Skip to main content
RapidDev - Software Development Agency
flutterflow-integrationsFlutterFlow API Call

TikTok Ads

Connect FlutterFlow to TikTok Ads by routing TikTok Marketing API calls through a Firebase Cloud Function or Supabase Edge Function that holds your OAuth access token server-side. Your FlutterFlow API Group calls the proxy, which queries the TikTok Reporting API and returns campaign metrics you bind to a dashboard ListView. The token never touches the Flutter client bundle.

What you'll learn

  • Why the TikTok OAuth access token must live in a backend proxy rather than FlutterFlow
  • How to deploy a Firebase Cloud Function that relays TikTok Reporting API queries
  • How to create a FlutterFlow API Group pointing at your proxy with no secrets in the headers
  • How to parse the TikTok list response into a FlutterFlow Data Type and bind it to a ListView dashboard
  • How to add Firestore caching to protect against TikTok's advertiser-level rate limits
Book a free consultation
4.9Clutch rating
600+Happy partners
17+Countries served
190+Team members
Advanced17 min read2 to 3 hoursMarketingLast updated July 2026RapidDev Engineering Team
TL;DR

Connect FlutterFlow to TikTok Ads by routing TikTok Marketing API calls through a Firebase Cloud Function or Supabase Edge Function that holds your OAuth access token server-side. Your FlutterFlow API Group calls the proxy, which queries the TikTok Reporting API and returns campaign metrics you bind to a dashboard ListView. The token never touches the Flutter client bundle.

Quick facts about this guide
FactValue
ToolTikTok Ads
CategoryMarketing
MethodFlutterFlow API Call
DifficultyAdvanced
Time required2 to 3 hours
Last updatedJuly 2026

Build a TikTok Ads Reporting Dashboard in FlutterFlow

The TikTok Marketing API lets you pull campaign, ad-group, and ad-level performance data — impressions, clicks, spend, conversions, CPM, CTR — into any application. For a FlutterFlow founder this means building a branded in-app dashboard where clients or your own team see live TikTok campaign metrics without logging into Ads Manager. The Marketing API itself is free; you only pay for actual ad spend billed by TikTok.

The critical FlutterFlow challenge is authentication. TikTok uses OAuth 2.0 long-lived access tokens issued via a developer app registered at https://business-api.tiktok.com. These tokens are secrets: if one leaks, anyone can read your entire ad account's performance data and spend history. FlutterFlow compiles to a Flutter client — iOS, Android, or web — and any value placed in an API Call header gets embedded in the binary shipped to users' devices. That binary can be inspected with standard tooling. So the access token cannot touch FlutterFlow at all. Instead, you deploy a thin serverless function (Firebase Cloud Function or Supabase Edge Function) that stores the token in server environment variables and acts as a relay. FlutterFlow sends the advertiser ID and date range to your proxy; the proxy injects the token and calls TikTok.

The Reporting API returns a `list` array where each element represents one dimension-date combination. You will map this into a FlutterFlow custom Data Type (campaign name, spend, impressions, clicks) and bind it to a ListView or chart. Because TikTok's rate limits are shared across every concurrent app session, cache the last successful response in Firestore or Supabase and refresh on a schedule — not on every screen open.

Integration method

FlutterFlow API Call

FlutterFlow compiles to a Flutter client, so any OAuth token placed in an API Call header ships inside the app binary. The TikTok Marketing API access token is a secret — it must live in a Firebase Cloud Function or Supabase Edge Function proxy. FlutterFlow calls your proxy URL; the proxy injects the token and forwards reporting queries to https://business-api.tiktok.com/open_api. Campaign metrics flow back through the proxy, get parsed by FlutterFlow's JSON Path engine, and bind to your dashboard widgets.

Prerequisites

  • A TikTok for Business account with at least one active Ads Manager advertiser account
  • A TikTok developer app created at https://business-api.tiktok.com with Marketing API reporting scopes approved
  • A long-lived OAuth access token generated from your developer app — store it securely, never paste it into FlutterFlow
  • A Firebase project with Cloud Functions on Blaze plan or a Supabase project with Edge Functions enabled
  • A FlutterFlow project with an authenticated user flow already working

Step-by-step guide

1

Create your TikTok developer app and obtain an access token

Open https://business-api.tiktok.com and navigate to My Apps. Click Create App, enter your app name and description, and under Scopes select the reporting permissions you need — at minimum: ads:read, campaign:read, ad_group:read, ad:read. Submit for review; basic reporting access is typically approved quickly for self-serve accounts. Once approved, go to your app's detail page and locate the Auth section. Complete the OAuth authorization flow for your advertiser account to generate a long-lived access token. TikTok Marketing API access tokens can remain valid for extended periods when issued via the server-to-server OAuth flow, but you should plan for expiry and build a refresh mechanism using the refresh token. Copy the access token and your advertiser_id — you need both in the next step. Do not save either value in a spreadsheet, a Notion doc, or anywhere that might sync to a client-accessible location. They go directly into your backend environment variables only. If you manage multiple advertiser accounts you can use the same developer app but will need a separate token per account or the MCC-style app token flow.

Pro tip: Make a note of your developer app's app_id as well — some TikTok Reporting API endpoint parameters require it alongside the advertiser_id.

Expected result: You have a TikTok developer app with reporting scopes approved, a long-lived access token, and your advertiser_id ready for the proxy configuration.

2

Deploy a Firebase Cloud Function proxy for the TikTok Reporting API

In the Firebase Console, open your project and click Functions in the left sidebar. You will write a small HTTP function that receives the date range and advertiser ID from FlutterFlow, reads the access token from environment variables, and forwards the request to the TikTok Reporting API. Create the function as shown in the code block below. The function must return CORS headers (Access-Control-Allow-Origin: *) because FlutterFlow web builds run in a browser and the browser will block cross-origin responses without these headers. Native iOS and Android builds do not enforce CORS, but including the headers ensures your web build also works. Deploy the function from your local development environment using the Firebase CLI — this is the one CLI operation in this entire tutorial and it runs on your computer, not inside FlutterFlow. After deployment, the Firebase Console shows you the HTTPS trigger URL (something like https://us-central1-YOUR_PROJECT.cloudfunctions.net/tiktokReporting). Copy that URL — you will paste it into FlutterFlow as the API Group Base URL. Set your access token as an environment variable using `firebase functions:config:set` or the newer Secret Manager integration so it never appears in your source code. Alternatively, use a Supabase Edge Function with identical logic — the fetch call and CORS headers are the same; only the deployment method differs.

index.js
1// functions/index.js (Firebase Cloud Functions — Node.js)
2const functions = require('firebase-functions');
3const fetch = require('node-fetch'); // add to functions/package.json
4
5exports.tiktokReporting = functions.https.onRequest(async (req, res) => {
6 res.set('Access-Control-Allow-Origin', '*');
7 res.set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
8 res.set('Access-Control-Allow-Headers', 'Content-Type');
9 if (req.method === 'OPTIONS') { res.status(204).send(''); return; }
10
11 const ACCESS_TOKEN = process.env.TIKTOK_ACCESS_TOKEN;
12 const { advertiser_id, start_date, end_date } = req.body;
13
14 if (!advertiser_id || !start_date || !end_date) {
15 res.status(400).json({ error: 'Missing required fields' });
16 return;
17 }
18
19 const params = new URLSearchParams({
20 advertiser_id,
21 report_type: 'BASIC',
22 dimensions: JSON.stringify(['campaign_id', 'stat_time_day']),
23 metrics: JSON.stringify(['campaign_name', 'spend', 'impressions', 'clicks', 'ctr', 'cpm']),
24 start_date,
25 end_date,
26 page_size: '100'
27 });
28
29 const tikTokRes = await fetch(
30 `https://business-api.tiktok.com/open_api/v1.3/report/integrated/get/?${params}`,
31 { headers: { 'Access-Token': ACCESS_TOKEN } }
32 );
33 const data = await tikTokRes.json();
34 res.json(data);
35});
36

Pro tip: Set the environment variable with: firebase functions:secrets:set TIKTOK_ACCESS_TOKEN (uses Secret Manager) or firebase functions:config:set tiktok.token=VALUE for the older config API.

Expected result: The Cloud Function is deployed and returns TikTok campaign JSON when called with POST body containing advertiser_id, start_date, and end_date.

3

Create a FlutterFlow API Group pointing at your proxy

In FlutterFlow, click API Calls in the left navigation panel, then click + Add and choose Create API Group. Name it TikTokReporting and paste your Firebase Cloud Function HTTPS trigger URL as the Base URL — for example: https://us-central1-your-project.cloudfunctions.net/tiktokReporting. Leave the Headers section of the group empty: the secret token lives on the server and does not travel through FlutterFlow at all. Now click + Add inside the group to create an individual API Call. Name it getCampaignMetrics, set the HTTP method to POST, and leave the endpoint path blank (the Base URL is the complete endpoint). Switch to the Body tab and select JSON as the body format. Add three body variables: advertiser_id (type String), start_date (type String, format YYYY-MM-DD), and end_date (type String). Your body template becomes: { "advertiser_id": "{{advertiser_id}}", "start_date": "{{start_date}}", "end_date": "{{end_date}}" }. Open the Response & Test tab, fill in real values from your TikTok account, and click Test. A successful response shows a JSON object with a data.list array. Click Generate from Response to have FlutterFlow automatically create JSON Path expressions for every field in the response. You will reference these paths when binding widgets to the data. If the test returns an error, check that the Cloud Function is deployed successfully and that the environment variable is set.

api_call_body.json
1{
2 "advertiser_id": "{{advertiser_id}}",
3 "start_date": "{{start_date}}",
4 "end_date": "{{end_date}}"
5}

Pro tip: Test with real dates that have ad spend — a date range with no active campaigns returns an empty list, which can look like a broken integration.

Expected result: The getCampaignMetrics API Call shows a successful 200 response with a populated data.list array in the FlutterFlow Response & Test panel.

4

Create a Data Type and build the dashboard screen

In FlutterFlow, navigate to Data Types in the left panel and create a new custom Data Type called CampaignMetric. Add these fields: campaignId (String), campaignName (String), spend (Double), impressions (Integer), clicks (Integer), ctr (Double), cpm (Double), statDate (String). Return to your API Call configuration, go to Response & Test, and use the JSON Path section to map each path to the corresponding field in CampaignMetric: $.data.list[*].dimensions.campaign_id maps to campaignId, $.data.list[*].metrics.spend maps to spend, and so on. The nested structure — dimensions object and metrics object per list item — is TikTok's response shape, so make sure your paths reference the correct sub-object. Now create a new screen for your dashboard. Add a ListView widget and set its source to Backend Query → getCampaignMetrics. In the parameter binding panel, connect advertiser_id to your app's current user's advertiser ID (stored in your Supabase or Firestore user record), and set start_date and end_date from App State variables representing the selected date range. Inside the ListView, add a Container with two Text widgets: one bound to item.campaignName and one formatted as 'Spend: $' + item.spend (use FlutterFlow's number formatting options to show two decimal places). Optionally add a Chart widget above the list bound to the spend series grouped by statDate.

Pro tip: Use FlutterFlow's conditional visibility to show a loading indicator while the backend query is in progress and an empty state widget when the list returns zero items.

Expected result: The dashboard screen renders a live list of TikTok campaigns with spend and performance metrics pulled from the proxy.

5

Add Firestore caching to avoid rate limit exhaustion

TikTok's Marketing API enforces rate limits per developer app and per advertiser account. When multiple app users open the dashboard at the same time, each session triggers a separate upstream request through your proxy, and together they can exhaust the shared quota — producing 429 errors for everyone. The solution is a caching layer inside your Cloud Function: before calling TikTok, check a Firestore document for a cached response. If the document is less than 30 minutes old, return it immediately. If it is stale or missing, fetch fresh data from TikTok, write it to Firestore, and return it. The Firestore document key can be a combination of advertiser_id and date range so each unique query has its own cache entry. Update your Cloud Function to include this caching logic as shown in the code block below. In FlutterFlow, add a forceRefresh Boolean body variable to the getCampaignMetrics API Call and pass true from your pull-to-refresh action so users can explicitly bypass the cache when they need the very latest numbers. Add a small 'Updated {timestamp}' text on the dashboard screen to set expectations that data refreshes on a schedule rather than in real time. If you want help architecting the caching layer or multi-account proxy setup, RapidDev's team builds FlutterFlow integrations like this every week — free scoping call at rapidevelopers.com/contact.

index.js
1// Add caching logic inside tiktokReporting function
2const admin = require('firebase-admin');
3if (!admin.apps.length) admin.initializeApp();
4const db = admin.firestore();
5
6const { advertiser_id, start_date, end_date, force_refresh } = req.body;
7const cacheKey = `${advertiser_id}_${start_date}_${end_date}`;
8const cacheRef = db.collection('tiktok_cache').doc(cacheKey);
9const cached = await cacheRef.get();
10
11if (cached.exists && !force_refresh) {
12 const { payload, lastUpdated } = cached.data();
13 const ageMs = Date.now() - lastUpdated;
14 if (ageMs < 30 * 60 * 1000) {
15 res.json({ ...payload, cached: true, lastUpdated });
16 return;
17 }
18}
19
20// ... TikTok fetch code ...
21// After receiving data from TikTok:
22await cacheRef.set({ payload: tikTokData, lastUpdated: Date.now() });
23res.json({ ...tikTokData, cached: false });
24

Pro tip: Schedule a Firebase Cloud Scheduler job to pre-warm the cache every 25 minutes for your most active advertiser accounts so app opens always hit a fresh cache rather than waiting for a live fetch.

Expected result: Concurrent app sessions return cached data instantly and the upstream TikTok API call only fires when the cache is stale or a force-refresh is requested.

6

(Optional) Fire in-app conversion events via the TikTok Events API

If you want TikTok to count in-app conversions for ad attribution, you need to send Purchase or SignUp events back to TikTok via the Events API. This is separate from the Reporting API and handles the reverse data flow — app to TikTok. Create a second endpoint in your Cloud Function (or a separate function) that accepts an event type, revenue amount, currency, and order ID from FlutterFlow and forwards them to https://business-api.tiktok.com/open_api/v1.3/pixel/track/ with your access token. Wire this proxy call to a FlutterFlow Action Flow on your checkout or sign-up success state: add a Backend/API Call action immediately after the completion trigger, passing the event details as the body. If you prefer the native SDK approach for richer attribution signals, you can create a Custom Action wrapping a TikTok events package from pub.dev. Important: Custom Actions do not run in FlutterFlow's web Test Mode — test them on a real device or an APK build only. Add a kIsWeb guard in the Dart code so the SDK initializer is skipped on web and falls back to the proxy-based approach. On iOS 14.5+, the user must have granted App Tracking Transparency (ATT) consent before conversion events are attributed to specific ad campaigns.

track_tiktok_purchase.dart
1// Optional Dart guard for native SDK Custom Action
2import 'package:flutter/foundation.dart' show kIsWeb;
3
4Future<void> trackTikTokPurchase(
5 String orderId,
6 double revenue,
7 String currency,
8) async {
9 if (kIsWeb) {
10 // On web: use the proxy API Call instead of the SDK
11 return;
12 }
13 // Initialize and call TikTok SDK via pub.dev package
14 // Check pub.dev for current TikTok Flutter package name and API
15 // Example structure (package name varies):
16 // await TikTokBusiness.trackEvent('CompletePayment',
17 // properties: {'value': revenue, 'currency': currency});
18}
19

Pro tip: Use TikTok's Events Testing tool in Ads Manager to verify that your proxy is sending conversion events correctly before launching a live campaign.

Expected result: Purchase or sign-up events appear in the TikTok Ads Manager Events Testing panel within a few minutes of triggering the action in the app.

Common use cases

Agency client portal showing live TikTok campaign metrics

A marketing agency builds a FlutterFlow mobile app where each client logs in and sees their own TikTok campaign performance — spend, CPM, CTR, conversions — refreshed on a 30-minute schedule. The proxy holds the agency's master access token and filters results by the client's advertiser ID stored in the app's auth context.

FlutterFlow Prompt

Build a screen showing a list of TikTok campaigns with spend and impressions for the last 7 days, fetched from a Firebase proxy, with pull-to-refresh.

Copy this prompt to try it in FlutterFlow

E-commerce founder monitoring TikTok ROAS alongside order data

A Shopify store owner builds a FlutterFlow dashboard that shows TikTok ad spend next to order revenue from their own backend, giving them a ROAS view on mobile without switching tools. Both datasets load from the same dashboard screen using parallel API Calls.

FlutterFlow Prompt

Create a home screen with two KPI cards: TikTok daily spend from a proxy API and total orders from Supabase, with a bar chart comparing the last 14 days.

Copy this prompt to try it in FlutterFlow

In-app purchase conversion tracking for TikTok attribution

A mobile commerce app sends a TikTok Events API call when users complete purchases, allowing TikTok's attribution system to count conversions and optimize ad delivery toward high-value users. The event is routed through a proxy endpoint that holds the access token safely.

FlutterFlow Prompt

Add a Custom Action that sends a Purchase event to the TikTok Events API after a successful checkout, including the order value and currency.

Copy this prompt to try it in FlutterFlow

Troubleshooting

'XMLHttpRequest error' or CORS blocked when testing the API Call in a FlutterFlow web build

Cause: The browser enforces CORS and blocks responses from your Cloud Function URL if the function is not returning Access-Control-Allow-Origin headers, or if the FlutterFlow API Group Base URL is pointing to the TikTok API directly instead of your proxy.

Solution: Confirm your FlutterFlow API Group Base URL points to your Firebase Cloud Function URL (not business-api.tiktok.com). Verify the function sets 'Access-Control-Allow-Origin: *' in every response and returns a 204 with the same headers for OPTIONS preflight requests. Native iOS/Android builds are unaffected by CORS but will still fail if the URL is wrong.

TikTok API returns code 40001 or HTTP 401 Unauthorized

Cause: The access token is missing, expired, or not being passed correctly by the proxy. This can also occur if the developer app's scopes do not include the required reporting permissions.

Solution: Open the Firebase Console, go to Functions, and check that the TIKTOK_ACCESS_TOKEN environment variable is set and matches the token generated in the developer portal. In the TikTok API Portal, verify your app has ads:read and campaign:read scopes approved. If the token has expired, generate a new one from the developer app's Auth section and update the environment variable, then redeploy the function.

Dashboard ListView is empty even though the proxy returns HTTP 200

Cause: The JSON Path expressions generated by FlutterFlow do not match the actual TikTok response structure. TikTok's Reporting API nests metrics and dimensions in separate sub-objects inside each list item, which can trip up auto-generated paths.

Solution: In the FlutterFlow API Call Response & Test tab, paste a fresh live response from your proxy and click Generate from Response again. Ensure paths use the correct nested structure: $.data.list[*].metrics.spend for spend, $.data.list[*].dimensions.campaign_id for the campaign ID. Check that the Data Type field types match — spend is a Double, impressions is an Integer.

The proxy starts returning 429 errors after a few hours of usage

Cause: TikTok's rate limits are shared per developer app and per advertiser account. Multiple concurrent app sessions each triggering uncached requests burn the quota quickly.

Solution: Implement the Firestore caching layer described in Step 5. Set the cache TTL to at least 15 to 30 minutes so concurrent sessions share a single upstream TikTok API call. Also reduce the number of dimensions and metrics you request — each unique combination creates a separate quota entry. Consider batching date ranges into weekly windows rather than daily granularity.

Best practices

  • Never put the TikTok OAuth access token in a FlutterFlow API Call header — it will be compiled into the app binary and can be extracted by anyone who installs the app.
  • Store the access token in Firebase environment configuration, Secret Manager, or Supabase Edge Function secrets — not in a Firestore document or database row that the client app can query.
  • Cache Reporting API responses for at least 15 to 30 minutes to avoid exhausting the shared per-advertiser rate limit across concurrent user sessions.
  • Display a 'Last updated' timestamp on the dashboard so users understand that data refreshes on a schedule rather than in real time.
  • Expose a force_refresh parameter so a pull-to-refresh gesture can bypass the cache when users explicitly need the latest numbers.
  • Request only the dimensions and metrics your dashboard actually displays — unnecessary fields increase response size and consume rate limit quota.
  • On iOS, implement App Tracking Transparency consent before firing conversion events — events recorded without ATT consent cannot be attributed to specific ad campaigns.
  • Test your Cloud Function proxy with a REST client independently before wiring it to FlutterFlow, so you can isolate authentication and formatting issues without the FlutterFlow test panel in the way.

Alternatives

Frequently asked questions

Can I run TikTok ads directly from my FlutterFlow app?

The TikTok Marketing API supports campaign management operations like updating budgets and statuses, but building a full ad-creation interface in FlutterFlow is a significant project beyond reporting. Most FlutterFlow founders use this integration to display performance data rather than to create or manage campaigns from within the app.

Does the TikTok access token expire and do I need to handle refresh?

TikTok Marketing API access tokens have lifespans that vary by auth flow. Treat every token as potentially expiring and store the refresh token alongside the access token in your Cloud Function. Build a refresh call in the proxy that triggers when TikTok returns a 40001 error, so your dashboard keeps working without manual token rotation. Check TikTok's current developer documentation for the exact token lifetime for your app type.

Will TikTok Events API work in a FlutterFlow web build?

The proxy-based Events API approach — where your Cloud Function forwards the event to TikTok — works on all platforms including web. The native SDK via a Custom Action is mobile-only and requires a kIsWeb guard to skip SDK initialization on web. For production web builds, always route conversion events through the proxy endpoint rather than a Custom Action.

How do I support multiple TikTok advertiser accounts in one app?

Store each account's advertiser_id in your database linked to the authenticated user or client record. Pass the appropriate advertiser_id to the proxy on each API call — the proxy uses the same shared access token but passes different advertiser_id values to TikTok. Use the advertiser_id as the Firestore document key for caching so each account's data is stored and retrieved independently.

The test panel shows success but the app on my phone shows an empty list — why?

The FlutterFlow test panel validates JSON Paths against the sample response you pasted manually, not against a live response. Differences in field names, nesting depth, or data types between your sample and the real API response cause empty lists on device. Open the app in debug mode on a real device, check the console for API errors, and re-test the API Call with a freshly fetched live response to regenerate accurate JSON Paths.

RapidDev

Talk to an Expert

Our team has built 600+ apps. Get personalized help with your project.

Book a free consultation

Integrations are where projects stall

We wire FlutterFlow integrations like this one every week — auth, webhooks, edge cases included. Fixed-price builds from $13K, delivered in 6–10 weeks.

Talk to an integration engineer

We put the rapid in RapidDev

Need a dedicated strategic tech and growth partner? Discover what RapidDev can do for your business! Book a call with our team to schedule a free, no-obligation consultation. We'll discuss your project and provide a custom quote at no cost.