Hacker Resources
Reports
Get Reports
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/me/reports" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/me/reports',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/me/reports',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/me/reports");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/me/reports',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/me/reports", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
report found
{
"data": [
{
"id": "1",
"type": "report",
"attributes": {
"title": "Yet Another XSS",
"state": "new",
"created_at": "2016-02-02T04:05:06.000Z",
"vulnerability_information": "Vuln information",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": null,
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"reporter_agreed_on_going_public_at": null,
"last_public_activity_at": null,
"last_activity_at": null
},
"relationships": {
"reporter": {
"data": {
"id": "1",
"type": "user",
"attributes": {
"username": "john",
"name": "John",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"bio": "Super great hacker",
"website": "http://hackerone.com",
"location": "Who wants to know?",
"hackerone_triager": false
}
}
},
"program": {
"data": {
"id": "1",
"type": "program",
"attributes": {
"handle": "teamy",
"created_at": null,
"updated_at": null
}
}
},
"weakness": {
"data": {
"id": "2",
"type": "weakness",
"attributes": {
"name": "Denial of Service",
"description": "The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.",
"external_id": "3",
"created_at": "2016-02-02T04:05:06.000Z"
}
}
}
}
},
{
"id": "2",
"type": "report",
"attributes": {
"title": "Another XSS",
"state": "new",
"created_at": "2016-02-02T04:05:06.000Z",
"vulnerability_information": "Vuln information",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": null,
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"reporter_agreed_on_going_public_at": null,
"last_public_activity_at": null,
"last_activity_at": null
},
"relationships": {
"reporter": {
"data": {
"id": "3",
"type": "user",
"attributes": {
"username": "john",
"name": "John",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"bio": "Super great hacker",
"website": "http://hackerone.com",
"location": "Who wants to know?",
"hackerone_triager": false
}
}
},
"program": {
"data": {
"id": "4",
"type": "program",
"attributes": {
"handle": "teamy",
"created_at": null,
"updated_at": null
}
}
},
"weakness": {
"data": {
"id": "5",
"type": "weakness",
"attributes": {
"name": "Denial of Service",
"description": "The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.",
"external_id": "2",
"created_at": "2016-02-02T04:05:06.000Z"
}
}
}
}
},
{
"id": "3",
"type": "report",
"attributes": {
"title": "XSS",
"state": "new",
"created_at": "2016-02-02T04:05:06.000Z",
"vulnerability_information": "Vuln information",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": null,
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"reporter_agreed_on_going_public_at": null,
"last_public_activity_at": null,
"last_activity_at": null
},
"relationships": {
"reporter": {
"data": {
"id": "4",
"type": "user",
"attributes": {
"username": "john",
"name": "John",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"bio": "Super great hacker",
"website": "http://hackerone.com",
"location": "Who wants to know?",
"hackerone_triager": false
}
}
},
"program": {
"data": {
"id": "5",
"type": "program",
"attributes": {
"handle": "teamy",
"created_at": null,
"updated_at": null
}
}
},
"weakness": {
"data": {
"id": "6",
"type": "weakness",
"attributes": {
"name": "Denial of Service",
"description": "The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.",
"external_id": "7",
"created_at": "2016-02-02T04:05:06.000Z"
}
}
}
}
}
],
"links": {}
}
GET /hackers/me/reports
This API endpoint allows you to query a paginated list of report objects.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| page[number] | query | integer | false | The page to retrieve from. The default is set to 1. |
| page[size] | query | integer | false | The number of objects per page (currently limited from 1 to 100). The default is set to 25. |
Create Report
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/reports" \
-X POST \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d @- <<EOD
{
"data": {
"type": "report",
"attributes": {
"team_handle": "string",
"title": "string",
"vulnerability_information": "string",
"impact": "string",
"severity_rating": "none",
"weakness_id": 0,
"structured_scope_id": 0
}
}
}
EOD
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
data = {
"data": {
"type": "report",
"attributes": {
"team_handle": "string",
"title": "string",
"vulnerability_information": "string",
"impact": "string",
"severity_rating": "none",
"weakness_id": 0,
"structured_scope_id": 0
}
}
}
r = requests.post(
'https://api.hackerone.com/v1/hackers/reports',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
json = data,
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json'
}
data = {
"data": {
"type": "report",
"attributes": {
"team_handle": "string",
"title": "string",
"vulnerability_information": "string",
"impact": "string",
"severity_rating": "none",
"weakness_id": 0,
"structured_scope_id": 0
}
}
}
result = RestClient::Request.execute(
method: :post,
url: 'https://api.hackerone.com/v1/hackers/reports',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
payload: data,
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/reports");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/json; utf-8");
con.setRequestProperty("Accept", "application/json");
con.setDoOutput(true);
String jsonInputString = "{\n \"data\": {\n \"type\": \"report\",\n \"attributes\": {\n \"team_handle\": \"string\",\n \"title\": \"string\",\n \"vulnerability_information\": \"string\",\n \"impact\": \"string\",\n \"severity_rating\": \"none\",\n \"weakness_id\": 0,\n \"structured_scope_id\": 0\n }\n }\n}";
try(OutputStream os = con.getOutputStream()) {
byte[] input = jsonInputString.getBytes("utf-8");
os.write(input, 0, input.length);
}
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let inputBody = "{\n \"data\": {\n \"type\": \"report\",\n \"attributes\": {\n \"team_handle\": \"string\",\n \"title\": \"string\",\n \"vulnerability_information\": \"string\",\n \"impact\": \"string\",\n \"severity_rating\": \"none\",\n \"weakness_id\": 0,\n \"structured_scope_id\": 0\n }\n }\n}";
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Content-Type', 'application/json'); headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/reports',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"bytes"
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte(`"{\n \"data\": {\n \"type\": \"report\",\n \"attributes\": {\n \"team_handle\": \"string\",\n \"title\": \"string\",\n \"vulnerability_information\": \"string\",\n \"impact\": \"string\",\n \"severity_rating\": \"none\",\n \"weakness_id\": 0,\n \"structured_scope_id\": 0\n }\n }\n}"`))
req, err := http.NewRequest("POST", "https://api.hackerone.com/v1/hackers/reports", data)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
report created
{
"data": {
"id": "1337",
"type": "report",
"attributes": {
"title": "XSS in login form",
"state": "new",
"created_at": "2021-06-30T09:59:37.783Z",
"vulnerability_information": "Soo much vuln\n\n## Impact\n\nSoo much impact",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": "2021-06-30T09:59:38.294Z",
"first_program_activity_at": "2021-06-30T09:59:38.294Z",
"last_program_activity_at": "2021-06-30T09:59:38.294Z",
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"reporter_agreed_on_going_public_at": null,
"last_public_activity_at": "2021-06-30T09:59:38.294Z",
"last_activity_at": "2021-06-30T09:59:38.294Z",
"cve_ids": []
},
"relationships": {
"reporter": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "hacker",
"name": "Hacker",
"disabled": false,
"created_at": "2021-05-28T11:27:05.082Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"bio": "Hacker.",
"website": "https://example.com",
"location": "Hackland",
"hackerone_triager": false
}
}
},
"program": {
"data": {
"id": "1337",
"type": "program",
"attributes": {
"handle": "security",
"created_at": "2013-01-01T00:00:00.000Z",
"updated_at": "2021-06-25T10:04:59.678Z"
}
}
},
"severity": {
"data": {
"id": "74",
"type": "severity",
"attributes": {
"rating": "high",
"author_type": "User",
"user_id": 1337,
"created_at": "2021-06-30T09:59:38.029Z"
}
}
},
"swag": {
"data": []
},
"attachments": {
"data": []
},
"weakness": {
"data": {
"id": "1337",
"type": "weakness",
"attributes": {
"name": "Cross-Site Request Forgery (CSRF)",
"description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
"external_id": "cwe-352",
"created_at": "2021-05-28T11:26:59.604Z"
}
}
},
"activities": {
"data": []
},
"bounties": {
"data": []
},
"summaries": {
"data": []
}
}
}
}
POST /hackers/reports
This API endpoint can be used to submit reports to a specific team on the HackerOne platform. When the API call is successful, a report object will be returned.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| data | body | object | true | The information to create a report. |
| » type | body | string | true | none |
| » attributes | body | object | true | none |
| »» team_handle | body | string | true | The handle of the team that the report is being submitted to. |
| »» title | body | string | true | The title of the report. |
| »» vulnerability_information | body | string | true | Detailed information about the vulnerability including the steps to reproduce as well as supporting material and references. |
| »» impact | body | string | true | The security impact that an attacker could achieve. |
| »» severity_rating | body | severity-ratings | false | The qualitative rating of the severity. Provided either directly from the author or mapped from the calculated vulnerability score. |
| »» weakness_id | body | integer | false | The ID of the weakness object that describes the type of the potential issue. |
| »» structured_scope_id | body | integer | false | The ID of the structured scope object that describes the attack surface. |
Enumerated Values
| Parameter | Value |
|---|---|
| » type | report |
| »» severity_rating | none |
| »» severity_rating | low |
| »» severity_rating | medium |
| »» severity_rating | high |
| »» severity_rating | critical |
Get Report
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/reports/{id}" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/reports/{id}',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/reports/{id}',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/reports/{id}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/reports/{id}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/reports/{id}", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
report found
{
"data": {
"id": "1337",
"type": "report",
"attributes": {
"title": "XSS in login form",
"state": "new",
"created_at": "2016-02-02T04:05:06.000Z",
"vulnerability_information": "...",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": null,
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"source": null
},
"relationships": {
"reporter": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"assignee": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "member",
"name": "Member",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"program": {
"data": {
"id": "1337",
"type": "program",
"attributes": {
"handle": "security",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
}
}
},
"severity": {
"data": {
"id": "57",
"type": "severity",
"attributes": {
"rating": "high",
"author_type": "User",
"user_id": 1337,
"created_at": "2016-02-02T04:05:06.000Z",
"score": 8.7,
"attack_complexity": "low",
"attack_vector": "adjacent",
"availability": "high",
"confidentiality": "low",
"integrity": "high",
"privileges_required": "low",
"user_interaction": "required",
"scope": "changed"
}
}
},
"swag": {
"data": []
},
"attachments": {
"data": []
},
"weakness": {
"data": {
"id": "1337",
"type": "weakness",
"attributes": {
"name": "Cross-Site Request Forgery (CSRF)",
"description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
"external_id": "cwe-352",
"created_at": "2016-02-02T04:05:06.000Z"
}
}
},
"structured_scope": {
"data": {
"id": "57",
"type": "structured-scope",
"attributes": {
"asset_identifier": "api.example.com",
"asset_type": "url",
"confidentiality_requirement": "high",
"integrity_requirement": "high",
"availability_requirement": "high",
"max_severity": "critical",
"created_at": "2015-02-02T04:05:06.000Z",
"updated_at": "2016-05-02T04:05:06.000Z",
"instruction": null,
"eligible_for_bounty": true,
"eligible_for_submission": true,
"reference": "H001001"
}
}
},
"activities": {
"data": [
{
"type": "activity-comment",
"id": "445",
"attributes": {
"message": "Comment!",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"internal": false
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"signal": null,
"impact": null,
"reputation": null,
"bio": null,
"website": null,
"location": null,
"hackerone_triager": false
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
},
{
"id": "1337",
"type": "activity-bug-resolved",
"attributes": {
"message": "Bug Resolved!",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"internal": false
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
}
}
}
]
},
"bounties": {
"data": []
},
"summaries": {
"data": []
},
"triggered_pre_submission_trigger": {
"data": {
"id": "1337",
"type": "trigger",
"attributes": {
"title": "Example Trigger"
}
}
},
"custom_field_values": {
"data": []
},
"automated_remediation_guidance": {
"data": {
"id": "1",
"type": "automated-remediation-guidance",
"attributes": {
"reference": "https://cwe.mitre.org/data/definitions/120.html",
"created_at": "2020-10-23T12:09:37.859Z"
}
}
},
"custom_remediation_guidance": {
"data": {
"id": "84",
"type": "custom-remediation-guidance",
"attributes": {
"message": "Check buffer boundaries if accessing the buffer in a loop and make sure you are not in danger of writing past the allocated space.",
"created_at": "2020-10-26T08:47:23.296Z"
},
"relationships": {
"author": {
"data": {
"id": "1338",
"type": "user",
"attributes": {
"username": "api-example-2",
"name": "API Example 2",
"disabled": false,
"created_at": "2020-10-22T011:22:05.402Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
}
}
}
}
}
}
}
GET /hackers/reports/{id}
A report object can be fetched by sending a GET request to a unique report object.
In case the request was successful, the API will respond with a
report object.
The following report relationships are included: reporter, assignee (a user or group), program, weakness, severity, bounties, swag,activities, attachments, structured scope and summaries
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| id | path | integer | true | The ID of the report. |
Balance
Get Balance
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/payments/balance" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/payments/balance',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/payments/balance',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/payments/balance");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/payments/balance',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/payments/balance", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
balance found
{
"data": {
"balance": 105
}
}
GET /hackers/payments/balance
This API endpoint allows you to query your balance.
Earnings
Get Earnings
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/payments/earnings" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/payments/earnings',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/payments/earnings',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/payments/earnings");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/payments/earnings',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/payments/earnings", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
earnings found
{
"data": [
{
"id": "1",
"type": "earning-bounty-earned",
"attributes": {
"amount": 150,
"created_at": "2015-02-02T04:05:06.000Z"
},
"relationships": {
"program": {
"data": {
"id": "9",
"type": "program",
"attributes": {
"handle": "acme",
"name": "Acme",
"currency": null,
"profile_picture": null,
"submission_state": null,
"triage_active": null,
"state": null,
"started_accepting_at": null,
"number_of_reports_for_user": null,
"number_of_valid_reports_for_user": null,
"bounty_earned_for_user": null,
"last_invitation_accepted_at_for_user": null,
"bookmarked": null,
"allows_bounty_splitting": null
}
}
},
"bounty": {
"data": {
"id": "123",
"type": "bounty",
"attributes": {
"amount": "150.00",
"bonus_amount": "0.00",
"awarded_amount": "150.00",
"awarded_bonus_amount": "0.00",
"awarded_currency": "USD",
"created_at": "2015-02-02T04:05:06.000Z"
},
"relationships": {
"report": {
"data": {
"id": "123",
"type": "report",
"attributes": {
"title": "Great bounty",
"state": "resolved",
"created_at": "2015-02-02T04:05:06.000Z",
"vulnerability_information": "Vuln information",
"triaged_at": null,
"closed_at": "2015-02-02T04:05:06.000Z",
"last_reporter_activity_at": null,
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"reporter_agreed_on_going_public_at": null,
"last_public_activity_at": null,
"last_activity_at": null
}
}
}
}
}
}
}
}
],
"links": {}
}
GET /hackers/payments/earnings
This API endpoint allows you to query a paginated list of earning objects.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| page[number] | query | integer | false | The page to retrieve from. The default is set to 1. |
| page[size] | query | integer | false | The number of objects per page (currently limited from 1 to 100). The default is set to 25. |
Payouts
Get Payouts
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/payments/payouts" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/payments/payouts',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/payments/payouts',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/payments/payouts");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/payments/payouts',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/payments/payouts", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
earnings found
{
"data": [
{
"amount": 100,
"paid_out_at": "2016-02-02T04:05:06.000Z",
"reference": "<reference>",
"payout_provider": "PayPal",
"status": "sent"
}
],
"links": {}
}
GET /hackers/payments/payouts
This API endpoint allows you to query a paginated list of payout objects.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| page[number] | query | integer | false | The page to retrieve from. The default is set to 1. |
| page[size] | query | integer | false | The number of objects per page (currently limited from 1 to 100). The default is set to 25. |
Programs
Get Structured Scopes
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/programs/{handle}/structured_scopes" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/programs/{handle}/structured_scopes',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/programs/{handle}/structured_scopes',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/programs/{handle}/structured_scopes");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/programs/{handle}/structured_scopes',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/programs/{handle}/structured_scopes", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
structured scopes found
{
"data": [
{
"id": "<id>",
"type": "structured-scope",
"attributes": {
"asset_type": "URL",
"asset_identifier": "https://api.hackerone.com",
"eligible_for_bounty": true,
"eligible_for_submission": true,
"instruction": "This is our API",
"max_severity": "critical",
"created_at": "<date>",
"updated_at": "<date>",
"confidentiality_requirement": "high",
"integrity_requirement": "high",
"availability_requirement": "high"
}
}
],
"links": {
"self": "http://api.test.host/v1/hackers/programs/acme/structured_scopes?page%5Bsize%5D=1",
"next": "http://api.test.host/v1/hackers/programs/acme/structured_scopes?page%5Bnumber%5D=2&page%5Bsize%5D=1",
"last": "http://api.test.host/v1/hackers/programs/acme/structured_scopes?page%5Bnumber%5D=3&page%5Bsize%5D=1"
}
}
GET /hackers/programs/{handle}/structured_scopes
The Structured Scopes endpoint enables you to retrieve a list of all structured_scopes of the program.
Structured Scopes can be fetched by sending a GET request to the structured_scopes endpoint. When the request is successful, the API will respond with paginated structured_scope objects.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| handle | path | string | true | The handle of the program. |
| page[number] | query | integer | false | The page to retrieve from. The default is set to 1. |
| page[size] | query | integer | false | The number of objects per page (currently limited from 1 to 100). The default is set to 25. |
Get Weaknesses
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
weaknesses found
{
"data": [
{
"id": "1337",
"type": "weakness",
"attributes": {
"name": "Cross-Site Request Forgery (CSRF)",
"description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
"created_at": "2016-02-02T04:05:06.000Z",
"external_id": "cwe-352"
}
},
{
"id": "1338",
"type": "weakness",
"attributes": {
"name": "SQL Injection",
"description": "The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",
"created_at": "2016-03-02T04:05:06.000Z",
"external_id": "cwe-89"
}
}
],
"links": {}
}
GET /hackers/programs/{handle}/weaknesses
The Weakness endpoint enables you to retrieve a list of all weaknesses of the program.
Weaknesses can be fetched by sending a GET request to the weaknesses endpoint. When the request is successful, the API will respond with paginated weakness objects.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| handle | path | string | true | The handle of the program. |
| page[number] | query | integer | false | The page to retrieve from. The default is set to 1. |
| page[size] | query | integer | false | The number of objects per page (currently limited from 1 to 100). The default is set to 25. |
Get Programs
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/programs" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/programs',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/programs',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/programs");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/programs',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/programs", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
programs found
{
"data": [
{
"id": 9,
"type": "program",
"attributes": {
"handle": "acme",
"name": "acme",
"currency": "usd",
"profile_picture": "/assets/global-elements/add-team.png",
"submission_state": "open",
"triage_active": null,
"state": "public_mode",
"started_accepting_at": null,
"number_of_reports_for_user": 0,
"number_of_valid_reports_for_user": 0,
"bounty_earned_for_user": 0,
"last_invitation_accepted_at_for_user": null,
"bookmarked": false,
"allows_bounty_splitting": false
}
}
],
"links": {}
}
GET /hackers/programs
This API endpoint allows you to query a paginated list of program objects.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| page[number] | query | integer | false | The page to retrieve from. The default is set to 1. |
| page[size] | query | integer | false | The number of objects per page (currently limited from 1 to 100). The default is set to 25. |
Get Program
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/programs/{handle}" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/programs/{handle}',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/programs/{handle}',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/programs/{handle}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/programs/{handle}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/programs/{handle}", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
program found
{
"data": {
"id": 9,
"type": "program",
"attributes": {
"handle": "acme",
"name": "acme",
"currency": "usd",
"profile_picture": "/assets/global-elements/add-team.png",
"submission_state": "open",
"triage_active": null,
"state": "public_mode",
"started_accepting_at": null,
"number_of_reports_for_user": 0,
"number_of_valid_reports_for_user": 0,
"bounty_earned_for_user": 0,
"last_invitation_accepted_at_for_user": null,
"bookmarked": false,
"allows_bounty_splitting": false,
"offers_bounties": true
},
"relationships": {
"structured_scopes": {
"data": []
}
}
}
}
GET /hackers/programs/{handle}
A program object can be fetched by sending a GET request to a unique program object. When the request is successful, the API will respond with a program object.
NOTE
If you want to fetch all structured_scopes for a program you can use get structured scopes API endpoint.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| handle | path | string | true | The handle of the program. Find the program handle by fetching your programs |