Workflow API

The BidCore Workflow API provides a REST based interface to create, read, update and delete (CRUD) entities in the system. With this API you can configure and customize any parts of your workflow.

  • This section provides you with sample endpoints, methods, and authentication.

  • You can view the full request/response JSON body parameters in the Workflow API Documentation

Supported CRUD Methods




Gets the data for the entities which you queried


Creates an entity in BidCore based on the parameters in the request body


Updates an entity in BidCore based on the changed parameters in the request body


Deletes an entity based on its resource ID

Auth Overview

To authenticate with the API, you need to get an authentication token. You have two options for managing this: Get a permanent auth token or request a temporary auth token per session

Permanent Auth Tokens

To get a permanent auth token for your integration, use the following steps.

  1. Log into the IPONWEB single sign-on management portal with your BidCore credentials:

  2. Select OAuth2 Access Token ‣ New Permanent Token

  3. Set the Workflow API scope,, and Create

  4. Save the generated token for use with your API requests, this token must be passed in request headers, see the Workflow API Documentation for relevant usage details.

Temporary Auth Tokens

Make an HTTP POST request to the following URL. The response will contain your access token and its expiration time. You can use the use this token to perform API requests until the token expires. See the Workflow API Documentation for relevant usage examples.

Auth Token Request Details

Endpoint Info






(Required) Your BidCore username


(Required) Your BidCore password


(Required) The service to which your user token should grant you access, i.e. e.g. ""

Obtaining a token using CURL POST
 # Example Auth request
 curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d 'grant_type=password&username=$username&password=$password&"' ''
Example Using Python Requests
#!/usr/bin/env python3
# -*- coding: utf-8 -*-

import json
import requests

headers = {
    "Content-Type": "application/x-www-form-urlencoded",
    "accept": "application/json",
payload = {
    "grant_type": "password",
    "username": login,  # Your BidCore Login
    "password": password,  # Your BidCore Password
    "scope": "",
token_post =
    "", params=payload, headers=headers
response_json = token_post.json()
token = response_json["access_token"]

Sample AUTH Response
  "token_type": "Bearer",
  "scope": "",
  "access_token": "<access_token>",
  "expires_in": 3600

Response Codes

The REST API uses HTTP Response Codes to inform whether a request was successful. When the operation is successful, the API responds with a 2xx code and in the case of an error — with 4xx (application errors) or 5xx (server errors).

Response Code


200 OK

Successful GET request

201 Created

Successful POST request

204 No Content

Successful PUT or DELETE request

400 Bad Request

Unsupported query parameters, the request failed validation

401 Unauthorized

The user is unauthenticated or does not have access

403 Forbidden

The user doesn’t have permission to perform this action

404 Not Found

The requested resource doesn’t exist

405 Method Not Allowed

The requested resource exists, but an unsupported method was requested

406 Not acceptable

Invalid action, e.g. the user tried to delete dependent entities

409 Conflict

Database Error

429 Too Many Requests

Throttling limit was exceeded

500 Internal Server Error

General Server Problems

504 Gateway Timeout

Request was too large, timed out