TikTok Events API

TikTok Events API

TikTok Events API enables server-to-server sharing of conversion events with TikTok's advertising platform. Rather than relying solely on browser scripts, event data such as purchases and signups is sent directly from the website server to TikTok, improving signal quality for ad attribution.

TikTok
Part of TikTok
Back to Vendor Library

Overview

The TikTok Events API is a server-to-server integration that transmits conversion events from an advertiser's web server directly to TikTok's advertising platform, bypassing the browser entirely. It complements the browser-side TikTok Pixel by providing a secondary data pathway that is not affected by ad blockers, cookie restrictions, or browser privacy features. The Events API sends the same types of conversion data (purchases, sign-ups, page views) but through a server-side HTTP request rather than a client-side pixel fire.

What This Script Does

The TikTok Events API operates primarily server-side, though it often works alongside the TikTok Pixel.

  • Server-side operation: The advertiser's web server sends HTTPS POST requests to business-api.tiktok.com/open_api/v1.3/pixel/track/ containing event data — event name, event parameters, and user identifiers (hashed email, phone number, IP address, user agent).
  • No direct client-side scripts: The Events API itself does not load JavaScript in the visitor's browser. However, it is typically deployed alongside the TikTok Pixel, which does set client-side cookies.
  • Deduplication: When both the Pixel and Events API report the same conversion, TikTok deduplicates the events using a shared event ID to avoid double-counting.
  • Data transmitted server-side: Event type (PageView, AddToCart, CompletePayment, etc.), event parameters (value, currency, content IDs), hashed user identifiers (SHA-256 hashed email and phone), IP address, user agent string, and the TikTok Click ID if available.
  • Cookie dependency: While the Events API does not set cookies itself, it relies on the _ttp and _ttclid cookies set by the TikTok Pixel (passed server-side) for optimal attribution matching. Without these, attribution falls back to probabilistic matching using hashed PII and IP.

Consent & Compliance

The TikTok Events API falls under the marketing consent category.

Under GDPR and ePrivacy, the Events API processes personal data (hashed emails, IP addresses, behavioral events) for advertising attribution. While it does not set cookies in the browser, the server-side transmission of personal data to TikTok for advertising purposes requires a GDPR-compliant legal basis — typically consent. The hashing of PII does not anonymize the data under GDPR, as TikTok can match hashed values against its user base. If the Events API operates without the TikTok Pixel (purely server-side), the ePrivacy Directive's cookie consent requirement does not apply, but GDPR consent for advertising data processing is still required.

Under CCPA/CPRA, server-side transmission of customer identifiers and behavioral data to TikTok for ad attribution constitutes "sharing" of personal information for cross-context behavioral advertising, regardless of whether cookies are used.

Should You Block This Without Consent?

Yes. The TikTok Events API transmits personal data to TikTok's advertising platform for conversion attribution and campaign optimization. The server-side architecture does not exempt it from consent requirements — the personal data processing for advertising purposes requires consent under GDPR, and the data sharing triggers CCPA opt-out obligations. Block server-side event transmission until the user grants marketing consent, or implement a consent-gated server-side check before firing Events API calls.

Visit website

Consent Categories

Marketing

Also Known As

tiktok events apitiktok server side trackingtiktok conversion apitiktok s2s eventstiktok ads attributiontiktok consent

Industries

Arts and Entertainment

Tracked Domains (1)

business-api.tiktok.comMarketing

Frequently Asked Questions

Does the TikTok Events API require consent even though it's server-side?

Yes. The Events API transmits hashed personal data (email, phone, IP) to TikTok's advertising platform server-to-server. Server-side architecture does not exempt it from GDPR consent requirements. Block server-side event transmission until marketing consent is granted.

What data does the TikTok Events API send?

The server sends HTTPS POST requests to business-api.tiktok.com with event type, parameters (value, currency, product IDs), hashed email and phone (SHA-256), IP address, user agent, and the TikTok Click ID. It deduplicates events against the browser-side pixel.

How does ConsentStack handle the TikTok Events API?

ConsentStack classifies the TikTok Events API as marketing. Because it operates server-side, ConsentStack flags it for server-side consent gating — operators must check the visitor's ConsentStack consent state before triggering Events API calls.

Other TikTok Products

TikTok Ads
TikTok Ads
TikTok Ads tracking scripts supplement the TikTok Pixel to enable campaign targeting and attribution on TikTok's advertising platform. Scripts set cookies and collect behavioral signals to match website visitors to TikTok user profiles for audience segmentation and ad measurement.
TikTok Pixel
TikTok Pixel
TikTok Pixel is TikTok's browser-side conversion tracking tag. Scripts fire on website events such as page views, add-to-cart actions, and purchases, sending event data and cookies to TikTok's advertising platform. Used to measure ad campaign performance and build retargeting audiences.

Related Vendors

Google Ads
Google Ads
Google Ads is Google's advertising platform for search, display, and remarketing campaigns. Conversion tracking scripts fire on advertiser landing pages to measure actions taken after ad clicks. The remarketing tag builds audience lists for retargeting users across Google's ad network.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
Microsoft Advertising UET Tag
Microsoft Advertising UET Tag
Microsoft Advertising UET Tag is the Universal Event Tracking pixel for Microsoft's ad platform, formerly Bing Ads. The JavaScript tag fires on advertiser websites to track page views, conversions, and custom events for campaign optimization. Sets cookies to identify visitors across sessions and attribute conversions to Microsoft Search and Audience Network ad clicks.
LinkedIn Ads
LinkedIn Ads
LinkedIn Ads is LinkedIn's advertising platform for B2B marketing and professional audience targeting. Conversion tracking scripts and pixels fire on advertiser websites to measure sign-ups, downloads, and purchases driven by LinkedIn ad campaigns. Sets cookies for audience matching, retargeting list building, and cross-device attribution reporting.

Manage consent for TikTok Events API

ConsentStack automatically detects and manages TikTok Events API trackers so your site stays compliant with global privacy regulations.

Get started free