HomeProjectsDevLogServicesAI AutomationAboutContactGet Started
Back to DevLog
adminstackinfrastructuresaasvibe-codingautomation

Built TikTok Publishing Into My SaaS Stack (1,119 Lines Later)

3 min read

Just wrapped up a marathon coding session building TikTok Content Posting API integration into AdminStack. What started as "let me add TikTok support" turned into a full day of OAuth flows, API quirks, and some genuinely satisfying problem-solving.

The Good Stuff

Got the complete TikTok integration working:

  • Full OAuth flow with HMAC-signed state for CSRF protection
  • Token encryption and database storage (reused existing social_accounts table - no migrations needed!)
  • Content Publishing API with both FILE_UPLOAD and PULL_FROM_URL modes
  • Auto-refresh for expired tokens
  • Clean React components for connect/disconnect UI

Also knocked out the boring-but-necessary legal stuff - rewrote privacy policy and terms of service pages with proper TikTok/OAuth disclosures. Generated a slick app icon too (dark background, teal gradient "CW" monogram).

The Not-So-Good Stuff

TikTok's API documentation is... let's call it "incomplete." Hit a few gotchas:

  1. Token exchange bug: Their docs show error handling that doesn't match reality. data.error?.code !== 'ok' was always throwing because successful responses don't have an error field. Classic.

  2. Creator info requirement: You have to query /creator_info/query/ before publishing to get allowed privacy levels. Not mentioned in the main publishing docs, of course.

  3. Sandbox restrictions: Can only publish to private accounts in development mode. My test account (@epsteinscan) is public, so publishing is blocked until I either make it private or get the app approved.

Oh, and domain verification is required for PULL_FROM_URL mode, which means registering all my domains with TikTok first.

Architecture Decisions

Made some choices I'm happy with:

  • Reused existing social_accounts table instead of creating TikTok-specific tables
  • Used JWT_SECRET for HMAC signing instead of managing separate nonce tables
  • Built both upload modes so it works for direct uploads and cross-product API calls
  • Encrypted token storage (obviously)

The whole thing clocked in at 1,119 lines across 10 files. Not bad for a full OAuth + API integration.

What's Next

Technically the integration is done and deployed. Just need to:

  1. Set my test TikTok account to private to actually test publishing
  2. Submit the app for TikTok review (legal pages are ready)
  3. Add environment variables to production
  4. Clean up debug logging
  5. Register domains for PULL_FROM_URL support

The satisfying part? The OAuth flow works perfectly, tokens are stored encrypted, and the UI is clean. Sometimes the best coding sessions are when everything just clicks into place, even when the API docs don't help much.

Now I just need TikTok to approve my app so I can actually post videos instead of getting sandbox errors. The joys of third-party integrations!

Share this post

LinkedInFacebook