How to set up TikTok Events API server-side tracking

Admaxxer is a marketing analytics and attribution platform for DTC brands and SaaS companies. This guide walks through setting up the TikTok Events API — the server-to-server way to send purchase and conversion events to TikTok — so your TikTok ad optimization keeps working when the browser-side TikTok Pixel loses signal to ad-blockers, Safari's tracking prevention, and link-tracking changes on iOS.

TikTok runs the same two-leg pattern Meta does: a browser-side TikTok Pixel and a server-side Events API. The decision is not "which one" — it's whether you have both wired, sending strong identifiers, with a shared event ID so they don't double-count. This guide uses an ecommerce CompletePayment event; SaaS mapping is noted below.

Why server-side TikTok tracking matters

The TikTok Pixel runs in the browser and shares every browser-side weakness: ad-blockers drop the request, Safari truncates the first-party cookie it relies on, link-tracking protection can strip the TikTok click identifier from shared links, and a slow confirmation page can unload before the pixel fires. The Events API fires from your server, immune to all of those.

If you run TikTok ads and only have the Pixel, you are almost certainly under-reporting conversions to TikTok's optimizer — which starves Smart Performance Campaigns of the signal they need. For the broader rationale, see server-side tracking explained; for why platform-reported and pixel-reported numbers diverge, see platform vs pixel conversions.

Prerequisites

• A TikTok Pixel already created in TikTok Events Manager and firing in the browser.
• An Events API access token. The Events API authenticates with an access token tied to your specific Pixel / event source, issued from the TikTok Business Center. See the TikTok Events API documentation for the current token-generation steps.
• Your Pixel code (event source ID).
• Access to the customer data you'll hash and send.

Step-by-step: connect the TikTok Events API

Step 1: Generate the Events API access token

In TikTok Events Manager, open your Pixel, go to its settings, and generate an Events API access token. This token is separate from the OAuth credential used to manage campaigns — it specifically authorizes posting events to that Pixel. Store it server-side, never in the browser.

If you connect TikTok through Admaxxer, the TikTok Ads integration walks you through pasting this token and keeps it server-side.

Step 2: Choose your events

TikTok's standard ecommerce events, per the TikTok Events API documentation, include ViewContent, AddToCart, InitiateCheckout, AddPaymentInfo, PlaceAnOrder, and CompletePayment. For a DTC store, CompletePayment at order completion is your money event; send it with value and currency.

SaaS difference: there's no purchase. Use CompleteRegistration for sign-up and Subscribe for a paid conversion, and send the contract or first-payment value. You can use custom event names for granular milestones (trial-to-paid, expansion), but only TikTok's standard events feed the Smart Performance Campaign optimizer — keep your core conversion on a standard name.

Step 3: Send strong identifiers

The Events API matches your event to a TikTok user using a customer-information payload. Per TikTok's documentation, it accepts hashed email, hashed phone, a stable external ID, the TikTok click identifier (ttclid), and the customer's IP address and user agent (TikTok wraps the IP and user agent in a context object).

Note that TikTok and Meta hash the same identifiers but name the JSON keys differently — TikTok uses email, phone, external_id, ttclid, ip, user_agent, whereas Meta uses em, ph, fbc, and so on. If you copy a Meta sender wholesale and re-point it at TikTok, the field names won't validate. The semantics transfer; the keys do not.

Always include:

• Hashed email — lowercase and trim, then SHA-256.
• Hashed phone — E.164-normalize, then SHA-256.
• A stable external ID — hashed; ties events across sessions.
• The TikTok click identifier (ttclid) when present — your strongest click-attribution signal, read from the landing URL.
• The real customer IP and user agent — from the shopper's original request, not your server's.

Step 4: Deduplicate with a shared event ID

As with Meta, you're now sending CompletePayment from both the Pixel and your server. TikTok deduplicates on event_id — generate one deterministic ID per order (order ID plus event name is a reliable pattern) and send the identical event_id on both legs. Without it, TikTok double-counts.

Step 5: Validate in Events Manager diagnostics

TikTok Events Manager has a Diagnostics tab that shows incoming events, which identifiers were received, an Event Match Quality indicator, and whether browser and server events are deduplicating. Fire a real test order and confirm:

1. The server CompletePayment event arrives.
2. Your identifiers show as received (bad hashing is silently dropped).
3. The Pixel and server events deduplicate rather than double-count.

Only then compare TikTok-reported conversions against your true order count. They'll converge, not match exactly.

How to measure the gap server-side tracking closes

Before and after you wire the Events API, you can quantify what the server leg recovers — on your own data, without any fabricated benchmark.

1. Anchor on your true order count. Pull your completed orders for the last 30 days from your commerce platform, filtered to TikTok-attributed orders (by your campaign UTMs or by the presence of the TikTok click identifier in the landing session). This is your truth set.
2. Read the Pixel-only count. In TikTok Events Manager, count CompletePayment events for the same window. The gap between this and your truth set is what browser-side tracking is losing to ad-blockers, link-tracking protection, cookie truncation, and slow pages.
3. Turn on the Events API and re-measure after two weeks. With both legs running and deduplicated on event_id, the deduplicated total should move toward your truth set. The amount the gap closes is your recovered conversion volume — a real number specific to your store, not an industry estimate.

If you want a per-cause breakdown, segment the remaining gap by browser (ad-blocker share), iOS version (link-tracking share), and page-load time (slow-page-drop share). The point is methodology you can run yourself, not a promised percentage.

Common mistakes

• Re-using a Meta payload shape. TikTok's field names and the context wrapper differ; a copied Meta sender will fail validation. Map em→email, ph→phone, and move the IP and user agent into TikTok's context object before you send.
• Leaking the server IP. Pass the shopper's original IP and user agent, not your server's.
• No shared event_id. Guarantees double-counting between Pixel and server.
• Putting your money event on a custom name. Custom events don't feed Smart Performance Campaign training — keep the core conversion on a standard event.
• Skipping the SaaS mapping. Send Subscribe/CompleteRegistration with real values, not a zero-value purchase.

How Admaxxer does this for you

Admaxxer ships TikTok Events API delivery as part of its server-side tracking, with the high-value identifiers pre-wired in TikTok's payload shape, the real customer IP and user agent passed through, and the event_id deduplication handled automatically. Connect TikTok once on the TikTok Ads integration page and events flow server-side from then on. See pricing for what's included or the documentation for the full walkthrough.

FAQs

Is the TikTok Pixel deprecated now that there's an Events API? No. TikTok recommends running both — the Pixel browser-side for mid-funnel coverage and the Events API server-side for resilient conversion delivery — with a shared event_id. The pattern is redundancy, not replacement.

Do I need a separate token for the Events API? Yes. The Events API uses an access token issued for your specific Pixel from the TikTok Business Center; it's separate from the OAuth used to manage campaigns. See TikTok's Events API documentation for the steps.

What hashing does TikTok expect? SHA-256 hex, the same as Meta. Email lowercased and trimmed before hashing; phone E.164-normalized before hashing. Unhashed PII is rejected; bad hashing is silently dropped.

What is ttclid? TikTok's click identifier, appended to the landing URL when a user clicks a TikTok ad. The Pixel reads it and stores it; for the Events API you pass it from your stored landing-session record. It's TikTok's strongest click-attribution signal — but send events even when it's absent, because server-side identity (email, phone) still lets TikTok attribute view-through conversions.

How is this different for a SaaS product? Map your funnel to CompleteRegistration and Subscribe instead of CompletePayment, and send the contract or first-payment value so the optimizer learns from revenue, not raw sign-ups.