How it works

Architecture & TikTok integration

This page describes, transparently, how Octopost App works and how it uses the TikTok API — for users and reviewers alike.

Overview

Octopost App is a web application. The user maintains a content library and connects one or more TikTok accounts through the official authorization flow. The application generates the photo carousels, surfaces them in a queue for review, and — after the user's explicit approval — publishes them through the TikTok Content Posting API.

Per-post approval

Every publication is gated by an explicit user click.

The TikTok Content Posting API guidelines require the user to review and confirm each post before publication. Octopost App makes that step mandatory in code: the publishing cron (publish-tick) filters on approved_at IS NOT NULL and ignores everything else.

Database

The scheduled_posts table has an approved_at timestamptz column. AI generation sets it to NULL; the user flips it via the queue UI.

UI

The Queue page shows an amber “Awaiting approval” banner over any unapproved post, plus a per-row Approve and publish button. There is no bulk-approve action — each post is reviewed and confirmed individually, as the TikTok Content Posting API guidelines require.

The publishing pipeline

Library

The user types a single topic (or bulk-imports many). Octopost App stores it as a draft.

Language detection

A cheap LLM call resolves the topic's natural language so every downstream piece (caption, hashtags, slide text) is generated in that exact language.

AI text generation

An LLM turns the topic into a hook-style title, an aerated TikTok caption with emojis, 3–5 hashtags and the per-slide image prompts.

Parallel image generation

gpt-image-2 renders the 7 square slides in parallel (~2 min). Each slide is resized to 1080×1080 JPEG and uploaded to verified storage.

Per-post user approval (audit gate)

The generated post lands in the Queue with an amber 'Awaiting approval' banner. Publishing is paused until the user explicitly clicks 'Approve and publish'.

Official publishing

Approved posts are sent to TikTok via /v2/post/publish/content/init/ (DIRECT_POST + PULL_FROM_URL). Octopost App polls /status/fetch/ until PUBLISH_COMPLETE.

Connecting a TikTok account

Connection relies exclusively on OAuth 2.0 with PKCE. The user is redirected to TikTok, authenticates on TikTok's own domain, and grants the permissions themselves. Octopost App never sees the TikTok password. The returned tokens are stored encrypted (AES-256-GCM); the access token is refreshed automatically before each call.

App→TikTok — authorization→Code exchange→Encrypted tokens→Ready to publish

Requested permissions

Octopost App requests the strict minimum needed to operate:

user.info.basic

Display the connected account inside the application: display name, avatar, public identifier. No sensitive data.

video.publish

Publish the photo carousel directly to the user's account (DIRECT_POST mode), once the user has explicitly approved the generated post in the queue.

video.upload

Bundled with video.publish under the Content Posting API product on the TikTok Developer Portal; cannot be requested independently. Octopost App does not actively call the MEDIA_UPLOAD endpoint.

Data handling

TikTok refresh tokens are encrypted at rest (AES-256-GCM) and never leave the server.
Published images are served from a verified domain owned by the application (PULL_FROM_URL host whitelist).
Data access is isolated per user through Row Level Security policies in PostgreSQL.
No TikTok data is resold or shared with third parties.
The number of daily posts per account is capped well below TikTok's own API limit.
Every publish, every failure and every token refresh is recorded in an immutable audit log.

Technical stack

Web application

Next.js 15 (App Router), deployed on Netlify

Database & auth

Supabase (PostgreSQL, EU region — Frankfurt)

Image generation

Replicate · openai/gpt-image-2 (1:1, 1080×1080)

Publishing

TikTok Content Posting API v2 — DIRECT_POST + PHOTO

No device automation, no scraping, no workarounds. Octopost App uses only TikTok's public, documented interfaces — every post is initiated by an explicit user approval click.

Open the app →