ROSTRUM

Add live auctions to anything.

Run live bidding inside your product without building the backend. Rostrum handles bid sequencing, anti-snipe timers, and webhook delivery. You bring the idea.

What builders use it for

Events & fundraisers

Charity and fundraising auctions

Timed donation auctions with live bidding. Anti-snipe prevents the last-second bid from cheating other donors. Works with any currency. Your fundraiser runs itself.

Communities & Discord

Server perks, VIP slots, rare items

Your Discord has 40,000 members competing for 5 VIP spots each week. Members bid with slash commands, the timer extends on late bids, and the winner is announced when it closes. rostrum-bot is a working reference implementation you can fork.

Game studios

Season-end item auctions

The rarest skins shouldn't just be sold — they should be won. Rostrum runs the bidding, handles anti-snipe when someone bids in the final window, and webhooks your backend the winner. You write the game; Rostrum runs the auction.

SaaS & marketplaces

Sponsored placements and capacity slots

Your platform has prime placement that advertisers compete for. Run a weekly auction instead of first-come-first-served — highest bid wins the slot, Rostrum handles every state transition. Add it to your existing API in a day.

What it does

Quick start

Check your API key and quota with the first call:

# Verify your API key
curl https://api.rostrum.live/v1/me \
  -H "Authorization: Bearer <your-key>"

# { "customer_id": "...", "tier": "free", "quota_used": 0, "quota_limit": 10000 }

Run a full auction:

# 1. Create a draft auction
curl -X POST https://api.rostrum.live/v1/auctions \
  -H "Authorization: Bearer <your-key>" \
  -H "Content-Type: application/json" \
  -d '{"title": "Vintage synthesizer", "unit": "USD", "min_increment": 100, "ends_at": "2027-12-31T23:59:59Z"}'

# 2. Open it — bids now accepted, timer starts
curl -X POST https://api.rostrum.live/v1/auctions/<id>/start \
  -H "Authorization: Bearer <your-key>"

# 3. Place a bid
curl -X POST https://api.rostrum.live/v1/auctions/<id>/bids \
  -H "Authorization: Bearer <your-key>" \
  -H "Content-Type: application/json" \
  -d '{"bidder_id": "alice", "amount": 500}'

# 4. Fetch the winner after close
curl https://api.rostrum.live/v1/auctions/<id>/winner \
  -H "Authorization: Bearer <your-key>"

Auction lifecycle

DRAFT ──▶ OPEN ──▶ CLOSING ──▶ CLOSED
                  ↑_______↑
                  anti-snipe

DRAFT ──▶ SCHEDULED ──▶ OPEN
OPEN  ──▶ CANCELLED (terminal)

Auctions close automatically at their deadline. To cancel an auction before it closes:

curl -X DELETE https://api.rostrum.live/v1/auctions/<id> \
  -H "Authorization: Bearer <your-key>"

Webhooks

Rostrum POSTs a signed JSON payload to your endpoint on every state change. Configure your URL via the ops dashboard or contact us.

Three event types:

// bid.placed — Growth+ tier only
{
  "type": "bid.placed",
  "auctionId": "...",
  "bidId": "...",
  "bidderId": "alice",
  "amount": 500,
  "unit": "USD"
}

// auction.ended — fires on every close (winners is [] if no bids)
{
  "type": "auction.ended",
  "auctionId": "...",
  "closedAt": "2024-04-25T09:00:00.000Z",
  "winners": [
    { "rank": 1, "bidder_id": "alice", "amount": 500, "bid_id": "..." }
  ]
}

// winner.confirmed — same shape, only fires when winners.length > 0
{ "type": "winner.confirmed", ... }

Every request includes an X-Auction-Signature header — Stripe-style HMAC-SHA256:

X-Auction-Signature: t=1714000000,v1=a3f5...c7d2

Verify it in your handler:

// Node.js example
import { createHmac } from "crypto";

const [tPart, vPart] = req.headers["x-auction-signature"].split(",");
const timestamp = tPart.split("=")[1];
const received = vPart.split("=")[1];
const payload = timestamp + "." + rawBody;
const expected = createHmac("sha256", WEBHOOK_SECRET)
  .update(payload)
  .digest("hex");
if (received !== expected) return res.status(401).send("invalid signature");

Error responses

All errors return { "error": "code" } with a standard HTTP status.

# 401 — missing or invalid API key
{ "error": "invalid_api_key" }

# 403 — write quota exceeded
{ "error": "quota_exceeded" }

# 404 — auction not found (or not yours)
{ "error": "auction_not_found" }

# 422 — bid rejected (check the error code)
{ "error": "auction_not_open" }   // auction is DRAFT/CLOSED/CANCELLED
{ "error": "bid_too_low" }        // below current high + min_increment
{ "error": "below_reserve" }      // below reserve price
{ "error": "invalid_transition" } // e.g. open an already-open auction

# 500 — internal error
{ "error": "internal_error" }

Reference implementation

rostrum-bot is a Discord bot built entirely on the Rostrum API. It runs live auctions inside Discord servers — members bid with slash commands, anti-snipe extensions happen automatically, and the winner is announced when the auction closes. A complete end-to-end example of how to wire up the API in a real production app.

Pricing

A write operation is any API call that changes state: create auction, open, place bid, close, cancel, or schedule.

API reference

Interactive API docs (ReDoc) →   ·   OpenAPI 3.0 spec (JSON)   ·   Import into Postman

Get access

Get your free API key →

Free tier accounts get 10,000 write operations per month. No credit card required.

Enterprise or procurement evaluation? See our enterprise & procurement page or the compliance documentation.