Integration
TikTok Marketing API integration
Last updated: 22 May 2026
This page documents exactly how Klovex integrates with the TikTok Marketing API: which scopes we request, what we do with the data, how we store it, how long we keep it, and how users revoke access at any time. It is intended to give the TikTok For Business Developer review team — and our customers — a complete picture.
1. What Klovex is, in one paragraph
Klovex is a B2B software platform that lets performance-marketing teams manage many ad accounts from one place. Customers connect their own TikTok For Business advertiser accounts through TikTok's official OAuth flow and use Klovex to read reports, manage campaigns at scale, and consolidate analytics across the ad accounts they already own. Klovex does not own ad inventory and does not buy ads on behalf of any party; we are a tool used by advertisers and their in-house teams.
2. Authentication and consent
Klovex authenticates each TikTok ad account through TikTok's standard OAuth 2.0 flow. The user:
- signs in with their TikTok For Business identity (not with us);
- reviews the scopes requested on the official TikTok consent screen;
- explicitly authorizes the connection.
Klovex receives only the tokens issued by TikTok after that consent. We never see the user's TikTok password and we never proxy it.
3. Scopes requested
| Scope | Why Klovex needs it |
|---|---|
user.info.basic |
Identify the TikTok For Business account that authorized the connection so we can label it correctly in the Klovex workspace. |
ads.read |
Read advertiser, campaign, ad-group and ad metadata to display the customer's structure in Klovex. |
ads.management |
Pause, resume, and update budgets on the customer's authorized campaigns when the user takes those actions inside Klovex. |
reporting |
Pull performance reports (impressions, clicks, spend, CTR, conversions, audience breakdowns) to render dashboards and reports. |
creatives |
Read creative metadata (file name, type, identifiers) so the customer can review and compare creative performance inside Klovex. We do not request raw creative file downloads. |
We request the minimum scopes required for the features the user has chosen. If a customer never enables a feature that needs a particular scope, that scope is not requested for their workspace.
4. Data we read from TikTok
- advertiser-account metadata (advertiser id, name, status, currency, timezone, country);
- campaign, ad-group and ad configuration (objective, budget, schedule, targeting summary);
- performance reports: spend, impressions, clicks, CTR, CPC, CPM, conversions and any of the standard reporting metrics the user selects;
- audience breakdowns where the user has opted to view them;
- creative metadata associated with the campaigns above.
Klovex does not request, retrieve or store:
- raw end-user profile data of TikTok consumers;
- video files or other creative binaries (we work with TikTok's metadata only);
- personal identifiers of end users who interacted with the ads.
5. How the data is used
Data retrieved through the TikTok Marketing API is used only to:
- render dashboards, reports and management views inside the Klovex workspace that the user is signed into;
- execute the actions the user explicitly takes (pause/resume, update budget, etc.);
- schedule and email reports requested by the user to the email addresses they configure.
6. Storage and security
- All TikTok access tokens are encrypted at rest using AES-256-GCM with envelope encryption (data keys stored in a managed KMS).
- Data flows are TLS 1.2+ end-to-end. The production database is hosted in the EU.
- Access to the production environment is gated by SSO + 2FA, limited to authorized engineers, and audit-logged.
- Backups are encrypted and access-controlled.
See the Security page for the full programme.
7. Retention
Cached TikTok data is kept only as long as the connection between the customer's TikTok account and Klovex remains active. When the connection is removed, cached data is deleted from the production database within 24 hours and from backups within 30 days. See User Data Deletion for the self-service path and the email-request path.
8. Revoking access
Users can revoke Klovex's access to their TikTok account at any time:
- from inside Klovex: Settings → Connected accounts → Disconnect;
- from TikTok For Business: Settings → Apps / Authorized apps → Revoke;
- by email to privacy@klovex.xyz.
9. Sub-processors that may touch TikTok data
The list and locations of our sub-processors is published on the DPA page. For TikTok data specifically the chain is:
- application hosting — Vercel Inc., EU region;
- database — Neon Inc., EU region;
- edge / DNS — Cloudflare, Inc., global edge under SCCs;
- email (scheduled reports the user opts into) — Resend, Inc.
10. Contact
Questions about this integration:
developers@klovex.xyz.
Privacy: privacy@klovex.xyz.
Security disclosures: security@klovex.xyz.