TokPortal
Article

TikTok Content Posting API in 2026: Working Code Examples & Limits

Everything developers and marketing teams need to know about automating TikTok video uploads, managing credentials, and scaling content distribution programmatically in 2026.

Vincent Tellenne

Vincent Tellenne

Founder & CEO

Updated April 19, 20268 min read
TikTok Content Posting API: Developer Guide 2026
Share

TikTok Content Posting API: Complete Developer Guide 2026

The TikTok Content Posting API is now one of the most strategically important developer tools in social media marketing. As TikTok continues to dominate short-form video with over 1.9 billion monthly active users, marketing teams and developers are racing to build scalable, automated content pipelines that can publish consistently across dozens — or even hundreds — of accounts without manual intervention.

This guide is written for marketing engineers, growth developers, and performance marketers who want a deep, practical understanding of how the TikTok Upload API works in 2026 — from OAuth authentication and chunked video uploads to rate limit strategies and multi-account orchestration. Whether you're building an internal content scheduler, a SaaS publishing platform, or a full-scale TikTok account scaling operation, this guide covers everything you need.

We'll also explore how platforms like TokPortal augment the API by providing real, pre-warmed TikTok accounts on physical devices across 30+ countries — solving the biggest pain point developers face: account trust and geo-authenticity at scale.

1.9B+

TikTok Monthly Active Users (2026)

30+

Countries Supported by TokPortal

100+

Real Device Accounts Available

10GB

Max Video File Size via Upload API

3

TikTok API Auth Scopes for Posting

~60s

Average API Upload Time (1080p)

What Is the TikTok Content Posting API?

The TikTok Content Posting API — officially part of TikTok's Content Posting API suite under the TikTok for Developers platform — allows authorized applications to programmatically upload and publish video content to TikTok accounts on behalf of users or creators. It replaced the older, unofficial scraping methods that marketers relied on and is now the sanctioned, stable way to automate TikTok video posts at scale.

The API supports two primary upload flows: Direct Post (content goes live immediately) and Upload to Inbox (content is queued in the creator's draft inbox for review before publishing). For marketing automation, Direct Post is the go-to flow — it lets your pipeline push a video, caption, hashtags, privacy settings, and audience targeting parameters in a single API call chain.

As of 2026, TikTok has significantly expanded the Content Posting API's capabilities, including support for Duet and Stitch permissions, branded content disclosures, geo-targeting of video visibility, and webhook callbacks for upload status. Developers building on this API should be aware that TikTok routinely updates rate limits and permission scopes, so staying current with the TikTok API integration changelog is essential.

TikTok API Developer Prerequisites & Setup

1

Create a TikTok Developer Account

Navigate to developers.tiktok.com and register for a developer account using a valid business email. You'll need to agree to TikTok's API Terms of Service. Personal accounts are not eligible for Content Posting API access — you must operate under a recognized business or developer entity.

2

Create an App in the Developer Portal

Once verified, create a new App inside the developer dashboard. Choose the 'Content Posting API' product when selecting your app's capabilities. You'll receive a Client Key and Client Secret — treat these like production credentials and never expose them client-side.

3

Request the Required API Scopes

For video posting, your app must be granted the following OAuth scopes: video.upload (to initiate uploads), video.publish (to publish drafts or direct-post), and user.info.basic (to validate account identity). Submit your scope request with a detailed use-case description — TikTok manually reviews access for the Content Posting API.

4

Implement OAuth 2.0 Authorization Flow

Use TikTok's OAuth 2.0 PKCE flow to obtain user access tokens. Redirect users to TikTok's authorization URL with your client_key, scope, redirect_uri, and a state parameter for CSRF protection. After authorization, exchange the code for an access_token and refresh_token with a TTL of 24 hours and 365 days respectively.

5

Sandbox Testing Before Production

TikTok provides a Sandbox environment where you can test video uploads without publishing to real accounts. Use test user accounts provided in the developer portal. Validate your entire upload pipeline — initiation, chunked transfer, and publish call — before pointing at production credentials.

6

Apply for Production Access

After sandbox validation, submit your app for TikTok's production review. This includes providing a demo video of your upload flow, your privacy policy URL, and a clear description of how user data is handled. Approval typically takes 5–10 business days in 2026.

How to Post a Video via the TikTok Upload API

Posting a video via the TikTok Upload API is a multi-step process. Unlike simple REST APIs that accept a single POST with a file attachment, TikTok uses a chunked upload protocol designed for large media files. Here's the complete technical flow every TikTok API developer needs to understand.

The process begins with an upload initiation request to POST /v2/post/publish/video/init/, where you declare the video's source type (FILE_UPLOAD or PULL_FROM_URL), chunk count, total file size in bytes, and publish metadata including caption, privacy level, and interaction toggles. TikTok responds with an upload_url and a publish_id — the publish_id is your tracking reference for the entire lifecycle of this post.

For URL-based uploads (PULL_FROM_URL), TikTok's servers fetch the video directly from a publicly accessible URL — an excellent pattern for CDN-hosted content pipelines. For file uploads, you'll use chunked PUT requests to the provided upload_url, with each chunk declared using the Content-Range header. After all chunks are transferred, you poll the /v2/post/publish/status/fetch/ endpoint using your publish_id until the status transitions from PROCESSING to PUBLISH_COMPLETE. This async pattern is critical to handle correctly in production queues.

Pro Tip: Use URL-Based Uploads for Speed

If your content pipeline already stores videos in cloud storage (S3, GCS, Cloudflare R2), use the PULL_FROM_URL method instead of chunked file uploads. It's significantly faster, reduces your server bandwidth costs, and simplifies retry logic since TikTok handles the transfer from a stable CDN URL. Just ensure your URLs are publicly accessible and don't require authentication headers.

Key API Endpoints Every TikTok Developer Must Know

  • POST /v2/post/publish/video/init/ — Initiate a video upload and receive upload_url + publish_id
  • PUT {upload_url} — Transfer video chunks using Content-Range headers (file upload flow only)
  • POST /v2/post/publish/inbox/video/init/ — Upload to creator's draft inbox instead of direct publishing
  • GET /v2/post/publish/status/fetch/ — Poll async upload status using publish_id (PROCESSING → PUBLISH_COMPLETE)
  • GET /v2/video/list/ — Retrieve a list of published videos for an authenticated user account
  • GET /v2/video/query/ — Fetch detailed metadata for specific videos by video_id array
  • DELETE /v2/video/delete/ — Remove a published video programmatically using its video_id
  • GET /v2/oauth/token/ — Exchange authorization code for access_token and refresh_token
  • POST /v2/oauth/token/refresh/ — Refresh an expired access token using the long-lived refresh_token
  • GET /v2/user/info/ — Retrieve authenticated user profile info including display_name and avatar_url

TikTok API Rate Limits & Quotas in 2026

Rate Limit Strategy Is Non-Negotiable at Scale

If you're managing uploads across 50+ TikTok accounts, naively firing API calls will hit per-app rate limits quickly. Implement an exponential backoff queue with jitter, distribute requests across time windows, and use separate OAuth credentials per account batch. TikTok's rate limit headers (X-RateLimit-Remaining, X-RateLimit-Reset) should drive your scheduler logic — not guesswork.

Multi-Account Management: The Real Scaling Challenge

The TikTok API itself is only half the equation. The harder problem for marketing teams running multi-account TikTok strategies is account trust, geo-authenticity, and avoiding platform-level throttling or bans. TikTok's risk systems are sophisticated — they flag accounts that show unusual behavioral patterns, access from mismatched IP geographies, or were never organically onboarded on a real device.

This is where TokPortal provides critical infrastructure. Rather than spinning up accounts programmatically in bulk (which TikTok's systems flag rapidly), TokPortal creates and warms real TikTok accounts on physical mobile devices in 30+ countries, with authentic local IP addresses, organic early engagement history, and proper device fingerprints. These accounts are then made available for API integration, giving your publishing pipeline a trusted, geo-specific account layer. Learn more about how this works in our TikTok account farming strategies guide.

For performance marketers running geo-targeted TikTok campaigns across multiple regions, this matters enormously. An account created and warmed in Brazil will have an authentic Brazilian audience signal — something no proxy or VPN layer can replicate when you're trying to grow organic reach in that market.

TikTok API vs. Third-Party Automation Tools

Advantages

  • Full control over upload logic, scheduling, and metadata
  • No dependency on third-party tool uptime or pricing changes
  • Access to raw API responses for analytics and debugging
  • Supports custom retry logic and error handling
  • Can integrate directly with your existing data pipeline
  • Scales to thousands of posts without per-seat licensing

Drawbacks

  • Requires developer resources to build and maintain
  • Must handle OAuth token refresh and expiry management
  • Requires manual monitoring of TikTok API deprecations
  • No built-in visual UI for non-technical team members
  • Rate limit handling and queue management adds complexity
  • Account trust and device authenticity not included

Video Format & Technical Specifications for the Upload API

  • Supported Formats: MP4 and WebM (MP4 with H.264 codec strongly recommended for compatibility)
  • Minimum Resolution: 540 × 960px — below this TikTok will reject the upload
  • Recommended Resolution: 1080 × 1920px (9:16 portrait) for full-screen delivery
  • Maximum File Size: 10 GB for production apps (128 MB in sandbox)
  • Maximum Duration: 10 minutes for standard accounts; 60-second limit for new/low-trust accounts
  • Frame Rate: 23–60 FPS recommended; below 23 FPS may trigger quality rejection
  • Audio: AAC-encoded stereo audio at 44.1 kHz or 48 kHz sample rate
  • Bitrate: 2–8 Mbps for 1080p content; higher bitrates are acceptable but increase upload time
  • Aspect Ratio: 9:16 (portrait) preferred; 1:1 (square) and 16:9 (landscape) also supported
  • Caption Length: Maximum 2,200 characters including hashtags and mentions via API
  • Hashtag Limit: Up to 30 hashtags per post via API (same as manual posting limit)

Error Handling & Common TikTok API Failures

1

Error 10101 — Invalid Access Token

The most common error in production. Indicates the access_token has expired (24-hour TTL). Fix: implement proactive token refresh using the refresh_token before the access_token expires, rather than waiting for a 401 response. Store token expiry timestamps alongside credentials.

2

Error 10003 — Scope Not Authorized

Your app has not been granted the required scope (video.upload or video.publish) for this user. Fix: ensure your OAuth authorization URL includes all required scopes and that the user has explicitly approved them. Re-authorize if scopes were added to the app after the user's initial auth.

3

Error 10202 — Video Upload Failed

Chunk transfer failed or file validation rejected the video. Common causes: incorrect Content-Range headers, unsupported codec, file corruption, or resolution below minimum threshold. Fix: validate video specs server-side before initiating upload, and implement chunk-level retry with MD5 verification.

4

Error 10002 — Rate Limit Exceeded

Your app or user has exceeded the allowed API call frequency. Fix: implement a token bucket or leaky bucket rate limiter in your upload queue. Respect X-RateLimit-Remaining and X-RateLimit-Reset headers. Distribute high-volume posting across multiple time windows.

5

Status: FAILED (publish_id polling)

The async publish job failed after upload was completed. Common causes: content policy violations detected by TikTok's automated review (copyright audio, restricted visuals), or account-level publishing restrictions. Fix: implement content pre-screening, monitor publish status webhooks, and maintain a dead-letter queue for failed publishes.

Build a Robust Retry & Observability Layer

Production TikTok upload pipelines should treat every API call as potentially fallible. Use a message queue (SQS, RabbitMQ, or similar) to manage upload jobs, implement idempotency keys tied to your publish_id, and set up alerting on FAILED publish statuses. A dead-letter queue for failed jobs — with an automatic retry after 30 minutes — will catch the majority of transient TikTok server-side issues without human intervention.

Integrating TokPortal with Your TikTok API Pipeline

TokPortal is built specifically for marketing teams and developers who need the account infrastructure layer that the TikTok API alone cannot provide. While the Content Posting API handles the programmatic publishing mechanics, TokPortal handles the account creation, device registration, and geographic warming that determines whether your content actually gets distributed by TikTok's algorithm.

The integration pattern is straightforward: TokPortal provisions real TikTok accounts on physical devices in your target countries — available across USA, Brazil, UK, Indonesia, and 30+ more — and delivers the OAuth credentials (access tokens and refresh tokens) needed to authenticate each account against the Content Posting API. Your upload pipeline treats each account's token set like any other OAuth credential, pushing content through the standard API flow while benefiting from the account's authentic device history and local trust signals.

For teams running bulk creator account strategies or managing content for multiple regional brands, this two-layer approach — TokPortal for account quality, TikTok API for programmatic publishing — is the most reliable architecture available in 2026. Explore our TikTok Content API integration guide for specific implementation patterns.

Ready to Scale Your TikTok Content Pipeline?

TokPortal provides real TikTok accounts on real devices in 30+ countries — the trusted account infrastructure your API pipeline needs to publish at scale without flags or bans.

View TokPortal Pricing

Frequently Asked Questions

What is the TikTok Content Posting API and how is it different from the old API?+
The TikTok Content Posting API is TikTok's official, sanctioned API for programmatically uploading and publishing videos to TikTok accounts. Unlike the legacy unofficial endpoints that many automation tools relied on (which were deprecated and are actively blocked), the Content Posting API is a stable, OAuth 2.0-secured interface with clear rate limits, documented error codes, and official developer support. It supports both direct publishing and inbox draft uploads, along with webhook callbacks for async status tracking — none of which were reliably available in older workarounds.
How many TikTok accounts can I manage with one API app?+
Technically, a single TikTok API app can manage an unlimited number of user accounts — each account authenticates independently via OAuth 2.0 and receives its own access_token and refresh_token. However, per-app rate limits apply across all accounts managed by that app. If you're managing 100+ accounts, you'll likely need to partition accounts across multiple API apps (each with its own Client Key/Secret) to avoid hitting aggregate rate ceilings. TokPortal's account packages are designed with this architecture in mind.
Does TikTok's API support scheduling posts for a future time?+
As of 2026, TikTok's Content Posting API does not natively support scheduled publishing with a future timestamp in a single API call. The recommended pattern for scheduled posting is to implement your own scheduling layer — a job queue or cron-based system that triggers the API upload flow at the desired time. Some third-party tools offer UI-based scheduling built on top of the same API, but the underlying mechanism is always a time-delayed API call rather than a server-side TikTok schedule.
Why do TikTok accounts get flagged or banned even when using the official API?+
Using the official Content Posting API does not grant immunity from TikTok's risk and trust systems. Account-level flags are triggered by factors independent of the API layer: accounts that were created programmatically without real device history, accessed from IP addresses inconsistent with their registered region, that post at inhuman frequencies, or that were never organically onboarded all face elevated flag risk. This is precisely why TokPortal's real-device, geo-authentic account infrastructure matters — the API is the publishing mechanism, but account trust is determined by the account's behavioral and device history.
What video formats does the TikTok Upload API support?+
The TikTok Upload API primarily supports MP4 (H.264 video codec, AAC audio) and WebM formats. MP4 with H.264 is strongly recommended for the broadest compatibility and lowest rejection rate. Videos must be a minimum of 540×960px resolution, with 1080×1920px (9:16 portrait) being the recommended target for full-quality distribution. File size limits are 10 GB in production and 128 MB in sandbox. Duration limits are up to 10 minutes for established accounts.
How do I handle OAuth token expiry in a multi-account pipeline?+
TikTok access tokens expire after 24 hours, while refresh tokens are valid for 365 days. In a multi-account pipeline, proactively refresh tokens before they expire rather than waiting for a 401 error response. Store each account's token_expiry timestamp alongside the credentials. Run a background job that scans for tokens expiring within the next hour and refreshes them using the /v2/oauth/token/refresh/ endpoint. If a refresh_token itself expires (after 365 days of inactivity), the user must re-authorize — build an alert system to flag accounts approaching refresh_token expiry.
Can I use the TikTok Content Posting API for advertising or paid promotion?+
The Content Posting API is designed for organic content publishing, not paid advertising. For TikTok paid ads — including In-Feed Ads, TopView, and Spark Ads — you'll need to use the TikTok Marketing API, which is a separate product under the TikTok for Business platform. However, organic posts published via the Content Posting API can later be boosted via Spark Ads through the Marketing API by referencing the post's video_id, making the two APIs complementary for a full-funnel marketing strategy.
Share
Vincent Tellenne

Written by

Vincent Tellenne

Founder & CEO

Vincent is the founder of TokPortal, building the infrastructure for scaled organic social media distribution. Previously scaled multiple startups and APIs to millions of requests.

Learn more about this topic with AI

Ready to launch?Start with TokPortal