Skip to content
Handbid Developers

*flawless* APIs. *built* FOR YOU.

The same V3 REST API that powers the new Handbid iOS app — now open to the teams building on top of us.
Quickstart API Reference

Handbid powers exclusive auctions and elevated experiences for high-expectation teams. The V3 REST API is how those teams — and their engineering partners — extend the platform into custom apps, kiosks, registration tools, and back-office workflows.

This is the same API the new Handbid iOS app runs on. Everything you’d build is something we use ourselves every day.

Quickstart Authenticate, find an auction, surface live notifications — in under ten minutes.
API Reference Every V3 endpoint. Request / response shapes, error envelopes, rate limits.
Authentication OAuth2 bearer tokens issued via the SMS-PIN flow.
Realtime Socket.IO event streams for bids, items, and auction status.

What’s in V3

Section titled “What’s in V3”

The V3 surface focuses on three concerns:

  • Discovery. Public-feed listings, auction detail, item detail, item bid history. No auth required for browsing.
  • Bidder experience. The personal home screen — my auctions, invited auctions, active bids, my cart, favorites, notifications. All bearer-token authenticated.
  • Item interaction. Placing bids, setting an auto-bid maximum, removing it. Adding and removing favorites.

Manager-side surfaces stay on V1 today. They’ll move to V3 over time, on the schedule that makes sense for the products that consume them.

Design principles

Section titled “Design principles”

The API is small and opinionated.

  • One shape per resource. Auction cards look the same whether they arrive from the public feed or your registered list. Item details look the same whether you reached them by deep link or by browsing.
  • Counts where you need them. Bell badges, cart totals, unread counts — the response includes the count alongside the page, so you can render a badge without making a second request.
  • No surprises in errors. Every non-2xx response uses the same envelope: { error, message, retryAfter? }. The status code carries the meaning; the body explains it in human terms.
  • Anti-abuse is built in. Per-endpoint rate limits, captcha gates on the registration path, and IP-keying for anonymous traffic. We’ve been the target of SMS-cost attacks before — the defenses are there so you don’t have to think about them.

How this site is organized

Section titled “How this site is organized”
  • Guides — concepts, conventions, and how things fit together. Start here if you’re integrating for the first time.
  • API Reference — generated from the same OpenAPI spec the Handbid iOS app builds against. Try requests, copy code samples, see every parameter.

Need a hand?

Section titled “Need a hand?”

Don’t see what you need? Tell us. The roadmap responds to the people building on top of us.