AdCamel and the TikTok Business API

Last updated: May 19, 2026

This page describes exactly how AdCamel uses the TikTok Business API, what advertiser data flows through the integration, and how operator approval gates the entire flow. It is the single source of truth referenced by the AdCamel developer profile submitted at business-api.tiktok.com.

Who this integration is for

AdCamel uses the TikTok Business API to operate paid advertising on advertiser-owned TikTok Business Center and Ads Manager accounts. The advertiser account owner explicitly authorizes the connection through TikTok's OAuth flow. AdCamel does not connect accounts the operator does not own or has not been authorized to manage.

Authorization flow

The operator launches an authorization request from the AdCamel workspace.
TikTok presents its standard OAuth consent screen to the advertiser account owner.
On approval, TikTok returns a one-time authorization code to the AdCamel callback at https://adcamel.io/auth/tiktok/callback (registered in the dev profile).
AdCamel exchanges the code for an access token and refresh token via TikTok's documented OAuth endpoint and stores the credentials encrypted at rest inside the operator's workspace.
The operator can revoke the connection at any time. Token storage is local to the AdCamel operator workspace; no credentials are shared with third parties.

API use cases

AdCamel requests scopes for the following Marketing API capabilities, all of which are exercised only against accounts authorized in the step above and only after operator approval inside the AdCamel workspace.

Campaign Management

Create, update, pause, resume, and inspect campaigns, ad groups, ad creatives, and ads. New campaigns are pushed in operation_status=DISABLE at every layer; going live requires the operator's explicit toggle inside TikTok Ads Manager.

Reporting and measurement

Pull aggregate campaign performance from TikTok's Reporting API (/report/integrated/get/) — spend, impressions, clicks, CTR, conversions, creative performance, and similar aggregate fields. AdCamel does not pull user-level personal data.

Creative assets and tools

Upload creative assets supplied by the advertiser or operator, fetch creative status, and reference creative identifiers in campaign payloads. Spark Ads and authorized-identity In-Feed formats are supported per TikTok's documented identity model.

Audience management

Manage audiences only where the advertiser has explicitly authorized AdCamel to do so. AdCamel does not export audience lists out of TikTok.

Pixel and Events

Provision TikTok pixels on advertiser-owned ad accounts, emit the JS snippet for the operator to install on advertiser-owned web properties, and verify pixel firing through TikTok's Events API. AdCamel does not modify advertiser web properties directly.

Approval gate

Every campaign push, audience change, or pixel creation must be approved by the operator inside AdCamel before any call is made to TikTok. Approvals are recorded as audit events with a permanent ID. Auto-launch (publishing a campaign without an operator approval) is intentionally not implemented in the current scope.

Data handled

Authorization metadata: OAuth tokens for the authorized advertiser account; advertiser, Business Center, ad account, and asset identifiers returned by TikTok.
Campaign artifacts: campaign, ad group, ad, and creative identifiers; campaign budgets; targeting payloads constructed from the operator's brand context and explicit per-campaign overrides.
Creative assets: image and video files supplied by the operator for upload to TikTok.
Pixel identifiers and pixel JS snippet bodies for advertiser-owned sites.
Aggregate reporting: spend, impressions, clicks, CTR, conversions, creative performance, country breakdowns, and similar aggregate fields returned by the Reporting API.

Data not handled

AdCamel does not pull or store user-level personal data from TikTok.
AdCamel does not sell any data, personal or aggregate.
AdCamel does not modify the credit card on file. TikTok Ads Manager holds the card; AdCamel only enforces per-campaign budget caps on the operator side.
AdCamel does not access the consumer-facing TikTok app, content moderation surfaces, or messaging features.

Auditability and refusals

Every external call to TikTok emits an audit event with endpoint, response status, response request_id, and TikTok-side identifiers. Tokens, secrets, creative bytes, and audience demographic bodies are excluded from audit records. Refusals (expired refresh token, malformed budget, unapproved artifact, rate-limit code 40100) are returned cleanly with no partial campaign state on TikTok's side.

Compliance and policies

AdCamel operates inside TikTok's Marketing API Terms of Service and Developer Policies. Privacy posture is described in the Privacy Policy; legal posture is described in the Terms of Use; security posture and disclosure policy are at /security and /.well-known/security.txt.

Contact

For platform-review or compliance questions about this integration, contact contact@adcamel.io. For coordinated security disclosure, contact security@adcamel.io.