Public API entrypoint

Bidly API Gateway

This is the secure public entrypoint for the Bidly platform. It fronts authentication, restaurant discovery, reservations, waitlist, payments, reviews, widgets, and operational gateway services behind one consistent HTTPS host.

Base URL https://api.bidly.online Client IP 216.73.216.52 User Agent Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) Access anonymous request

Gateway health OpenID configuration

Platform overview

Bidly API is designed to serve public discovery traffic and authenticated operational traffic through one gateway with consistent transport, correlation, rate limiting, and authorization enforcement.

Public discovery and bootstrap flows such as restaurant search, plans, authentication entrypoints, and OpenID discovery remain reachable without a bearer token where intentionally allowed.
Protected operational routes are challenged centrally at the gateway before they reach downstream services.
Every request gets correlation, security headers, structured logging, and route-level traffic control.
The gateway also normalizes downstream service OpenAPI exposure and health surfaces.

How to use this API

Use the public host below for all client traffic. Public routes are intentionally open where the product needs unauthenticated access, while protected routes expect a bearer token.

Public routes

Bootstrap and discovery: /api/plans, /.well-known/openid-configuration
Auth entrypoints: /api/auth/login and related authentication flows
Selected restaurant reads: availability, booking summary, media, and other explicitly public catalog routes

Protected routes

Management, tenant-scoped, and operational routes require JWT bearer authentication. If a route is protected, the gateway returns 401 before proxying it downstream.

Example public base URL:

https://api.bidly.online

Live request snapshot

Method	`GET`
Scheme	`https`
Host	`api.bidly.online`
Path	`/`
Query string	`n/a`
Protocol	`HTTP/1.1`
Trace identifier	`0HNKHH53SQ34M:00000008`
Correlation ID	`edcf75fd-bef8-4cd3-aec1-a4310a73c30b`
Route pattern	`/`
Endpoint	`HTTP: GET /`

Client and network

Resolved client IP	`216.73.216.52`
Forwarded for	`n/a`
Real IP	`n/a`
Remote port	`0`
Local IP	`::ffff:172.18.0.24`
Local port	`8080`
TLS client certificate	`none`

Authentication and policy

Authenticated	`false`
User ID	`n/a`
Tenant ID	`n/a`
Identity name	`n/a`
Auth type	`n/a`
Rate-limit partition	`ip:216.73.216.52`

Diagnostics

The snapshot below reflects exactly what the gateway saw for this request. Sensitive headers remain redacted even here.

Identity and claims snapshot

JWT and identity claims

No claims were attached to this request.

Raw request headers

Request headers

Accept	`/`
Accept-Encoding	`gzip, br, zstd, deflate`
Host	`api.bidly.online`
User-Agent	`Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)`
X-Amzn-Trace-Id	`Root=1-69cfcdb9-6eebf0157e64a0ec38f4c898`
X-Forwarded-Port	`443`
X-Original-For	`[::ffff:172.31.46.60]:52920`
X-Original-Proto	`http`

Sensitive headers such as Authorization and Cookie are intentionally redacted even on this diagnostic page. If you are integrating a client, use this page to confirm the gateway sees the expected host, scheme, user agent, and source IP before testing protected flows.