Customer Reference
The following section contains a complete reference of all the objects that can be returned through the API. Objects that have been explained earlier in this documentation are not included. The objects in this section are never top level resources by themselves and will only be returned as sub resources.
All objects are made up of an id and a type attribute. With those, additional attributes and relationships can be specified. An example how the data schema looks like, take a look at the response structure or the response object. Additional reading can be done at jsonapi.org.
activity
{
"id": "string",
"type": "string",
"attributes": {
"report_id": "string",
"message": "string",
"internal": true,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
},
"relationships": {
"actor": {
"data": {}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the activity. |
| type | string | true | Indicates what kind of activity it is. |
| attributes | object | true | none |
| » report_id | string | false | The report associated with the activity. |
| » message | string¦null | false | The comment associated with the activity. May be updated through the HackerOne interface. Markdown is not parsed. |
| » internal | boolean | true | Indicates if this activity can only be read by Program users and external users that were invited to the report. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
| » updated_at | string(date-time) | true | The date and time the object was updated. Formatted according to ISO 8601. |
| relationships | object | false | none |
| » actor | object | false | The author of the activity. |
| »» data | object | false | none |
oneOf - discriminator: user.type
| Name | Type | Required | Description |
|---|---|---|---|
| »»» anonymous | user | false | User objects represent accounts on HackerOne. These objects are mostly referenced when someone performed an action using that account. All different actors on the platform, hackers, API users, and program users, have a user account. |
xor
| Name | Type | Required | Description |
|---|---|---|---|
| »»» anonymous | program | false | A program object represents a disclosure program or bug bounty program on the platform. When a user reports a bug to a program, this is the object they interact with. Behind a program, there can be multiple users that are part of the program. Those users can interact with reports on behalf of the program. |
continued
| Name | Type | Required | Description |
|---|---|---|---|
| » attachments | object | false | A list of Attachment objects added to the activity. |
| »» data | [attachment] | false | [Users can add attachments when they file a report or when they interact with a report. Attachments may contain dangerous proof of concepts and should be handled with caution. ] |
activity-agreed-on-going-public
{
"id": "1337",
"type": "activity-agreed-on-going-public",
"attributes": {
"report_id": "string",
"message": "Agreed On Going Public!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-agreed-on-going-public | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » attributes | object | false | none |
| »» disclosed_at | string(date-time)¦null | false | none |
| »» allow_singular_disclosure_at | string(date-time)¦null | false | none |
activity-bounty-awarded
{
"id": "1337",
"type": "activity-bounty-awarded",
"attributes": {
"report_id": "string",
"message": "Bounty Awarded!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"bounty_amount": "500",
"bonus_amount": "50"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "program",
"attributes": {
"handle": "security",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-bounty-awarded | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » attributes | object | false | none |
| »» bounty_amount | string | false | none |
| »» bonus_amount | string | false | none |
activity-bounty-suggested
{
"id": "1337",
"type": "activity-bounty-suggested",
"attributes": {
"report_id": "string",
"message": "Bounty Suggested!",
"internal": true,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"bounty_amount": "500",
"bonus_amount": "50"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-bounty-suggested | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » attributes | object | false | none |
| »» bounty_amount | string | false | none |
| »» bonus_amount | string | false | none |
activity-bug-cloned
{
"id": "1337",
"type": "activity-bug-cloned",
"attributes": {
"report_id": "string",
"message": "Bug Cloned!",
"internal": true,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"original_report_id": 1336
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-bug-cloned | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » attributes | object | false | none |
| »» original_report_id | integer | true | none |
activity-bug-duplicate
{
"id": "1337",
"type": "activity-bug-duplicate",
"attributes": {
"report_id": "string",
"message": "Bug Duplicate!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"original_report_id": 1336
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-bug-duplicate | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » attributes | object | false | none |
| »» original_report_id | integer | false | none |
activity-bug-filed
{
"id": "7331",
"type": "activity-bug-filed",
"attributes": {
"report_id": "string",
"message": "",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"type": "user",
"id": "1337",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2017-11-09T10:52:25.443Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-bug-filed | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-bug-inactive
{
"id": "1337",
"type": "activity-bug-inactive",
"attributes": {
"report_id": "string",
"message": "Bug closed automatically due to inactivity in the last 30 days.",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": null
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-bug-inactive | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-bug-informative
{
"id": "1337",
"type": "activity-bug-informative",
"attributes": {
"report_id": "string",
"message": "Bug Informative!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-bug-informative | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-bug-needs-more-info
{
"id": "1337",
"type": "activity-bug-needs-more-info",
"attributes": {
"report_id": "string",
"message": "Bug Needs More Info!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-bug-needs-more-info | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-bug-new
{
"id": "1337",
"type": "activity-bug-new",
"attributes": {
"report_id": "string",
"message": "Bug New!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-bug-new | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-bug-not-applicable
{
"id": "1337",
"type": "activity-bug-not-applicable",
"attributes": {
"report_id": "string",
"message": "Bug Not Applicable!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-bug-not-applicable | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-bug-reopened
{
"id": "1337",
"type": "activity-bug-reopened",
"attributes": {
"report_id": "string",
"message": "Bug Reopened!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-bug-reopened | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-bug-resolved
{
"id": "1337",
"type": "activity-bug-resolved",
"attributes": {
"report_id": "string",
"message": "Bug Resolved!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-bug-resolved | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-bug-retesting
{
"id": "1337",
"type": "activity-bug-retesting",
"attributes": {
"report_id": "string",
"message": "Please retest this report.",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-bug-retesting | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-bug-spam
{
"id": "1337",
"type": "activity-bug-spam",
"attributes": {
"report_id": "string",
"message": "Bug Spam!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-bug-spam | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-bug-triaged
{
"id": "1337",
"type": "activity-bug-triaged",
"attributes": {
"report_id": "string",
"message": "Bug Triaged!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-bug-triaged | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-cancelled-disclosure-request
{
"id": "1337",
"type": "activity-cancelled-disclosure-request",
"attributes": {
"report_id": "string",
"message": "Cancel disclosure 1",
"internal": false,
"created_at": "2019-10-23T13:35:35.616Z",
"updated_at": "2019-10-23T13:35:35.616Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api_user",
"name": null,
"disabled": false,
"created_at": "2019-10-14T13:59:49.563Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"signal": null,
"impact": null,
"reputation": null,
"bio": null,
"website": null,
"location": null,
"hackerone_triager": false
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-cancelled-disclosure-request | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-changed-scope
{
"id": "1337",
"type": "activity-changed-scope",
"attributes": {
"report_id": "string",
"message": "A different scope has added",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
},
"old_scope": {
"data": {
"id": "1337",
"type": "structured_scope",
"attributes": {
"asset_identifier": "www.example.com",
"asset_type": "url",
"confidentiality_requirement": null,
"integrity_requirement": null,
"availability_requirement": null,
"max_severity": "critical",
"created_at": "2015-02-02T04:05:06.000Z",
"updated_at": "2016-05-02T04:05:06.000Z",
"instruction": "not eligible for bounty",
"eligible_for_bounty": false,
"eligible_for_submission": true
}
}
},
"new_scope": {
"data": {
"id": "1338",
"type": "structured_scope",
"attributes": {
"asset_identifier": "api.example.com",
"asset_type": "url",
"confidentiality_requirement": "high",
"integrity_requirement": "high",
"availability_requirement": "high",
"max_severity": "critical",
"created_at": "2015-02-02T04:05:06.000Z",
"updated_at": "2016-05-02T04:05:06.000Z",
"instruction": null,
"eligible_for_bounty": true,
"eligible_for_submission": true
}
}
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-changed-scope | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » relationships | object | false | none |
| »» old_scope | object | true | none |
| »»» data | structured-scope | false | A StructuredScope object represents an asset defined by the program. The scope on a report was initially provided by the hacker, but may be reviewed and corrected by the program. |
| »» new_scope | object | true | none |
| »»» data | structured-scope | false | A StructuredScope object represents an asset defined by the program. The scope on a report was initially provided by the hacker, but may be reviewed and corrected by the program. |
activity-comment
{
"id": "1337",
"type": "activity-comment",
"attributes": {
"report_id": "string",
"message": "Comment!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-comment | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-comments-closed
{
"id": "1337",
"type": "activity-comments-closed",
"attributes": {
"report_id": "string",
"message": "Comments Closed!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-comments-closed | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-external-user-invitation-cancelled
{
"id": "1337",
"type": "activity-external-user-invitation-cancelled",
"attributes": {
"report_id": "string",
"message": "External User Invitation Cancelled!",
"internal": true,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"email": "hacker@example.com"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-external-user-invitation-cancelled | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » attributes | object | false | none |
| string¦null | false | none |
activity-external-user-invited
{
"id": "1337",
"type": "activity-external-user-invited",
"attributes": {
"report_id": "string",
"message": "External User Invited!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"email": "hacker@example.com"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-external-user-invited | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » attributes | object | false | none |
| string¦null | false | none |
activity-external-user-joined
{
"id": "1337",
"type": "activity-external-user-joined",
"attributes": {
"report_id": "string",
"message": "External User Joined!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"duplicate_report_id": 10
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-external-user-joined | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » attributes | object | false | none |
| »» duplicate_report_id | integer | false | none |
activity-external-user-removed
{
"id": "1337",
"type": "activity-external-user-removed",
"attributes": {
"report_id": "string",
"message": "External User Removed!",
"internal": true,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
},
"removed_user": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-external-user-removed | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » relationships | object | false | none |
| »» removed_user | object | true | none |
| »»» data | user | false | User objects represent accounts on HackerOne. These objects are mostly referenced when someone performed an action using that account. All different actors on the platform, hackers, API users, and program users, have a user account. |
activity-group-assigned-to-bug
{
"id": "1337",
"type": "activity-group-assigned-to-bug",
"attributes": {
"report_id": "string",
"message": "Group Assigned To Bug!",
"internal": true,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
},
"group": {
"data": {
"id": "1337",
"type": "group",
"attributes": {
"name": "Admin",
"created_at": "2016-02-02T04:05:06.000Z",
"permissions": [
"user_management",
"report_management"
]
}
}
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-group-assigned-to-bug | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » relationships | object | false | none |
| »» group | object | true | none |
| »»» data | group | false | A group represents a set of users. A group is used to delegate permissions for the users in it. It can also be assigned to one or multiple reports. |
activity-hacker-requested-mediation
{
"id": "1337",
"type": "activity-hacker-requested-mediation",
"attributes": {
"report_id": "string",
"message": "Hacker Requested Mediation!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-hacker-requested-mediation | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-invitation-received
{
"id": "string",
"type": "string",
"attributes": {
"report_id": "string",
"message": "string",
"internal": true,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
},
"relationships": {
"actor": {
"data": {}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
},
"data": {
"type": "activity-invitation-received",
"id": "1337",
"attributes": {
"message": "Activity Invitation Received",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"internal": false
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "hacker",
"name": "Hacker",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"signal": null,
"impact": null,
"reputation": null,
"bio": "Super great hacker",
"website": "http://hackerone.com",
"location": "Who wants to know?",
"hackerone_triager": false
}
}
}
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-invitation-received | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-manually-disclosed
{
"id": "1337",
"type": "activity-manually-disclosed",
"attributes": {
"report_id": "string",
"message": "Manually Disclosed!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-manually-disclosed | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-mediation-requested
{
"id": "1337",
"type": "activity-mediation-requested",
"attributes": {
"report_id": "string",
"message": "Mediation Requested!",
"internal": true,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-mediation-requested | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-nobody-assigned-to-bug
{
"id": "1337",
"type": "activity-nobody-assigned-to-bug",
"attributes": {
"report_id": "string",
"message": "Nobody Assigned To Bug!",
"internal": true,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-nobody-assigned-to-bug | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-not-eligible-for-bounty
{
"id": "1337",
"type": "activity-not-eligible-for-bounty",
"attributes": {
"report_id": "string",
"message": "Not Eligible For Bounty!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-not-eligible-for-bounty | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-program-hacker-joined
{
"id": "1337",
"type": "activity-program-hacker-joined",
"attributes": {
"report_id": "string",
"message": "Program hacker joined",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "new_hacker",
"name": "NEW HACKER",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"signal": null,
"impact": null,
"reputation": null,
"bio": "Super great hacker",
"website": "http://hackerone.com",
"location": "Who wants to know?",
"hackerone_triager": false
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
},
"program": {
"id": "1337",
"type": "program",
"attributes": {
"handle": "team_shine",
"policy": "Policy definition",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
}
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-program-hacker-joined | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-program-hacker-left
{
"id": "string",
"type": "string",
"attributes": {
"report_id": "string",
"message": "string",
"internal": true,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
},
"relationships": {
"actor": {
"data": {}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
},
"data": {
"activity": {
"type": "activity-program-hacker-left",
"id": "1337",
"attributes": {
"message": "Message",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"internal": false
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "leaving_hacker",
"name": "LEAVING HACKER",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"signal": null,
"impact": null,
"reputation": null,
"bio": "Super great hacker",
"website": "http://hackerone.com",
"location": "Who wants to know?",
"hackerone_triager": false
}
}
},
"program": {
"id": "1337",
"type": "program",
"attributes": {
"handle": "team_shine",
"policy": "Policy definition",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
}
}
}
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-program-hacker-left | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-program-inactive
{
"id": "1337",
"type": "activity-program-inactive",
"attributes": {
"report_id": "string",
"message": "Closed report and changed status to Informative due to inactive state of program.",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": null
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-program-inactive | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-reference-id-added
{
"id": "1337",
"type": "activity-reference-id-added",
"attributes": {
"report_id": "string",
"message": "Reference Id Added!",
"internal": true,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"reference": "reference",
"reference_url": "https://example.com/reference"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-reference-id-added | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » attributes | object | false | none |
| »» reference | string | true | none |
| »» reference_url | string | true | none |
activity-report-became-public
{
"id": "1337",
"type": "activity-report-became-public",
"attributes": {
"report_id": "string",
"message": "Report Became Public!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "program",
"attributes": {
"handle": "security",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-report-became-public | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-report-custom-field-value-updated
{
"id": "1337",
"type": "activity-report-custom-field-value-updated",
"attributes": {
"report_id": "string",
"message": "Custom Field Value Updated!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"old_value": "Infra",
"new_value": "Infrastructure"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
},
"custom_field_attribute": {
"data": {
"id": "287",
"type": "custom-field-attribute",
"attributes": {
"label": "Product Squad",
"configuration": null,
"created_at": "2013-01-01T00:00:00.000Z",
"updated_at": "2013-01-01T00:00:00.000Z",
"archived_at": null
}
}
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-report-custom-field-value-updated | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-report-retest-approved
{
"id": "1337",
"type": "activity-report-retest-approved",
"attributes": {
"report_id": "string",
"message": "The retest results look good!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-report-retest-approved | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-report-retest-rejected
{
"id": "1337",
"type": "activity-report-retest-rejected",
"attributes": {
"report_id": "string",
"message": "Please provide more context for the retest next time.",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-report-retest-rejected | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-report-severity-updated
{
"id": "1337",
"type": "activity-report-severity-updated",
"attributes": {
"report_id": "string",
"message": "Report Severity Updated!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
},
"old_severity": {
"data": {
"id": "1337",
"type": "severity",
"attributes": {
"rating": "high",
"author_type": "User",
"user_id": "56",
"created_at": "2016-02-02T04:05:06.000Z",
"score": 8.7,
"attack_complexity": "low",
"attack_vector": "adjacent",
"confidentiality": "low",
"integrity": "high",
"availability": "high",
"privileges_required": "low",
"user_interaction": "required",
"scope": "changed",
"confidentiality_requirement": "not_defined",
"integrity_requirement": "not_defined",
"availability_requirement": "not_defined",
"max_severity": "none",
"calculation_method": "cvss_3_0_hackerone"
}
}
},
"new_severity": {
"data": {
"id": "1337",
"type": "severity",
"attributes": {
"rating": "medium",
"author_type": "Team",
"user_id": "56",
"created_at": "2016-02-02T04:05:06.000Z",
"score": 5.2,
"attack_complexity": "low",
"attack_vector": "physical",
"confidentiality": "high",
"integrity": "none",
"availability": "low",
"privileges_required": "none",
"user_interaction": "none",
"scope": "unchanged",
"confidentiality_requirement": "not_defined",
"integrity_requirement": "not_defined",
"availability_requirement": "not_defined",
"max_severity": "none",
"calculation_method": "cvss_3_0_hackerone"
}
}
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-report-severity-updated | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-report-title-updated
{
"id": "1337",
"type": "activity-report-title-updated",
"attributes": {
"report_id": "string",
"message": "Report Title Updated!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"old_title": "xss",
"new_title": "XSS in login form"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-report-title-updated | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » attributes | object | false | none |
| »» old_title | string | true | none |
| »» new_title | string | true | none |
activity-report-vulnerability-types-updated
{
"id": "1337",
"type": "activity-report-vulnerability-types-updated",
"attributes": {
"report_id": "string",
"message": "Report Vulnerability Types Updated!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
},
"old_weakness": {
"data": {
"id": "1337",
"type": "weakness",
"attributes": {
"name": "Cryptographic Issues - Generic",
"description": "Weaknesses in this category are related to the use of cryptography.",
"created_at": "2016-02-02T04:05:06.000Z"
}
}
},
"new_weakness": {
"data": {
"id": "1338",
"type": "weakness",
"attributes": {
"name": "Use of Hard-coded Cryptographic Key",
"description": "The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.",
"created_at": "2016-02-02T04:05:06.000Z"
}
}
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-report-vulnerability-types-updated | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » relationships | object | false | none |
| »» old_weakness | object | false | The weakness that was set before the change |
| »»» data | weakness | false | A Weakness object represents the type of weakness the hacker submitted to a program. The weakness was initially provided by the hacker, but may be reviewed and corrected by the program. |
| »» new_weakness | object | false | The weakness that was set after the change |
| »»» data | weakness | false | A Weakness object represents the type of weakness the hacker submitted to a program. The weakness was initially provided by the hacker, but may be reviewed and corrected by the program. |
activity-retest-user-expired
{
"id": "1337",
"type": "activity-retest-user-expired",
"attributes": {
"report_id": "string",
"message": "",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-retest-user-expired | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-swag-awarded
{
"id": "1337",
"type": "activity-swag-awarded",
"attributes": {
"report_id": "string",
"message": "Swag Awarded!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
},
"swag": {
"data": {
"id": "1337",
"type": "swag",
"attributes": {
"sent": false,
"created_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"address": {
"data": {
"id": "1337",
"type": "address",
"attributes": {
"name": "Jane Doe",
"street": "535 Mission Street",
"city": "San Francisco",
"postal_code": "94105",
"state": "CA",
"country": "United States of America",
"created_at": "2016-02-02T04:05:06.000Z",
"tshirt_size": "M_Large",
"phone_number": "+1-510-000-0000"
}
}
}
}
}
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-swag-awarded | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » relationships | object | false | none |
| »» swag | object | true | none |
| »»» data | swag | false | Besides a financial reward, which is called a bounty, programs can award swag. Report objects may contain multiple swag objects, one for each time swag was awarded. |
activity-user-assigned-to-bug
{
"id": "string",
"type": "string",
"attributes": {
"report_id": "string",
"message": "string",
"internal": true,
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
},
"relationships": {
"actor": {
"data": {}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
},
"data": {
"id": "1337",
"type": "activity-user-assigned-to-bug",
"attributes": {
"message": "User Assigned To Bug!",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"internal": true
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"assigned_user": {
"data": {
"id": "1336",
"type": "user",
"attributes": {
"username": "other_user",
"name": "Other User",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
}
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-user-assigned-to-bug | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » relationships | object | false | none |
| »» assigned_user | object | true | none |
| »»» data | user | false | User objects represent accounts on HackerOne. These objects are mostly referenced when someone performed an action using that account. All different actors on the platform, hackers, API users, and program users, have a user account. |
activity-user-banned-from-program
{
"id": "1337",
"type": "activity-user-banned-from-program",
"attributes": {
"report_id": "string",
"message": "User Banned From Program!",
"internal": true,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
},
"removed_user": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-user-banned-from-program | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » relationships | object | false | none |
| »» removed_user | object | true | none |
| »»» data | user | false | User objects represent accounts on HackerOne. These objects are mostly referenced when someone performed an action using that account. All different actors on the platform, hackers, API users, and program users, have a user account. |
activity-user-completed-retest
{
"id": "1337",
"type": "activity-user-completed-retest",
"attributes": {
"report_id": "string",
"message": "User Completed Retest!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-user-completed-retest | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
activity-user-left-retest
{
"id": "1337",
"type": "activity-user-left-retest",
"attributes": {
"report_id": "string",
"message": "User left Retest!",
"internal": false,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| activity-user-left-retest | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | activity | false | These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
address
{
"id": "1337",
"type": "address",
"attributes": {
"name": "Jane Doe",
"street": "535 Mission Street",
"city": "San Francisco",
"postal_code": "94105",
"state": "CA",
"country": "United States of America",
"created_at": "2016-02-02T04:05:06.000Z",
"tshirt_size": "W_Large",
"phone_number": "+1-510-000-0000"
}
}
This object contains the postal address for the delivery of awarded swag.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the address. |
| type | string | true | none |
| attributes | object | true | none |
| » name | string | true | none |
| » street | string | true | none |
| » city | string | true | none |
| » postal_code | string | true | none |
| » state | string | true | none |
| » country | string | true | none |
| » tshirt_size | string | false | none |
| » phone_number | string | false | none |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
Enumerated Values
| Property | Value |
|---|---|
| type | address |
| tshirt_size | M_Small |
| tshirt_size | M_Medium |
| tshirt_size | M_Large |
| tshirt_size | M_XLarge |
| tshirt_size | M_XXLarge |
| tshirt_size | W_Small |
| tshirt_size | W_Medium |
| tshirt_size | W_Large |
| tshirt_size | W_XLarge |
| tshirt_size | W_XXLarge |
allowed_reporter
{
"data": [
{
"id": "1337",
"type": "allowed_reporter",
"attributes": {
"username": "awesome-hacker",
"email_alias": "awesome-hacker@wearehackerone.com",
"rules_of_engagement_signed": true,
"identity_verified": true,
"background_checked": true,
"cleared": true,
"citizenship_verified": false,
"residency_verified": true,
"created_at": "2016-02-02T04:05:06.000Z"
}
}
],
"links": {}
}
Allowed reporter objects represent researchers that belong to a private program on HackerOne. These are users that engage with your program.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the user. This is the same ID as in the user objects. |
| type | string | true | none |
| attributes | object | true | none |
| » username | string | true | The username of the allowed reporter. |
| » email_alias | string | true | The HackerOne provided email for direct communication (@wearehackerone.com domain). |
| » rules_of_engagement_signed | boolean | false | Whether the user has signed the clear rules of engagement. |
| » identity_verified | boolean | true | Whether the user has verified their identity with HackerOne. |
| » background_checked | boolean | true | Whether the user has passed a background check. |
| » cleared | boolean | true | Whether the user is currently cleared. |
| » citizenship_verified | boolean | true | Whether the user has verified at least one citizenship with HackerOne. |
| » residency_verified | boolean | true | Whether the user has verified at least one residency with HackerOne. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
Enumerated Values
| Property | Value |
|---|---|
| type | allowed_reporter |
allowed_reporter_username_history
{
"data": {
"type": "allowed_reporter_username_history",
"attributes": {
"old_usernames": [
"zero-trust",
"zero_trust-the-sequel"
],
"user_id": "42"
}
}
}
Allowed Reporter Username History contains the old usernames of an allowed reporter.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| attributes | object | true | none |
| » user_id | string | true | The unique id of the allowed reporter. |
| » old_usernames | [string] | true | Old usernames of the allowed reporter (deprecated). |
analytics
[
{
"keys": [
"report_count",
"interval"
],
"values": [
[
"10",
"2022-01-01 00:00:00 UTC"
],
[
"27",
"2022-04-01 00:00:00 UTC"
],
[
"35",
"2022-07-01 00:00:00 UTC"
]
]
}
]
Analytics queries are predefined GraphQL queries to retrieve commonly used metrics
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| keys | array | false | The field names for the queried data |
| values | array | false | The values for the queried data |
attachment
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
Users can add attachments when they file a report or when they interact with a report. Attachments may contain dangerous proof of concepts and should be handled with caution.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the attachment. |
| type | string | true | none |
| attributes | object | true | none |
| » file_name | string | true | The file name of the attachment. |
| » content_type | string | true | The content type of the attachment. The content type is derived from the contents and extension of the file. |
| » file_size | integer | true | The file size of the attachment in bytes. |
| » expiring_url | string | true | A URL to download the attachment. The URL will automatically expire after 60 minutes. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
Enumerated Values
| Property | Value |
|---|---|
| type | attachment |
audit-log
{
"id": "1",
"type": "audit-log-item",
"attributes": {
"log": "\"@member\" invited \"someone@example.com\".",
"event": "invitations.team_members.create",
"source": "User#1",
"subject": "Invitation#1",
"user_agent": "Chrome/11.0",
"country": "US",
"parameters": "{\"identifier\":\"jobert\"}",
"created_at": "2019-05-15T04:05:06.000Z"
}
}
An audit log item contains information to determine who did what in a program.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the audit log item. |
| type | string | true | Indicates what kind of object it is. |
| attributes | object | true | none |
| » log | string | true | A human-readable log entry describing what happened. |
| » event | string | true | The event that created the audit log item. |
| » source | string | true | A unique identifier that indicates the source of the audit log item. |
| » subject | string | true | A unique identifier that indicates the subject of the audit log item. |
| » user_agent | string¦null | false | An optional string that contains the user agent specified by the client. |
| » country | string¦null | false | An optional ISO 3166 country code. XX means that the country couldn't be found. T1 is a Tor node. |
| » parameters | string | true | A serialized JSON object containing the data that was used to construct the audit log. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
automated-remediation-guidance
{
"data": {
"id": "1",
"type": "automated-remediation-guidance",
"attributes": {
"reference": "https://cwe.mitre.org/data/definitions/120.html",
"created_at": "2020-10-23T12:09:37.859Z"
}
}
}
Remediation guidance that has been derived from the report's weakness.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the automated remediation guidance. |
| type | string | true | Indicates what kind of object it is. |
| attributes | object | true | none |
| » reference | string | true | The URL of the remediation guidance article. |
| » created_at | string(date-time) | true | The date and time the automated remediation guidance was created. Formatted according to ISO 8601. |
bounty
{
"id": "1337",
"type": "bounty",
"attributes": {
"amount": "500.00",
"bonus_amount": "50.00",
"created_at": "2016-02-02T04:05:06.000Z"
}
}
When a program pays a bounty to the hacker, a bounty object is created. A report may contain multiple bounty objects, one for each time a bounty was awarded. The hacker that reported the vulnerability is the user that received the bounty.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the bounty. |
| type | string | true | none |
| attributes | object | true | none |
| » amount | string¦null | false | Amount in USD. |
| » bonus_amount | string¦null | false | Bonus amount in USD. |
| » awarded_amount | string¦null | false | Amount in awarded currency. |
| » awarded_bonus_amount | string¦null | false | Bonus amount in awarded currency. |
| » awarded_currency | string¦null | false | The currency used to award the bounty and bonus. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
Enumerated Values
| Property | Value |
|---|---|
| type | bounty |
collaborator
{
"weight": 1,
"user": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"reputation": 7,
"signal": 7,
"impact": 30
}
}
}
A User who participated in a report with their respective collaboration weight.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| weight | number | true | The collaborator weight in the report. |
| user | user | true | User objects represent accounts on HackerOne. These objects are mostly referenced when someone performed an action using that account. All different actors on the platform, hackers, API users, and program users, have a user account. |
credential
{
"data": {
"id": "<id>",
"type": "credential",
"attributes": {
"credentials": {
"table": {
"username": "test",
"password": "test"
}
},
"revoked": false,
"assignee_id": "<id>",
"assignee_username": "john_doe_1234"
}
}
}
A credential object contains the information that is associated to a credential
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the category. |
| type | string | true | none |
| attributes | object | true | none |
| » credentials | object | true | none |
| »» table | object | false | The information to be provided to the assigned hacker |
| » revoked | boolean | true | Indicates if the credential has been revoked. Revoked credentials cannot be used to access the target. |
| » account_details | string | false | The account details of the credential. |
| » assignee_id | string | false | The ID of the user that the credential is assigned to. |
| » assignee_username | string | false | The username of the user that the credential is assigned to. |
Enumerated Values
| Property | Value |
|---|---|
| type | credential |
credential_inquiry
{
"data": {
"id": "<id>",
"type": "credential_inquiry",
"attributes": {
"description": "this is a credential inquiry"
}
}
}
A credential inquiry object contains the information that is associated to a credential inquiry
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the credential inquiry |
| type | string | true | none |
| attributes | object | true | none |
| » description | string | true | The information to be requested from the hacker |
Enumerated Values
| Property | Value |
|---|---|
| type | credential_inquiry |
credential_inquiry_response
{
"id": "string",
"type": "credential_inquiry_response",
"attributes": {
"details": "string",
"user_id": "string"
}
}
A credential inquiry response object contains the information that is associated to a credential inquiry response
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the credential inquiry response |
| type | string | true | none |
| attributes | object | true | none |
| » details | string | false | The information provided from the hacker |
| » user_id | string | false | The ID of the user that created the credential inquiry response. |
Enumerated Values
| Property | Value |
|---|---|
| type | credential_inquiry_response |
custom-field-attribute
{
"id": "1337",
"type": "custom-field-attribute",
"attributes": {
"field_type": "List",
"label": "Product Squad",
"internal": false,
"required": false,
"error_message": null,
"helper_text": "Helping you out with this!",
"configuration": "Infrastructure, Frontend, Backend",
"checkbox_text": null,
"regex": null,
"created_at": "2013-01-01T00:00:00.000Z",
"updated_at": "2013-01-01T00:00:00.000Z",
"archived_at": null
}
}
A Custom Field Attribute is an object containing the label and configuration of a Custom Field created for a Report or Program.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the custom field attribute. |
| type | string | true | none |
| attributes | object | true | none |
| » label | string | true | The attribute's label. |
| » field_type | string | false | The type of custom field |
| » internal | boolean | false | Internal or public custom field |
| » required | boolean | false | Is the field required? |
| » regex | string¦null | false | A regex used to validate the input for a text field |
| » error_message | string¦null | false | A custom error message when the regex validation fails |
| » checkbox_text | string¦null | false | The text shown with a checkbox field |
| » configuration | string¦null | false | An optional configuration for the attribute's type. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
| » updated_at | string(date-time) | true | The date and time the object was updated. Formatted according to ISO 8601. |
| » archived_at | string(date-time)¦null | false | The date and time the object was archived. Formatted according to ISO 8601. |
Enumerated Values
| Property | Value |
|---|---|
| type | custom-field-attribute |
custom-field-input
{
"id__eq": "1",
"value__eq": "Infrastructure"
}
An input to query for Report types by Custom Fields IDs and values.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id__eq | string | true | The ID of the Custom Field Attribute that needs to be filtered by. |
| value__eq | string | true | The Value of the corresponding Custom Field Value object that needs to be filtered by. Wildcards (% and _) can be used to loosely match on the stored value of the Custom Field. |
custom-field-value
{
"id": "1337",
"type": "custom-field-value",
"attributes": {
"value": "Infrastructure",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"custom_field_attribute": {
"data": {
"id": "287",
"type": "custom-field-attribute",
"attributes": {
"field_type": "List",
"label": "Product Squad",
"internal": false,
"required": false,
"error_message": null,
"helper_text": "Helping you out with this!",
"configuration": "Infrastructure, Frontend, Backend",
"checkbox_text": null,
"regex": null,
"created_at": "2013-01-01T00:00:00.000Z",
"updated_at": "2013-01-01T00:00:00.000Z",
"archived_at": null
}
}
}
}
}
A Custom Field Value object contains the value set for a particular Custom Field Attribute.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the custom field value. |
| type | string | true | none |
| attributes | object | true | none |
| » value | string¦null | true | The attribute's value. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
| » updated_at | string(date-time) | true | The date and time the object was updated. Formatted according to ISO 8601. |
| relationships | object | false | none |
| » custom_field_attribute | object | true | none |
| »» data | custom-field-attribute | false | The Custom Field Attribute associated with the Custom Field Value object. |
Enumerated Values
| Property | Value |
|---|---|
| type | custom-field-value |
custom-remediation-guidance
{
"data": {
"id": "84",
"type": "custom-remediation-guidance",
"attributes": {
"message": "Check buffer boundaries if accessing the buffer in a loop and make sure you are not in danger of writing past the allocated space.",
"created_at": "2020-10-26T08:47:23.296Z"
},
"relationships": {
"author": {
"data": {
"id": "1338",
"type": "user",
"attributes": {
"username": "api-example-2",
"name": "API Example 2",
"disabled": false,
"created_at": "2020-10-22T011:22:05.402Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
}
}
}
}
Custom remediation guidance that has been written by a team member.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the custom remediation guidance. |
| type | string | true | Indicates what kind of object it is. |
| attributes | object | true | none |
| » message | string | true | The text content of the custom remediation guidance. |
| » created_at | string(date-time) | true | The date and time the custom remediation guidance was created. Formatted according to ISO 8601. |
| relationships | object | true | none |
| » author | object | true | The user that wrote or last edited the custom remediation guidance. |
| »» data | user | false | User objects represent accounts on HackerOne. These objects are mostly referenced when someone performed an action using that account. All different actors on the platform, hackers, API users, and program users, have a user account. |
cve-request
{
"id": "1337",
"type": "cve-request",
"attributes": {
"request_type": "new",
"versions": [
{
"func": "<",
"vendor": "WidgetFactory",
"product": "WidgetOne",
"version": "1.0.0",
"affected": true,
"versionType": "semver"
}
],
"metrics": [
{
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N"
}
],
"products": [
"WidgetFactory WidgetOne"
],
"description": "Insufficient URI encoding in WidgetOne before 1.0.0 allows attacker to inject arbitrary parameters into API requests.",
"references": [],
"report_id": null,
"team_handle": "acme",
"state": "draft",
"vulnerability_discovered_at": "2024-01-20",
"created_at": "2024-01-20T14:26:19.286Z",
"updated_at": "2024-01-20T14:26:19.286Z",
"weakness_name": "Improper Input Validation",
"latest_state_change_reason": null,
"cve_identifier": null,
"auto_submit_on_publicly_disclosing_report": true
}
}
This object contains the information that was submitted to request a new CVE for a program.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the cve request |
| type | string | true | none |
| attributes | object | true | none |
| » request_type | string | true | The type of request. Possible values are "new" or "update". |
| » team_handle | string | true | The handle of the team. |
| » state | string | true | The state of the request. Possible values are "draft", "pending_hackerone_approval", \ "hackerone_approved", "pending_mitre_approval", "mitre_approved", "cancelled". |
| » versions | [object] | true | none |
| »» vendor | string | true | The vendor of the version. |
| »» product | string | true | The product of the version. |
| »» func | string | true | The function of the version. |
| »» version | string | true | The version. |
| »» versionType | string | true | The type of the version. |
| »» affected | boolean | true | Whether the version is affected or not. |
| » metrics | [object] | true | none |
| »» vectorString | string | true | The vector string. |
| » weakness_name | string¦null | false | The name of the weakness. |
| » description | string | true | Description of the information required from the hackers to create a CVE request. |
| » latest_state_change_reason | string¦null | false | The reason for the latest state change. |
| » cve_identifier | string¦null | false | The identifier of the CVE. |
| » auto_submit_on_publicly_disclosing_report | boolean¦null | false | Whether the request should be auto submitted on publicly disclosing report or not. Default is false. |
| » vulnerability_discovered_at | string(date-time) | true | The date when the vulnerability was discovered. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
| » updated_at | string(date-time) | true | The date and time the object was updated. Formatted according to ISO 8601. |
Enumerated Values
| Property | Value |
|---|---|
| type | cve-request |
error
{
"status": 0,
"title": "string",
"detail": "string",
"source": {
"parameter": "string"
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| status | integer | true | The HTTP status code. |
| title | string | false | The error message. |
| detail | string | false | Additional details about the error. |
| source | object | false | none |
| » parameter | string | false | The name of the parameter related to the error. |
errors
{
"errors": [
{
"status": 0,
"title": "string",
"detail": "string",
"source": {
"parameter": "string"
}
}
]
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| errors | [error] | true | none |
group
{
"id": "1337",
"type": "group",
"attributes": {
"name": "Admin",
"created_at": "2016-02-02T04:05:06.000Z",
"permissions": [
"user_management",
"report_management"
]
}
}
A group represents a set of users. A group is used to delegate permissions for the users in it. It can also be assigned to one or multiple reports.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the group. |
| type | string | true | none |
| attributes | object | true | none |
| » name | string | true | The name of the group. |
| » permissions | [string] | true | The permissions of the group. Possible values are reward_management, program_management, user_management, and report_management. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
Enumerated Values
| Property | Value |
|---|---|
| type | group |
inbox
{
"data": {
"id": "84",
"type": "inbox",
"attributes": {
"message": "ACME program inbox.",
"type": "default"
}
}
}
An inbox object represents an inbox that belongs to an organization and holds a set of reports. Default (aka program inboxes) are created by the system and cannot be deleted and hold all reports of the program Custom inboxes are created by the user and can be deleted and hold only reports that are explicitly assigned to them.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the inbox object. |
| type | string | true | Indicates what kind of object it is. |
| attributes | object | true | none |
| » type | string | true | The type of the inbox. Possible values: custom, default, summary. |
| » name | string | true | The name of the inbox. |
Enumerated Values
| Property | Value |
|---|---|
| type | inbox |
invitation
{
"id": "string",
"type": "string",
"attributes": {
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
}
}
These objects represent an invitation that was sent to a recipient. Invitations come in many sub types that can have additional attributes.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the invitation. |
| type | string | true | Indicates what kind of invitation it is. |
| attributes | object | true | none |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
| » updated_at | string(date-time) | true | The date and time the object was updated. Formatted according to ISO 8601. |
invitation-organization-member
{
"id": "string",
"type": "string",
"attributes": {
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z"
},
"data": {
"type": "invitation-organization-member",
"id": "1",
"attributes": {
"email": "example@hackerone.com",
"username": null,
"invited_by_id": "2",
"recipient_id": null,
"invitation_data": {
"notify": true,
"organization_admin": true,
"organization_member_group_ids": []
},
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"expires_at": "2016-02-02T04:05:06.000Z"
}
}
}
These objects represent an invitation that was sent to a recipient to become an organization member.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| invitation-organization-member | any | false | These objects represent an invitation that was sent to a recipient to become an organization member. |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | invitation | false | These objects represent an invitation that was sent to a recipient. Invitations come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » id | string | true | The unique ID of the organization_member_group. |
| » type | string | true | none |
| » attributes | object | true | none |
| string¦null | false | The email of the invited user. Returned if the user email is public. |
|
| »» username | string¦null | false | The username of the invited user. |
| »» invited_by_id | string | true | The unique ID of the invitee user. |
| »» recipient_id | string¦null | false | The unique ID of the invited user. |
| »» invitation_data | object | true | Additional data for the invitation. |
| »»» notify | boolean | false | Activates organization notifications for the user you are inviting. |
| »»» organization_admin | boolean | false | Sets the user you are inviting as an organization admin. |
| »»» organization_member_group_ids | [string] | false | The unique ids of the groups where the user is invited. The user's email must be respect the eligibility settings of these groups. |
| »» expires_at | string(date-time) | false | The date and time the organization member invitation expires. Formatted according to ISO 8601. |
Enumerated Values
| Property | Value |
|---|---|
| type | invitation-organization-member |
invitation-report
{
"id": "117",
"type": "report-participant",
"attributes": {
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"report_id": "1337"
}
}
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| invitation-report | any | false | none |
allOf
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | invitation | false | These objects represent an invitation that was sent to a recipient. Invitations come in many sub types that can have additional attributes. |
and
| Name | Type | Required | Description |
|---|---|---|---|
| anonymous | object | false | none |
| » attributes | object | true | none |
| »» report_id | string | true | The ID of the report associated with the invitation. |
links
{
"data": [
{
"id": "1337",
"type": "some-object",
"attributes": {
"some_attribute": "some value"
},
"relationships": {
"some_relationship": {
"data": {
"id": "1337",
"type": "some-other-object",
"attributes": {
"some_attribute": "some value"
}
}
}
}
}
],
"links": {
"first": "https://api.hackerone.com/v1/reports/1333",
"prev": "https://api.hackerone.com/v1/reports/1336",
"self": "https://api.hackerone.com/v1/reports/1337",
"next": "https://api.hackerone.com/v1/reports/1338",
"last": "https://api.hackerone.com/v1/reports/1345"
}
}
When querying for multiple objects, the client needs to know how to query the next page. This kind of data is included in this attribute. In case there is no additional meta data, this attribute is not returned by the API.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| attributes | object | false | none |
| » first | string | false | This attribute contains a URL to the first page or first resource when the resource or resources are paginated. |
| » prev | string | false | This attribute contains a URL to the previous page or previous resource when the resource or resources are paginated. |
| » self | string | false | This attribute contains a URL to the resource itself when it can be queried as a top level resource. At this moment, only report objects can be queried as individual resources. |
| » next | string | false | This attribute contains the URL to the next page or next resource when the resource or resources are paginated. |
| » last | string | false | This attribute contains a URL to the last page or last resource when the resource or resources are paginated. |
member
{
"id": "1337",
"type": "member",
"attributes": {
"created_at": "2016-02-02T04:05:06.000Z",
"permissions": [
"program_management",
"report_management",
"reward_management",
"user_management"
]
},
"relationships": {
"user": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
}
}
}
A member represents a user that is part of a program. A member is used to delegate permissions for the users attached to it.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the member. |
| type | string | true | none |
| attributes | object | true | none |
| » permissions | [string] | true | The permissions of the member. Possible values are reward_management, program_management, user_management, and report_management. |
| » groups | [object] | false | The list of groups the member belongs to. |
| »» data | [group] | false | [A group represents a set of users. A group is used to delegate permissions for the users in it. It can also be assigned to one or multiple reports. ] |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
| relationships | object | true | none |
| » user | object | true | The user that is part of the program. |
| »» data | user | true | User objects represent accounts on HackerOne. These objects are mostly referenced when someone performed an action using that account. All different actors on the platform, hackers, API users, and program users, have a user account. |
Enumerated Values
| Property | Value |
|---|---|
| type | member |
organization
{
"data": [
{
"id": "1",
"type": "organization",
"attributes": {
"handle": "security",
"created_at": "2022-09-07T08:00:00.000Z",
"updated_at": "2022-09-07T08:00:00.000Z"
}
}
],
"links": {}
}
An organization object represents an organization on the platform. When a user wants to know about organization assets, this is the object they interact with. Behind an organization, there can be multiple users that are part of the organization.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the organization. |
| type | string | true | none |
| attributes | object | true | none |
| » handle | string | true | The handle of the organization. Handles are unique and scoped under the same namespace as user usernames. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
| » updated_at | string(date-time) | true | The date and time the object was updated. Formatted according to ISO 8601. |
Enumerated Values
| Property | Value |
|---|---|
| type | organization |
asset
{
"data": {
"id": "2",
"type": "asset",
"attributes": {
"asset_type": "domain",
"identifier": "hackerone.com",
"domain_name": "hackerone.com",
"description": null,
"coverage": "untested",
"max_severity": "critical",
"confidentiality_requirement": "high",
"integrity_requirement": "high",
"availability_requirement": "high",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"archived_at": "2017-02-02T04:05:06.000Z",
"reference": "reference",
"state": "confirmed"
},
"relationships": {
"asset_tags": {
"data": [
{
"id": "1",
"type": "asset-tag",
"attributes": {
"name": "test"
},
"relationships": {
"asset_tag_category": {
"data": {
"id": "2",
"type": "asset-tag-category",
"attributes": {
"name": "test"
}
}
}
}
}
]
},
"programs": {
"data": [
{
"id": "1",
"type": "program",
"attributes": {
"handle": "handle",
"name": "team name"
}
}
]
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "https://attachments.s3.amazonaws.com/G74PuDP6qdEdN2rpKNLkVwZF",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "example.png",
"content_type": "image/png",
"file_size": 16115
}
}
]
}
}
}
}
An asset object represents an asset defined by the organization. Organization assets can be added to program scope where a related StructuredScope object is created.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the asset. |
| type | string | true | none |
| attributes | object | true | none |
| » asset_type | string | true | The type of the asset |
| » domain_name | string | false | The identifier of the asset. Only for asset type domain. Alias for identifier. |
| » url | string | false | The url of the asset. Only for asset type url. Alias for identifier. |
| » block | string | false | The IPv4 or IPv6 address of the asset. Only for asset type cidr. Alias for identifier. |
| » identifier | string | true | The identifier of the asset. |
| » available_from | string(date-time) | false | The date and time the asset was is available from updated. Formatted according to ISO 8601. Only for asset types sourceCode. Alias for identifier. |
| » app_store_id | string | false | The app store ID of the asset.Only for asset types iosAppStore, iosTestflight, iosIpa, androidPlayStore, androidApk, windowsMicrosoftStore. Alias for identifier. |
| » description | string¦null | false | The asset description. |
| » coverage | string | false | The asset coverage by programs. |
| » state | asset-states | true | The asset's current state. |
| » owner | string¦null | false | The asset owner. |
| » max_severity | string¦null | false | The qualitative rating of the maximum severity allowed on this asset |
| » confidentiality_requirement | string | false | A CVSS environmental modifier that reweights Confidentiality Impact of a vulnerability on this asset. |
| » integrity_requirement | string | false | A CVSS environmental modifier that reweights Integrity Impact of a vulnerability on this asset. |
| » availability_requirement | string | false | A CVSS environmental modifier that reweights Availability Impact of a vulnerability on this asset. |
| » created_at | string(date-time) | false | The date and time the asset was created. Formatted according to ISO 8601. |
| » updated_at | string(date-time) | false | The date and time the asset was last updated. Formatted according to ISO 8601. |
| » archived_at | string(date-time)¦null | false | The date and time the asset was archived. Formatted according to ISO 8601. |
| » reference | string | false | The customer defined reference identifier or tag of the asset. |
| relationships | object | false | none |
| » asset_tags | object | false | A list of AssetTag objects assigned to the asset. |
| »» data | [asset-tag-small] | false | [An asset tag object contains the information that is associated to an asset tag including relationships ] |
| » programs | object | false | A list of Program objects that have the asset in scope or out of scope. |
| »» data | [program] | false | [A program object represents a disclosure program or bug bounty program on the platform. When a user reports a bug to a program, this is the object they interact with. Behind a program, there can be multiple users that are part of the program. Those users can interact with reports on behalf of the program. ] |
| » attachments | object | false | A list of Attachment objects that belong to the asset. |
| »» data | [attachment] | false | [Users can add attachments when they file a report or when they interact with a report. Attachments may contain dangerous proof of concepts and should be handled with caution. ] |
Enumerated Values
| Property | Value |
|---|---|
| type | asset |
| asset_type | domain |
| asset_type | url |
| asset_type | cidr |
| asset_type | hardware |
| asset_type | sourceCode |
| asset_type | iosAppStore |
| asset_type | iosTestflight |
| asset_type | iosIpa |
| asset_type | androidPlayStore |
| asset_type | androidApk |
| asset_type | windowsMicrosoftStore |
| asset_type | executable |
| asset_type | other |
| asset_type | smartContract |
| asset_type | api |
| asset_type | aiModel |
| coverage | in_scope |
| coverage | out_of_scope |
| coverage | untested |
| max_severity | none |
| max_severity | low |
| max_severity | medium |
| max_severity | high |
| max_severity | critical |
| confidentiality_requirement | none |
| confidentiality_requirement | low |
| confidentiality_requirement | medium |
| confidentiality_requirement | high |
| integrity_requirement | none |
| integrity_requirement | low |
| integrity_requirement | medium |
| integrity_requirement | high |
| availability_requirement | none |
| availability_requirement | low |
| availability_requirement | medium |
| availability_requirement | high |
asset-import
{
"id": "2",
"type": "asset-import",
"attributes": {
"state": "processed",
"errors": [],
"created_at": "2022-06-30T14:17:49.640Z",
"updated_at": "2022-06-30T14:17:50.040Z"
}
}
An asset import object contains the information that is associated to an asset import including relationships
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | int | true | The unique ID of the asset import. |
| type | string | true | none |
| attributes | object | true | none |
| » state | string | true | - created - a new asset import is created and/or scheduled for execution. - importing - asset import is being processed. - failed - importing failed. - processed - importing finished without any errors. - processed_with_error - importing finished, but there are invalid identifiers in the import file. |
| » errors | array | false | The identifier of the asset. Only for asset type domain. |
| » created_at | string(date-time) | true | The date and time the asset was created. Formatted according to ISO 8601. |
| » updated_at | string(date-time) | true | The date and time the asset was last updated. Formatted according to ISO 8601. |
Enumerated Values
| Property | Value |
|---|---|
| type | asset-import |
| state | created |
| state | importing |
| state | failed |
| state | processed |
| state | processed_with_errors |
asset-screenshot
{
"id": "1337",
"type": "asset-screenshot",
"attributes": {
"expiring_url": "<url>",
"created_at": "2022-08-04T04:05:06.000Z",
"file_name": "paprika.png",
"content_type": "image/png",
"file_size": 2871
}
}
An asset screenshot object contains the information about the screenshot
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | integer | true | The unique ID of the asset_screenshot. |
| type | string | true | none |
| attributes | object | true | none |
| » file_name | string | true | The file name of the asset screenshot |
| » content_type | string | true | The content type of the asset screenshot. The content type is derived from the contents and extension of the file. |
| » file_size | integer | true | The file size of the asset_screenshot in bytes. |
| » expiring_url | string | true | A URL to download the asset screenshot. The URL will automatically expire after 60 minutes. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
Enumerated Values
| Property | Value |
|---|---|
| type | asset-screenshot |
asset-states
"confirmed"
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| asset-states | string | false | none |
Enumerated Values
| Property | Value |
|---|---|
| asset-states | confirmed |
| asset-states | rejected |
| asset-states | unconfirmed |
asset-tag
{
"id": "2",
"type": "asset-tag",
"attributes": {
"name": "test",
"category_name": "test",
"created_at": "2019-01-01T00:00:00.000Z",
"updated_at": "2019-01-01T00:00:00.000Z"
},
"relationships": {
"asset_tag_category": {
"data": {
"id": "2",
"type": "asset-tag-category",
"attributes": {
"name": "test"
}
}
}
}
}
An asset tag object contains the information that is associated to an asset tag including relationships
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the asset tag. |
| type | string | true | none |
| attributes | object | true | none |
| » name | string | true | The name of the asset tag |
| » category_name | string | true | The category name of the asset tag category |
| » created_at | string(date-time) | true | The date and time the asset was created. Formatted according to ISO 8601. |
| » updated_at | string(date-time) | true | The date and time the asset was last updated. Formatted according to ISO 8601. |
| relationships | object | true | none |
| » asset_tag_category | object | true | The AssetTagCategory object assigned to the asset tag. |
| »» data | asset-tag-category | true | An asset tag category object contains the information that is associated to an asset tag category |
Enumerated Values
| Property | Value |
|---|---|
| type | asset-tag |
asset-tag-category
{
"id": "2",
"type": "asset-tag-category",
"attributes": {
"name": "test"
}
}
An asset tag category object contains the information that is associated to an asset tag category
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the asset tag category. |
| type | string | true | none |
| attributes | object | true | none |
| » name | string | true | The unique name of the asset tag category. |
Enumerated Values
| Property | Value |
|---|---|
| type | asset-tag-category |
asset-tag-small
{
"id": "2",
"type": "asset-tag",
"attributes": {
"name": "test"
},
"relationships": {
"asset_tag_category": {
"data": {
"id": "2",
"type": "asset-tag-category",
"attributes": {
"name": "test"
}
}
}
}
}
An asset tag object contains the information that is associated to an asset tag including relationships
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the asset tag. |
| type | string | true | none |
| attributes | object | true | none |
| » name | string | true | The name of the asset tag |
| relationships | object | true | none |
| » asset_tag_category | object | true | The AssetTagCategory object assigned to the asset tag. |
| »» data | asset-tag-category | true | An asset tag category object contains the information that is associated to an asset tag category |
Enumerated Values
| Property | Value |
|---|---|
| type | asset-tag |
eligibility-setting
{
"data": {
"id": "1",
"type": "eligibility-setting",
"attributes": {
"allowed_domains": [
"hackerone.com"
],
"allowed_domains_enabled": true,
"name": "Organization Eligibility Settings",
"organization_id": "1",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
}
}
}
An eligibility setting object contains the information that is associated to an organization eligibility settings including relationships
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the eligibility setting. |
| type | string | true | none |
| attributes | object | true | none |
| » organization_id | string | true | The unique ID of the organization. |
| » name | string | true | The name of the eligibility setting. |
| » allowed_domains | array | true | The list of allowed domains for the eligibility setting. |
| » allowed_domains_enabled | boolean | true | Indicates if the eligibility setting is enabled for the allowed domains. |
| » created_at | string(date-time) | true | The date and time the eligibility setting was created. Formatted according to ISO 8601. |
| » updated_at | string(date-time) | true | The date and time the eligibility setting was last updated. Formatted according to ISO 8601. |
Enumerated Values
| Property | Value |
|---|---|
| type | eligibility-setting |
organization-member
{
"data": {
"id": "1",
"type": "organization-member",
"attributes": {
"organization_id": "3",
"user_id": "5",
"email": "example@hackerone.com",
"organization_admin": true,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"last_sign_in_at": "2023-11-24T21:24:31.102Z"
},
"relationships": {
"organization_member_groups": {
"data": [
{
"id": "2",
"type": "organization-member-group",
"attributes": {
"name": "Standard1",
"organization_id": "3",
"eligibility_setting_id": "4",
"permissions": [
"read_only_member"
],
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"migrated_at": null
}
}
]
}
}
}
}
An organization member object contains the information that is associated to an organization members including relationships
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the organization member. |
| type | string | true | none |
| attributes | object | true | none |
| » organization_id | string | true | The unique id of the organization. |
| » user_id | string | true | The unique id of the user. |
| string | false | The email of the organization member. | |
| » organization_admin | boolean | false | Indicates if the user is an organization admin. |
| » created_at | string(date-time) | false | The date and time the organization member was created. Formatted according to ISO 8601. |
| » updated_at | string(date-time) | false | The date and time the organization member was last updated. Formatted according to ISO 8601. |
| » last_sign_in_at | string(date-time) | false | The date and time of the user's most recent sign-in. Formatted according to ISO 8601. |
| relationships | object | false | none |
| » organization_member_groups | object | false | List of organization member groups user belongs to. |
| »» data | [organization-member-group] | false | [An organization member group object contains the information that is associated to an organization members group including relationships ] |
Enumerated Values
| Property | Value |
|---|---|
| type | organization-member |
organization-member-group
{
"id": "11",
"type": "organization-member-group",
"attributes": {
"name": "Standard1",
"organization_id": "2",
"eligibility_setting_id": "8",
"permissions": [
"read_only_member"
],
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"migrated_at": null
},
"relationships": {
"organization_members": {
"data": [
{
"id": "45",
"type": "organization-member",
"attributes": {
"organization_id": "2",
"user_id": "22",
"email": "example@hackerone.com",
"organization_admin": true,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"last_sign_in_at": "2023-11-24T21:24:31.102Z"
}
}
]
},
"programs": {
"data": []
}
}
}
An organization member group object contains the information that is associated to an organization members group including relationships
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the organization member group. |
| type | string | true | none |
| attributes | object | true | none |
| » organization_id | string | true | The unique id of the organization. |
| » eligibility_setting_id | string¦null | false | The unique id of the eligibility setting. |
| » name | string | true | The name of the group. |
| » permissions | [string] | false | The permissions of the organization member group. Possible values are: asset_inventory_manager, asset_inventory_viewer, group_manager, program_admin, read_only_member, report_analyst, report_reward_manager and user_manager. |
| » created_at | string(date-time) | true | The date and time the organization member group was created. Formatted according to ISO 8601. |
| » updated_at | string(date-time) | true | The date and time the organization member group was last updated. Formatted according to ISO 8601. |
| » migrated_at | string(date-time)¦null | false | The date and time the organization member group was migrated. Formatted according to ISO 8601. |
| relationships | object | false | none |
| » organization_members | object | false | List of organization members. |
| »» data | [organization-member] | false | [An organization member object contains the information that is associated to an organization members including relationships ] |
| » programs | object | false | none |
| »» data | [object] | false | none |
| »»» id | string | false | The unique ID of the program. |
| »»» type | string | false | none |
| »»» attributes | object | false | none |
| »»»» handle | string | true | The handle of the program. Handles are unique and scoped under the same namespace as user usernames. |
| »»»» created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
| »»»» updated_at | string(date-time) | true | The date and time the object was updated. Formatted according to ISO 8601. |
Enumerated Values
| Property | Value |
|---|---|
| type | organization-member-group |
| type | program |
program
{
"id": "1337",
"type": "program",
"attributes": {
"handle": "security",
"policy": "The policy of the program.",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"groups": {
"data": [
{
"id": "2557",
"type": "group",
"attributes": {
"name": "Standard",
"created_at": "2016-02-02T04:05:06.000Z",
"permissions": [
"report_management",
"reward_management"
]
}
},
{
"id": "2558",
"type": "group",
"attributes": {
"name": "Admin",
"created_at": "2016-02-02T04:05:06.000Z",
"permissions": [
"user_management",
"program_management"
]
}
}
]
},
"custom_field_attributes": {
"data": [
{
"id": "1337",
"type": "custom-field-attribute",
"attributes": {
"label": "Team",
"configuration": null,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"archived_at": null
}
}
]
},
"members": {
"data": [
{
"id": "1339",
"type": "member",
"attributes": {
"created_at": "2016-02-02T04:05:06.000Z",
"permissions": [
"program_management",
"report_management",
"reward_management",
"user_management"
]
},
"relationships": {
"user": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
}
}
}
]
},
"policy_attachments": {
"data": [
{
"id": "<id>",
"type": "attachment",
"attributes": {
"expiring_url": "<url>",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "logo.png",
"content_type": "image/png",
"file_size": 3650
}
}
]
}
}
}
A program object represents a disclosure program or bug bounty program on the platform. When a user reports a bug to a program, this is the object they interact with. Behind a program, there can be multiple users that are part of the program. Those users can interact with reports on behalf of the program.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the program. |
| type | string | true | none |
| attributes | object | true | none |
| » handle | string | true | The handle of the program. Handles are unique and scoped under the same namespace as user usernames. |
| » policy | string | true | The policy of the program. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
| » updated_at | string(date-time) | true | The date and time the object was updated. Formatted according to ISO 8601. |
| relationships | object | false | none |
| » groups | object | false | The groups of the program, which is used to delegate permissions and can be used to assign multiple users to a single report. Only included when the program object is fetched through the program resource. |
| »» data | [group] | false | [A group represents a set of users. A group is used to delegate permissions for the users in it. It can also be assigned to one or multiple reports. ] |
| » members | object | false | The members of the program, which is used to define the permissions of a user's membership of a program. Only included when the program object is fetched through the program resource. |
| »» data | [member] | false | [A member represents a user that is part of a program. A member is used to delegate permissions for the users attached to it. ] |
| » policy_attachments | object | false | Policy attachments of the program. Only included when the program object is fetched through the program resource. |
| »» data | [attachment] | false | [Users can add attachments when they file a report or when they interact with a report. Attachments may contain dangerous proof of concepts and should be handled with caution. ] |
| » custom_field_attributes | object | false | The Custom Field Attributes of the program, which are used to define Custom Fields on a Report. |
| »» data | [custom-field-attribute] | false | [A Custom Field Attribute is an object containing the label and configuration of a Custom Field created for a Report or Program. ] |
| » transactions | object | false | The payment transactions of the program for the selected period. |
| »» data | [transaction] | false | [A Transaction object represents the information about the program payment transaction. ] |
Enumerated Values
| Property | Value |
|---|---|
| type | program |
program_small
{
"id": "1337",
"type": "program",
"attributes": {
"handle": "security",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"groups": {
"data": [
{
"id": "2557",
"type": "group",
"attributes": {
"name": "Standard",
"created_at": "2016-02-02T04:05:06.000Z",
"permissions": [
"report_management",
"reward_management"
]
}
},
{
"id": "2558",
"type": "group",
"attributes": {
"name": "Admin",
"created_at": "2016-02-02T04:05:06.000Z",
"permissions": [
"user_management",
"program_management"
]
}
}
]
},
"custom_field_attributes": {
"data": [
{
"id": "1337",
"type": "custom-field-attribute",
"attributes": {
"label": "Team",
"configuration": null,
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"archived_at": null
}
}
]
},
"members": {
"data": [
{
"id": "1339",
"type": "member",
"attributes": {
"created_at": "2016-02-02T04:05:06.000Z",
"permissions": [
"program_management",
"report_management",
"reward_management",
"user_management"
]
},
"relationships": {
"user": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
}
}
}
]
},
"policy_attachments": {
"data": [
{
"id": "<id>",
"type": "attachment",
"attributes": {
"expiring_url": "<url>",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "logo.png",
"content_type": "image/png",
"file_size": 3650
}
}
]
}
}
}
A program object represents a disclosure program or bug bounty program on the platform. When a user reports a bug to a program, this is the object they interact with. Behind a program, there can be multiple users that are part of the program. Those users can interact with reports on behalf of the program.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the program. |
| type | string | true | none |
| attributes | object | true | none |
| » handle | string | true | The handle of the program. Handles are unique and scoped under the same namespace as user usernames. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
| » updated_at | string(date-time) | true | The date and time the object was updated. Formatted according to ISO 8601. |
| relationships | object | false | none |
| » groups | object | false | The groups of the program, which is used to delegate permissions and can be used to assign multiple users to a single report. Only included when the program object is fetched through the program resource. |
| »» data | [group] | false | [A group represents a set of users. A group is used to delegate permissions for the users in it. It can also be assigned to one or multiple reports. ] |
| » members | object | false | The members of the program, which is used to define the permissions of a user's membership of a program. Only included when the program object is fetched through the program resource. |
| »» data | [member] | false | [A member represents a user that is part of a program. A member is used to delegate permissions for the users attached to it. ] |
| » policy_attachments | object | false | Policy attachments of the program. Only included when the program object is fetched through the program resource. |
| »» data | [attachment] | false | [Users can add attachments when they file a report or when they interact with a report. Attachments may contain dangerous proof of concepts and should be handled with caution. ] |
| » custom_field_attributes | object | false | The Custom Field Attributes of the program, which are used to define Custom Fields on a Report. |
| »» data | [custom-field-attribute] | false | [A Custom Field Attribute is an object containing the label and configuration of a Custom Field created for a Report or Program. ] |
| » transactions | object | false | The payment transactions of the program for the selected period. |
| »» data | [transaction] | false | [A Transaction object represents the information about the program payment transaction. ] |
Enumerated Values
| Property | Value |
|---|---|
| type | program |
report
{
"id": "1337",
"type": "report",
"attributes": {
"title": "XSS in login form",
"state": "new",
"created_at": "2016-02-02T04:05:06.000Z",
"vulnerability_information": "...",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": null,
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"last_public_activity_at": null,
"last_activity_at": null,
"issue_tracker_reference_url": "https://example.com/reference",
"cve_ids": [],
"source": null,
"reporter_agreed_on_going_public_at": null
},
"relationships": {
"reporter": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"reputation": 7,
"signal": 7,
"impact": 30
}
}
},
"collaborators": {
"data": [
{
"weight": 1,
"user": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"reputation": 7,
"signal": 7,
"impact": 30
}
}
},
{
"weight": 1,
"user": {
"id": "1338",
"type": "user",
"attributes": {
"username": "api-example 2",
"name": "API Example 2",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"reputation": 7,
"signal": 7,
"impact": 30
}
}
}
]
},
"program": {
"data": {
"id": "1337",
"type": "program",
"attributes": {
"handle": "security",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
}
}
},
"swag": {
"data": []
},
"attachments": {
"data": []
},
"weakness": {
"data": {
"id": "1337",
"type": "weakness",
"attributes": {
"name": "Cross-Site Request Forgery (CSRF)",
"description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
"external_id": "cwe-352",
"created_at": "2016-02-02T04:05:06.000Z"
}
}
},
"structured_scope": {
"data": {
"id": "287",
"type": "structured-scope",
"attributes": {
"asset_type": "URL",
"asset_identifier": "www.hackerone.com",
"eligible_for_bounty": true,
"eligible_for_submission": true,
"instruction": "This asset does not contain any highly confidential information.",
"max_severity": "critical",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"reference": "T12345",
"confidentiality_requirement": "medium",
"integrity_requirement": "high",
"availability_requirement": "medium"
}
}
},
"activities": {
"data": []
},
"bounties": {
"data": []
},
"summaries": {
"data": []
}
}
}
A report object contains the information that hackers submitted to a program, the interactions the program users had with the report, and all additional meta information like bounties, swag, and internal references.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the report. |
| type | string | true | none |
| attributes | object | true | none |
| » title | string | true | The title of the report. May be updated through the HackerOne interface. |
| » vulnerability_information | string | false | The raw report's vulnerability information. Markdown is not parsed. |
| » main_state | report-main-states | true | The report's main state. Directly related to the state of the report. |
| » state | report-states | true | The report's current state. May be updated through the HackerOne interface or the HackerOne API. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
| » triaged_at | string(date-time)¦null | false | The date and time the report was triaged. This attribute is reset when the report was reopened after it was triaged. Formatted according to ISO 8601. |
| » closed_at | string(date-time)¦null | false | The date and time the report was closed. This attribute is reset when the report was reopened after it was closed. Formatted according to ISO 8601. |
| » last_reporter_activity_at | string(date-time)¦null | false | The date and time that the most recent reporter activity was posted on the report. Formatted according to ISO 8601. |
| » first_program_activity_at | string(date-time)¦null | false | The date and time that the first program activity was posted on the report. Formatted according to ISO 8601. |
| » last_program_activity_at | string(date-time)¦null | false | The date and time that the most recent program activity was posted on the report. Formatted according to ISO 8601. |
| » last_activity_at | string(date-time)¦null | false | The date and time that the most recent activity was posted on the report. Formatted according to ISO 8601. |
| » last_public_activity_at | string(date-time)¦null | false | The date and time that the most recent public activity was posted on the report. Formatted according to ISO 8601. |
| » bounty_awarded_at | string(date-time)¦null | false | The date and time that the most recent bounty was awarded on the report. Formatted according to ISO 8601. |
| » swag_awarded_at | string(date-time)¦null | false | The date and time that the most recent swag was awarded on the report. Formatted according to ISO 8601. |
| » disclosed_at | string(date-time)¦null | false | The date and time the report was disclosed. Formatted according to ISO 8601. |
| » reporter_agreed_on_going_public_at | string(date-time)¦null | false | The date and time the reporter agreed for the public disclosure. Formatted according to ISO 8601. |
| » issue_tracker_reference_id | string | false | The id of the issue tracker reference typically used when triaging a report. |
| » issue_tracker_reference_url | string | false | The url of the issue tracker reference. |
| » cve_ids | [string] | false | An assigned CVE id(s) for this report |
| » source | string¦null | false | A free-form string defining the source of the report for tracking purposes. For example, "detectify", "rapid7" or "jira". |
| » timer_bounty_awarded_miss_at | date-time¦null | false | The date and time the system expects the program to have awarded a bounty by. This field is null when the system does not expect the report to receive a bounty at this time. |
| » timer_bounty_awarded_elapsed_time | integer¦null | false | The total number of seconds that have elapsed between when the timer started and when it stopped ticking. The timer does not take weekends into account. If this field is null and the corresponding miss_at field is set, it meansthe timer is still counting. |
| » timer_first_program_response_miss_at | date-time¦null | false | The date and time the system expects the program to have posted an initial public comment to the report by. |
| » timer_first_program_response_elapsed_time | integer¦null | false | The total number of seconds that have elapsed between when the timer started and when it stopped ticking. The timer does not take weekends into account. If this field is null and the corresponding miss_at field is set, it meansthe timer is still counting. |
| » timer_report_resolved_miss_at | date-time¦null | false | The date and time the system expects the program to have closed the report by. This field is null when the report seems blocked by the reporter. |
| » timer_report_resolved_elapsed_time | integer¦null | false | The total number of seconds that have elapsed between when the timer started and when it stopped ticking. The timer does not take weekends into account. If this field is null and the corresponding miss_at field is set, it meansthe timer is still counting. |
| » timer_report_triage_miss_at | date-time¦null | false | The date and time the system expects the program to have triaged the report by. This field is null when the system does not expect the report to be triaged at this time. |
| » timer_report_triage_elapsed_time | integer¦null | false | The total number of seconds that have elapsed between when the timer started and when it stopped ticking. The timer does not take weekends into account. If this field is null and the corresponding miss_at field is set, it meansthe timer is still counting. |
| » original_report_id | string¦null | false | Id of the report this report has been cloned from. |
| relationships | object | true | none |
| » program | object | true | The program that received the report. |
| »» data | program_small | true | A program object represents a disclosure program or bug bounty program on the platform. When a user reports a bug to a program, this is the object they interact with. Behind a program, there can be multiple users that are part of the program. Those users can interact with reports on behalf of the program. |
| » assignee | object | false | The user or group that is assigned to handle the report. |
| »» data | any | false | none |
oneOf - discriminator: user.type
| Name | Type | Required | Description |
|---|---|---|---|
| »»» anonymous | user | false | User objects represent accounts on HackerOne. These objects are mostly referenced when someone performed an action using that account. All different actors on the platform, hackers, API users, and program users, have a user account. |
xor - discriminator: group.type
| Name | Type | Required | Description |
|---|---|---|---|
| »»» anonymous | group | false | A group represents a set of users. A group is used to delegate permissions for the users in it. It can also be assigned to one or multiple reports. |
continued
| Name | Type | Required | Description |
|---|---|---|---|
| » attachments | object | false | A list of Attachment objects that the reporter added to the report. |
| »» data | [attachment] | false | [Users can add attachments when they file a report or when they interact with a report. Attachments may contain dangerous proof of concepts and should be handled with caution. ] |
| » swag | object | false | A list of Swag objects that were awarded to the reporter. |
| »» data | [swag] | false | [Besides a financial reward, which is called a bounty, programs can award swag. Report objects may contain multiple swag objects, one for each time swag was awarded. ] |
| » weakness | object | false | The Weakness object of the report provided by the reporter or team. |
| »» data | weakness | false | A Weakness object represents the type of weakness the hacker submitted to a program. The weakness was initially provided by the hacker, but may be reviewed and corrected by the program. |
| » structured_scope | object | false | The StructuredScope object of the report provided by the reporter or team. |
| »» data | structured-scope | false | A StructuredScope object represents an asset defined by the program. The scope on a report was initially provided by the hacker, but may be reviewed and corrected by the program. |
| » severity | object | false | The Severity object of the report provided by the reporter or team. |
| »» data | severity | false | A severity object represents the severity of a report, if provided by the reporter or a team member. |
| » reporter | object | false | The user that created the report. This object contains the user's reputation, signal, and impact metrics. |
| »» data | user | false | User objects represent accounts on HackerOne. These objects are mostly referenced when someone performed an action using that account. All different actors on the platform, hackers, API users, and program users, have a user account. |
| » triggered_pre_submission_trigger | object | false | A pre-submission trigger that notified the hacker before submission. This field is only present for reports filed after February 14, 2016. |
| »» data | trigger | false | Triggers are a way to show a pop-up message or to automatically reply to reports based on their title or content. |
| » activities | object | false | A list of Activity objects that can be used to generate a timeline of changes. Activities are ordered by most recent first. |
| »» data | [activity] | false | [These objects represent an action that was performed on a report or on a program. Activities come in many sub types that can have additional attributes. ] |
| » bounties | object | false | A list of Bounty objects that were awarded to the reporter. |
| »» data | [bounty] | false | [When a program pays a bounty to the hacker, a bounty object is created. A report may contain multiple bounty objects, one for each time a bounty was awarded. The hacker that reported the vulnerability is the user that received the bounty. ] |
| » summaries | object | false | A list of Report Summary objects that were added to the report by the reporter and team. |
| »» data | [report-summary] | false | [Before a report is disclosed, the program, the HackerOne Triage team and hacker may add a summary. A report can have only one summary per party. Unlike activities, summaries can be edited through HackerOne indefinitely. Triage summaries are only visible to team members and the HackerOne Triage team. ] |
| » custom_field_values | object | false | A list of Custom Field Value objects containing all Custom Field Attributes that are set for the report. Enterprise only. |
| »» data | [custom-field-value] | false | [A Custom Field Value object contains the value set for a particular Custom Field Attribute. ] |
| » automated_remediation_guidance | object | false | Remediation guidance that has been derived from the report's weakness. |
| »» data | automated-remediation-guidance | false | Remediation guidance that has been derived from the report's weakness. |
| » custom_remediation_guidance | object | false | Custom remediation guidance that has been written by a team member. |
| »» data | custom-remediation-guidance | false | Custom remediation guidance that has been written by a team member. |
| » inboxes | object | false | A list of inboxes the report appears in. |
| »» data | [inbox] | false | [An inbox object represents an inbox that belongs to an organization and holds a set of reports. Default (aka program inboxes) are created by the system and cannot be deleted and hold all reports of the program Custom inboxes are created by the user and can be deleted and hold only reports that are explicitly assigned to them. ] |
Enumerated Values
| Property | Value |
|---|---|
| type | report |
report-main-states
"draft"
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| report-main-states | string | false | none |
Enumerated Values
| Property | Value |
|---|---|
| report-main-states | draft |
| report-main-states | open |
| report-main-states | closed |
report-states
"new"
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| report-states | string | false | none |
Enumerated Values
| Property | Value |
|---|---|
| report-states | new |
| report-states | pending-program-review |
| report-states | triaged |
| report-states | needs-more-info |
| report-states | resolved |
| report-states | not-applicable |
| report-states | informative |
| report-states | duplicate |
| report-states | spam |
| report-states | retesting |
report-summary
{
"id": "1337",
"type": "report-summary",
"attributes": {
"content": "There was a cross-site scripting vulnerability in our login form.",
"category": "team",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"attachments": {
"data": []
},
"user": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
}
}
}
Before a report is disclosed, the program, the HackerOne Triage team and hacker may add a summary. A report can have only one summary per party. Unlike activities, summaries can be edited through HackerOne indefinitely. Triage summaries are only visible to team members and the HackerOne Triage team.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the report summary. |
| type | string | true | none |
| attributes | object | true | none |
| » content | string | true | The raw summary of the report. Markdown is not parsed. |
| » category | string | true | The involved party that wrote the summary. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
| » updated_at | string(date-time) | true | The date and time the object was last updated. Formatted according to ISO 8601. |
| relationships | object | true | none |
| » user | object | true | The author that added the summary to the report. |
| »» data | user | false | User objects represent accounts on HackerOne. These objects are mostly referenced when someone performed an action using that account. All different actors on the platform, hackers, API users, and program users, have a user account. |
Enumerated Values
| Property | Value |
|---|---|
| type | report-summary |
| category | researcher |
| category | team |
| category | triage |
severity
{
"id": "57",
"type": "severity",
"attributes": {
"rating": "low",
"author_type": "User",
"user_id": 1337,
"created_at": "2023-11-21T14:00:16.142Z",
"score": 3.9,
"attack_complexity": "low",
"attack_vector": "network",
"confidentiality": "low",
"integrity": "low",
"availability": "low",
"privileges_required": "low",
"user_interaction": "required",
"scope": "changed",
"confidentiality_requirement": "medium",
"integrity_requirement": "low",
"availability_requirement": "low",
"max_severity": "low",
"calculation_method": "cvss_3_1",
"cvss_vector_string": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"
}
}
A severity object represents the severity of a report, if provided by the reporter or a team member.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the severity. |
| type | string | true | none |
| attributes | object | true | none |
| » rating | severity-ratings | true | The qualitative rating of the severity. Provided either directly from the author or mapped from the calculated vulnerability score. |
| » author_type | string | true | The involved party that provided the severity. |
| » user_id | integer | true | The unique id of the user who created the object. |
| » score | number¦null | false | The vulnerability score calculated from the Common Vulnerability Scoring System (CVSS). Only present if CVSS metrics were provided. |
| » attack_vector | string¦null | false | A CVSS metric that reflects the context by which vulnerability exploritation is possible. |
| » attack_complexity | string | false | A CVSS metric that describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability. |
| » privileges_required | string | false | A CVSS metric that describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. |
| » user_interaction | string | false | A CVSS metric that captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerability component. |
| » scope | string¦null | false | A CVSS metric that determines if a successful attack impacts a component other than the vulnerable component. |
| » confidentiality | string | false | A CVSS metric that measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. |
| » integrity | string | false | A CVSS metric that measures the impact to the integrity of a successfully exploited vulnerability. |
| » availability | string | false | A CVSS metric that measures the availability of the impacted component resulting from a successfully exploited vulnerability. |
| » calculation_method | string | false | The method used to calculate the severity. If the severity was manually set by an employee, the value will be manual. If the severity was calculated by HackerOne'sCVSS 3.0 calculator, the value will be cvss_3_0_hackerone. If the severity wascalculated by the official CVSS 3.1 calculator, the value will be cvss_3_1. |
| » cvss_vector_string | string | false | If severity method is not manual, there will be a CVSS vector string. This is a string that is generated based on the given environmental scores. |
| » message | string | false | Optional reason for the severity value. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
Enumerated Values
| Property | Value |
|---|---|
| type | severity |
| author_type | User |
| author_type | Team |
| attack_vector | network |
| attack_vector | adjacent |
| attack_vector | local |
| attack_vector | physical |
| attack_complexity | low |
| attack_complexity | high |
| privileges_required | none |
| privileges_required | low |
| privileges_required | high |
| user_interaction | none |
| user_interaction | required |
| scope | unchanged |
| scope | changed |
| confidentiality | none |
| confidentiality | low |
| confidentiality | high |
| integrity | none |
| integrity | low |
| integrity | high |
| availability | none |
| availability | low |
| availability | high |
| calculation_method | manual |
| calculation_method | cvss_3_0_hackerone |
| calculation_method | cvss_3_1 |
severity-ratings
"none"
The qualitative rating of the severity. Provided either directly from the author or mapped from the calculated vulnerability score.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| severity-ratings | string | false | The qualitative rating of the severity. Provided either directly from the author or mapped from the calculated vulnerability score. |
Enumerated Values
| Property | Value |
|---|---|
| severity-ratings | none |
| severity-ratings | low |
| severity-ratings | medium |
| severity-ratings | high |
| severity-ratings | critical |
structured-scope
{
"id": "57",
"type": "structured-scope",
"attributes": {
"asset_identifier": "api.example.com",
"asset_type": "URL",
"confidentiality_requirement": "high",
"integrity_requirement": "high",
"availability_requirement": "high",
"max_severity": "critical",
"created_at": "2015-02-02T04:05:06.000Z",
"updated_at": "2016-05-02T04:05:06.000Z",
"instruction": null,
"eligible_for_bounty": true,
"eligible_for_submission": true,
"reference": "H001001"
}
}
A StructuredScope object represents an asset defined by the program. The scope on a report was initially provided by the hacker, but may be reviewed and corrected by the program.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the scope. |
| type | string | true | none |
| attributes | object | true | none |
| » asset_identifier | string | true | The identifier of the asset. |
| » asset_type | string | true | The type of the asset. |
| » eligible_for_bounty | boolean | true | If the asset is eligible for bounty. |
| » eligible_for_submission | boolean | true | If the asset is eligible for submission. |
| » instruction | string¦null | false | The raw intruction of the asset provided by the program. Markdown is not parsed. |
| » confidentiality_requirement | string | false | A CVSS environmental modifier that reweights Confidentiality Impact of a vulnerability on this asset. |
| » integrity_requirement | string | false | A CVSS environmental modifier that reweights Integrity Impact of a vulnerability on this asset. |
| » availability_requirement | string | false | A CVSS environmental modifier that reweights Availability Impact of a vulnerability on this asset. |
| » max_severity | string | true | The qualitative rating of the maximum severity allowed on this asset. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
| » updated_at | string(date-time) | true | The date and time the object was updated. Formatted according to ISO 8601. |
| » reference | string¦null | false | The customer defined reference identifier or tag of the asset. |
Enumerated Values
| Property | Value |
|---|---|
| type | structured-scope |
| confidentiality_requirement | none |
| confidentiality_requirement | low |
| confidentiality_requirement | medium |
| confidentiality_requirement | high |
| integrity_requirement | none |
| integrity_requirement | low |
| integrity_requirement | medium |
| integrity_requirement | high |
| availability_requirement | none |
| availability_requirement | low |
| availability_requirement | medium |
| availability_requirement | high |
| max_severity | none |
| max_severity | low |
| max_severity | medium |
| max_severity | high |
| max_severity | critical |
swag
{
"id": "1337",
"type": "swag",
"attributes": {
"sent": false,
"created_at": "2016-02-02T04:05:06.000Z"
},
"relationships": {
"user": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"address": {
"data": {
"id": "1337",
"type": "address",
"attributes": {
"name": "Jane Doe",
"street": "535 Mission Street",
"city": "San Francisco",
"postal_code": "94105",
"state": "CA",
"country": "United States of America",
"created_at": "2016-02-02T04:05:06.000Z",
"tshirt_size": "W_Large",
"phone_number": "+1-510-000-0000"
}
}
}
}
}
Besides a financial reward, which is called a bounty, programs can award swag. Report objects may contain multiple swag objects, one for each time swag was awarded.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the swag. |
| type | string | true | none |
| attributes | object | true | none |
| » sent | boolean | true | Indicates whether the swag has been marked as sent. Swag can be marked as sent through the HackerOne interface. |
| » created_at | string(data-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
| relationships | object | false | none |
| » user | object | true | none |
| »» data | user | true | The user the swag was awarded to. |
| » address | object | true | none |
| »» data | address | true | The user's address to send the swag to. |
Enumerated Values
| Property | Value |
|---|---|
| type | swag |
thanks-item
{
"type": "thanks-item",
"attributes": {
"total_report_count": 1,
"reputation": 7,
"recognized_report_count": 1,
"username": "lorem",
"user_id": "55"
}
}
A thanks item object represents thanks given to hackers by program members
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| attributes | object | true | none |
| » total_report_count | integer | true | The number of reports |
| » reputation | integer | true | The reputation of the user |
| » recognized_report_count | integer | true | The number of resolved reports |
| » username | string | true | The username of the user |
| » user_id | string | true | The ID of the user |
transaction
{
"id": 10,
"bounty_award": "1000.00",
"bounty_fee": "200.00",
"activity_date": "2019-09-25T04:22:42.686Z",
"activity_description": "Bounty for report #9",
"debit_or_credit_amount": "-1200.00",
"balance": "-1200.00",
"payment_transaction_type": "payment",
"relationships": {
"payer": {
"data": {
"id": 3,
"type": "user"
},
"attributes": {
"username": "payer-username"
},
"links": {
"self": "http://hackerone.com/payer-username"
}
},
"report": {
"data": {
"id": 9,
"type": "report"
},
"links": {
"self": "http://hackerone.com/reports/9"
}
},
"user": {
"data": {
"id": 1,
"type": "user"
},
"attributes": {
"username": "hacker-username"
},
"links": {
"self": "http://hackerone.com/hacker-username"
}
},
"team": {
"data": {
"id": 2,
"type": "team"
},
"attributes": {
"handle": "hacker-team"
},
"links": {
"self": "http://hackerone.com/hacker-team"
}
}
},
"links": {
"self": "https://api.hackerone.com/v1/programs/{id}/billing/transactions?page%5Bnumber%5D=1",
"next": "https://api.hackerone.com/v1/programs/{id}/billing/transactions?page%5Bnumber%5D=2",
"last": "https://api.hackerone.com/v1/programs/{id}/billing/transactions?page%5Bnumber%5D=5"
}
}
A Transaction object represents the information about the program payment transaction.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | integer | true | The unique ID of the transaction. |
| type | string | true | none |
| attributes | object | true | none |
| » activity_date | string(date-time) | true | The date and time of the activity. Formatted according to ISO 8601. |
| » activity_description | string | true | The description of the activity. |
| » balance | string | true | The date of the payment. |
| » bounty_award | string¦null | true | The amount of awarded bounty. |
| » bounty_fee | string¦null | true | The HackerOne bounty fee. |
| » debit_or_credit_amount | string | false | The amount that's debited or credited from your balance. |
| relationships | object | false | none |
| » report | object | false | none |
| »» data | object | true | none |
| »»» id | integer | true | The ID of the report with the awarded bounty. |
| »»» type | string | true | none |
| »» links | object | true | none |
| »»» self | string | true | The URL of the report with the awarded bounty. |
| » user | object | false | none |
| »» data | object | true | none |
| »»» id | integer | true | The ID of the hacker awarded with the bounty. |
| »»» type | string | true | none |
| »» attributes | object | false | none |
| »»» username | string | false | The username of the hacker awarded with the bounty. |
| »» links | object | true | none |
| »»» self | string | true | The URL to the hacker awarded with the bounty. |
| » payer | object | false | none |
| »» data | object | true | none |
| »»» id | integer | true | The ID of the user paying the bounty. |
| »»» type | string | true | none |
| »» attributes | object | true | none |
| »»» username | string | false | The username of the user paying the bounty. |
| »» links | object | true | none |
| »»» self | string | true | The URL to the user paying the bounty. |
| » team | object | false | none |
| »» data | object | true | none |
| »»» id | integer | true | The ID of the team handling the bounty. |
| »»» type | string | true | none |
| »» attributes | object | false | none |
| »»» handle | string | false | The nickname of the team handling the bounty. |
| »» links | object | true | none |
| »»» self | string | true | The URL to the team handling the bounty. |
Enumerated Values
| Property | Value |
|---|---|
| type | payment-transaction |
| type | report |
| type | user |
| type | user |
| type | team |
trigger
{
"id": "1337",
"type": "trigger",
"attributes": {
"title": "Example Trigger"
}
}
Triggers are a way to show a pop-up message or to automatically reply to reports based on their title or content.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the trigger. |
| type | string | true | none |
| attributes | object | true | none |
| » title | string¦null | false | The name of the trigger. |
Enumerated Values
| Property | Value |
|---|---|
| type | trigger |
user
{
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
User objects represent accounts on HackerOne. These objects are mostly referenced when someone performed an action using that account. All different actors on the platform, hackers, API users, and program users, have a user account.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the user. |
| type | string | true | none |
| attributes | object | true | none |
| » disabled | boolean | true | Indicates if the user is disabled. |
| » username | string | true | The username of the user. Usernames are unique and scoped under the same namespace as program handles. |
| » name | string | true | The name of the user. A name may be empty and is free-format. |
| » profile_picture | object | true | An object that holds URLs to different profile picture sizes. |
| »» 62x62 | string | true | none |
| »» 82x82 | string | true | none |
| »» 110x110 | string | true | none |
| »» 260x260 | string | true | none |
| » bio | string¦null | false | The user's biography, as provided by the user. |
| » website | string¦null | false | The user's website, as provided by the user. |
| » location | string¦null | false | The user's location, as provided by the user. |
| » reputation | number¦null | false | The reputation of the user. Read more about how this number is calculated href="https://www.hackerone.com/blog/introducing-reputation">here. This attribute is only included in the reporter relationship of a report object. |
| » signal | number¦null | false | The signal of the user. This number ranges from -10 to 7. The closer to 7, the higher the average submission quality of the user. This attribute is only included in the reporter relationship of a report object. Learn more about how this number is calculated href="https://www.hackerone.com/blog/introducing-signal-and-impact">here. |
| » impact | number¦null | false | The impact of the user. This number ranges from 0 to 50. The closer to 50, the higher the average severity of the user's reports is. This attribute is only included in the reporter relationship of a report object. Learn more about how this number is calculated href="https://www.hackerone.com/blog/introducing-signal-and-impact">here. |
| » hackerone_triager | boolean¦null | false | Indicates if the user is a hackerone triager. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
| relationships | object | false | none |
| » participating_programs | object | false | none |
| »» data | [object] | false | List of private programs that you manage where this user is invited to. This attribute is only included when making use of the User > Read endpoint. |
Enumerated Values
| Property | Value |
|---|---|
| type | user |
weakness
{
"id": "1337",
"type": "weakness",
"attributes": {
"name": "Cross-Site Request Forgery (CSRF)",
"description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
"created_at": "2016-02-02T04:05:06.000Z",
"external_id": "cwe-352"
}
}
A Weakness object represents the type of weakness the hacker submitted to a program. The weakness was initially provided by the hacker, but may be reviewed and corrected by the program.
Attributes
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | true | The unique ID of the weakness. |
| type | string | true | none |
| attributes | object | true | none |
| » name | string | true | The name of the weakness. |
| » description | string | true | The raw description of the weakness. Markdown is not parsed. |
| » external_id | string | true | The weakness' external reference to CWE or CAPEC. |
| » created_at | string(date-time) | true | The date and time the object was created. Formatted according to ISO 8601. |
Enumerated Values
| Property | Value |
|---|---|
| type | weakness |