in disabled accounts.

Content sharing guidelines

TikTok enforces strict content sharing guidelines that affect both your app’s UX and API usage:

• No watermarks — Apps must not add brand names, logos, watermarks, or promotional text to content. Violations can result in deleted content or disabled accounts
• Creator info display — Your app must show the creator’s nickname before posting
• Privacy and interaction controls — Users must be able to set privacy level, comments, duets, and stitches
• Commercial content disclosure — Provide toggles for branded content and brand promotion, with appropriate legal declarations
• Daily limits — Approximately 15 posts per day per creator, with a daily active creator cap based on your app’s audit estimates
• Security — Never embed your client_secret in client-side code or open-source projects

The caption field

TikTok’s caption field (title) supports up to 2,200 characters. Hashtags work inline — add #hashtag to the caption string. @mentions are supported. Emojis work. There is no markdown formatting.

Photo posts split the caption into title (90 characters) and description (4,000 characters).

Posting to TikTok without building the integration

The audit process, UX requirements, and per-post creator info queries are unavoidable when you build your own TikTok integration. They are TikTok’s requirements for API access.

Postproxy has a completed TikTok audit with all required scopes approved. When you publish through Postproxy, you skip the audit timeline, the UX compliance requirements (Postproxy handles them internally), and the per-post creator info flow.

The request is the same as any other platform:

curl -X POST "https://api.postproxy.dev/api/posts" \
     -H "Authorization: Bearer YOUR_API_KEY" \
     -H "Content-Type: application/json" \
     -d '{
       "post": {
         "body": "We just shipped something new. Here is a quick look."
       },
       "profiles": ["tiktok"],
       "media": ["https://example.com/video.mp4"]
     }'

To publish the same post to TikTok and other platforms simultaneously:

curl -X POST "https://api.postproxy.dev/api/posts" \
     -H "Authorization: Bearer YOUR_API_KEY" \
     -H "Content-Type: application/json" \
     -d '{
       "post": {
         "body": "We just shipped something new. Here is a quick look."
       },
       "profiles": ["tiktok", "instagram", "youtube"],
       "media": ["https://example.com/video.mp4"]
     }'

Postproxy handles creator info queries, privacy level validation, video upload, status polling, token refresh, and rate limit monitoring. You connect a TikTok account once via OAuth, then publish through the API.

What Postproxy handles for TikTok:

• Completed TikTok app audit with video.publish scope approved
• OAuth 2.0 token management and 24-hour token refresh
• Creator info queries before every post
• Privacy level validation against creator’s available options
• Video uploads via URL pull with status polling
• Photo posts with multi-image support
• Daily limit monitoring per creator account

Connect your TikTok account and start publishing through the Postproxy API. For more on publishing across platforms, see the social media API guide.