social-media · Jun 8, 2026 · 6 min read

TikTok Unofficial API: Hashtag and Video Data 2026

A TikTok unofficial API approach for hashtag and video data without developer access — how the web XHR surface, residential proxies, and cookie warm-up work.

If you wanted a programmatic feed of TikTok hashtag and video data, the official options run out almost immediately. The TikTok Research API is gated to verified academic and non-profit researchers, mostly in the US and EU, behind an application process — not something a product team or analyst can simply turn on. The Content Posting API exists, but it is for publishing to your own account, not reading public content. The Display API only covers a user’s own authorized media. There is no general-purpose “read public TikToks at scale” API. This guide covers the TikTok unofficial API approach: reading the same public web surface the tiktok.com client uses, and the proxy and session reality that makes it work.

Why there is no usable official API

TikTok’s official surfaces are deliberately narrow. The Research API answers a regulatory and academic need, so it is access-controlled, region-limited, and rate-managed by approval — useful if you qualify, irrelevant for commercial work. The Content Posting and Display APIs are OAuth-scoped to accounts that have authorized your app. None of them let you query a hashtag, pull a creator’s recent videos, or read an arbitrary public video’s stats. The public data is right there in the app, but the documented APIs do not expose it for third-party reading. That is the gap a TikTok unofficial API fills.

What data is actually available

From the public web surface you can reach:

Hashtag (challenge) feeds — the list of public videos under a hashtag, paginated.
Video detail — caption, video and cover URLs, play / like / comment / share / save counts, duration, the music/sound object, and the author summary.
User profiles — username, nickname, bio, follower / following / heart counts, verified flag, signature link, avatar.
A user’s recent videos — the public grid for a creator, paginated.
Sound/music pages — videos using a given audio track.

Some surfaces fight back harder than others. Open keyword search and certain feeds are more aggressively defended and can demand a verified session; TikTok Shop is effectively captcha-walled. Be realistic: hashtag, video detail, profile, and user-video feeds are the dependable core.

How the web XHR surface works

The tiktok.com web app renders most data client-side by calling internal JSON XHR endpoints under the /api/ path — the same calls your browser’s network tab shows when you scroll a hashtag page. Hitting them directly is the whole game, and the catch is that each call must carry the signature parameters TikTok’s client computes.

The key pieces:

Signed query params — requests include anti-bot signature parameters that the client generates in-browser. A raw fetch without them gets an empty or blocked response. The robust pattern is to let a real browser context generate the signature (or replicate the signing) rather than guessing static values.
msToken and device cookies — the surface expects a warmed-up cookie jar, including an msToken the client mints. This is why cookie warm-up matters: load a normal page first, let the client set its cookies, then make the data calls within that same context.
Initial hydration JSON — like other modern apps, the first page response also embeds a hydration blob (a universal data script) holding the first batch of items. Parsing that gives you page one without an XHR at all.

So the practical recipe is: warm a browser context to collect cookies, read the embedded hydration JSON for the first page, then page forward through the signed /api/ XHR endpoints using the same context’s cookies and signatures.

Pagination and cursors

The internal feeds paginate with a cursor and a hasMore flag. You take the cursor from the previous response and pass it on the next call; when hasMore is false (or the items array is empty), you have exhausted the reachable window. Two realities:

Logged-out feeds expose a bounded window, not the full historical archive of a hashtag.
The same video can surface in overlapping pages; dedupe by video ID.

Residential proxies and rate limits

This is where most homegrown TikTok scrapers die. TikTok’s defenses key heavily on IP reputation and request fingerprint:

Use residential proxies. Datacenter IPs get throttled or fed empty responses quickly. Residential IPs survive far longer for sustained pulls.
Warm up the session before pulling data, and reuse that warmed context rather than firing cold requests.
Pace and jitter every call; bursts trip the anti-bot layer.
Re-warm on empty responses. A sudden run of empty itemList payloads usually means the session or signature went stale — rotate the IP, re-warm cookies, re-sign.

Plan your throughput around these constraints from the start; they are the cost of operating without developer access.

A clean output schema

Normalize each video into one flat row:

{
  "id": "7400000000000000000",
  "type": "video",
  "url": "https://www.tiktok.com/@examplecreator/video/7400000000000000000",
  "author_username": "examplecreator",
  "author_id": "6700000000000000000",
  "caption": "tutorial in 30 seconds #howto",
  "hashtags": ["howto", "tutorial"],
  "play_count": 1840221,
  "like_count": 220140,
  "comment_count": 3120,
  "share_count": 9810,
  "save_count": 14002,
  "duration_sec": 31,
  "video_url": "https://v16-webapp.tiktok.com/abc.mp4",
  "cover_url": "https://p16-sign.tiktokcdn.com/abc.jpg",
  "music_title": "original sound - examplecreator",
  "music_id": "7000000000000000000",
  "created_at": "2026-06-05T11:00:00Z",
  "scraped_at": "2026-06-08T09:25:00Z"
}

Keep id and author_id as join keys; usernames and CDN URLs change.

▶ Try the TikTok Hashtag Video Scraper on Apify — pulls hashtag feeds, video detail, and creator videos with the proxy and session handling built in. No developer access required.

Use cases

Trend monitoring — track which videos are climbing under a campaign or niche hashtag.
Creator discovery and vetting — pull a creator’s recent videos and engagement before outreach.
Sound tracking — find videos riding a specific audio track for music or brand campaigns.
Dataset building — collect public videos under a set of hashtags for analysis.

The dependable use cases start from a known hashtag, video ID, creator, or sound — not open keyword search, which is the most defended surface.

Build it yourself vs. a managed actor

You can build this, but the moving parts are unforgiving: signature generation that breaks when TikTok updates its client, msToken/cookie warm-up, residential proxy management, and re-warm logic when sessions go stale. Each piece fails independently and silently — usually as empty responses rather than clean errors, which makes debugging miserable. A managed actor bundles the warm-up, signing, proxying, and retry logic so you get hashtag and video data instead of an anti-bot research project.

Common pitfalls

Cold requests with no warm-up — return empty itemList.
Datacenter IPs — throttled fast; use residential.
Stale signatures — re-sign and re-warm on empty runs.
Expecting the full hashtag archive — the window is bounded.
Treating empty responses as “no data” — they usually mean “blocked,” not “nothing there.”

Wrapping up

With the Research API gated and the posting APIs write-only, the TikTok unofficial API route — the public web XHR surface plus residential proxies and cookie warm-up — is the realistic way to pull hashtag and video data without developer access. Warm the session, read the hydration JSON, page through the signed endpoints, and rotate residential IPs. Build around known hashtags, creators, and sounds, and let a managed layer carry the anti-bot weight.

▶ Open the TikTok Hashtag Video Scraper on Apify — hashtag, video, creator, and sound data, paid per result. Skip the Research API application.