NAV
Shell Python Ruby Java Javascript Go

Hacker Resources

Reports

Get Reports

Code samples

# You can also use wget
curl "https://api.hackerone.com/v1/hackers/me/reports" \
  -X GET \
  -u "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=" \
  -H 'Accept: application/json'

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.get(
  'https://api.hackerone.com/v1/hackers/me/reports',
  auth=('username', '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE='),
  headers = headers
)

print(r.json())

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json'
}

result = RestClient::Request.execute(
  method: :get,
  url: 'https://api.hackerone.com/v1/hackers/me/reports',
  password: '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=',
  user: 'username',
  headers: headers
)
p JSON.parse(result)

URL obj = new URL("https://api.hackerone.com/v1/hackers/me/reports");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();

String userCredentials = "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);

con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
  new InputStreamReader(con.getInputStream(), "utf-8"))) {
    StringBuilder response = new StringBuilder();
    String responseLine = null;
    while ((responseLine = br.readLine()) != null) {
        response.append(responseLine.trim());
    }
    System.out.println(response.toString());
}


let user = 'username';
let password = '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
  headers.set('Accept', 'application/json');

fetch('https://api.hackerone.com/v1/hackers/me/reports',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

package main

import (
       "io/ioutil"
       "log"
       "net/http"
)

func main() { 
    headers := map[string][]string{
        "Accept": []string{"application/json"},

    }

    req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/me/reports", nil)
    req.Header = headers
    req.SetBasicAuth("username", "+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=")

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
      panic(err)
    }
    defer resp.Body.Close()

    body, _ := ioutil.ReadAll(resp.Body)

    log.Println(string(body))
}

200 Response

{
  "data": [
    {
      "id": "1",
      "type": "report",
      "attributes": {
        "title": "Yet Another XSS",
        "state": "new",
        "created_at": "2016-02-02T04:05:06.000Z",
        "vulnerability_information": "Vuln information",
        "triaged_at": null,
        "closed_at": null,
        "last_reporter_activity_at": null,
        "first_program_activity_at": null,
        "last_program_activity_at": null,
        "bounty_awarded_at": null,
        "swag_awarded_at": null,
        "disclosed_at": null,
        "reporter_agreed_on_going_public_at": null,
        "last_public_activity_at": null,
        "last_activity_at": null
      },
      "relationships": {
        "reporter": {
          "data": {
            "id": "1",
            "type": "user",
            "attributes": {
              "username": "john",
              "name": "John",
              "disabled": false,
              "created_at": "2016-02-02T04:05:06.000Z",
              "profile_picture": {
                "62x62": "/assets/avatars/default.png",
                "82x82": "/assets/avatars/default.png",
                "110x110": "/assets/avatars/default.png",
                "260x260": "/assets/avatars/default.png"
              },
              "bio": "Super great hacker",
              "website": "http://hackerone.com",
              "location": "Who wants to know?",
              "hackerone_triager": false
            }
          }
        },
        "program": {
          "data": {
            "id": "1",
            "type": "program",
            "attributes": {
              "handle": "teamy",
              "created_at": null,
              "updated_at": null
            }
          }
        },
        "weakness": {
          "data": {
            "id": "2",
            "type": "weakness",
            "attributes": {
              "name": "Denial of Service",
              "description": "The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.",
              "external_id": "3",
              "created_at": "2016-02-02T04:05:06.000Z"
            }
          }
        }
      }
    },
    {
      "id": "2",
      "type": "report",
      "attributes": {
        "title": "Another XSS",
        "state": "new",
        "created_at": "2016-02-02T04:05:06.000Z",
        "vulnerability_information": "Vuln information",
        "triaged_at": null,
        "closed_at": null,
        "last_reporter_activity_at": null,
        "first_program_activity_at": null,
        "last_program_activity_at": null,
        "bounty_awarded_at": null,
        "swag_awarded_at": null,
        "disclosed_at": null,
        "reporter_agreed_on_going_public_at": null,
        "last_public_activity_at": null,
        "last_activity_at": null
      },
      "relationships": {
        "reporter": {
          "data": {
            "id": "3",
            "type": "user",
            "attributes": {
              "username": "john",
              "name": "John",
              "disabled": false,
              "created_at": "2016-02-02T04:05:06.000Z",
              "profile_picture": {
                "62x62": "/assets/avatars/default.png",
                "82x82": "/assets/avatars/default.png",
                "110x110": "/assets/avatars/default.png",
                "260x260": "/assets/avatars/default.png"
              },
              "bio": "Super great hacker",
              "website": "http://hackerone.com",
              "location": "Who wants to know?",
              "hackerone_triager": false
            }
          }
        },
        "program": {
          "data": {
            "id": "4",
            "type": "program",
            "attributes": {
              "handle": "teamy",
              "created_at": null,
              "updated_at": null
            }
          }
        },
        "weakness": {
          "data": {
            "id": "5",
            "type": "weakness",
            "attributes": {
              "name": "Denial of Service",
              "description": "The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.",
              "external_id": "2",
              "created_at": "2016-02-02T04:05:06.000Z"
            }
          }
        }
      }
    },
    {
      "id": "3",
      "type": "report",
      "attributes": {
        "title": "XSS",
        "state": "new",
        "created_at": "2016-02-02T04:05:06.000Z",
        "vulnerability_information": "Vuln information",
        "triaged_at": null,
        "closed_at": null,
        "last_reporter_activity_at": null,
        "first_program_activity_at": null,
        "last_program_activity_at": null,
        "bounty_awarded_at": null,
        "swag_awarded_at": null,
        "disclosed_at": null,
        "reporter_agreed_on_going_public_at": null,
        "last_public_activity_at": null,
        "last_activity_at": null
      },
      "relationships": {
        "reporter": {
          "data": {
            "id": "4",
            "type": "user",
            "attributes": {
              "username": "john",
              "name": "John",
              "disabled": false,
              "created_at": "2016-02-02T04:05:06.000Z",
              "profile_picture": {
                "62x62": "/assets/avatars/default.png",
                "82x82": "/assets/avatars/default.png",
                "110x110": "/assets/avatars/default.png",
                "260x260": "/assets/avatars/default.png"
              },
              "bio": "Super great hacker",
              "website": "http://hackerone.com",
              "location": "Who wants to know?",
              "hackerone_triager": false
            }
          }
        },
        "program": {
          "data": {
            "id": "5",
            "type": "program",
            "attributes": {
              "handle": "teamy",
              "created_at": null,
              "updated_at": null
            }
          }
        },
        "weakness": {
          "data": {
            "id": "6",
            "type": "weakness",
            "attributes": {
              "name": "Denial of Service",
              "description": "The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.",
              "external_id": "7",
              "created_at": "2016-02-02T04:05:06.000Z"
            }
          }
        }
      }
    }
  ],
  "links": {}
}

GET /hackers/me/reports

This API endpoint allows you to query a paginated list of report objects.

Parameters

Name In Type Required Description
page[number] query any false The page to retrieve from.
page[size] query any false The number of objects per page (currently limited from 1 to 100).

Create Report

Code samples

# You can also use wget
curl "https://api.hackerone.com/v1/hackers/reports" \
  -X POST \
  -u "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=" \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -d @- <<EOD
{
  "data": {
    "type": "report",
    "attributes": {
      "team_handle": "string",
      "title": "string",
      "vulnerability_information": "string",
      "impact": "string",
      "severity_rating": "none",
      "weakness_id": 0,
      "structured_scope_id": 0
    }
  }
}
EOD

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json'
}

data = {
  "data": {
    "type": "report",
    "attributes": {
      "team_handle": "string",
      "title": "string",
      "vulnerability_information": "string",
      "impact": "string",
      "severity_rating": "none",
      "weakness_id": 0,
      "structured_scope_id": 0
    }
  }
}

r = requests.post(
  'https://api.hackerone.com/v1/hackers/reports',
  auth=('username', '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE='),
  json = data,
  headers = headers
)

print(r.json())

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json'
}

data = {
  "data": {
    "type": "report",
    "attributes": {
      "team_handle": "string",
      "title": "string",
      "vulnerability_information": "string",
      "impact": "string",
      "severity_rating": "none",
      "weakness_id": 0,
      "structured_scope_id": 0
    }
  }
}

result = RestClient::Request.execute(
  method: :post,
  url: 'https://api.hackerone.com/v1/hackers/reports',
  password: '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=',
  user: 'username',
  payload: data,
  headers: headers
)
p JSON.parse(result)

URL obj = new URL("https://api.hackerone.com/v1/hackers/reports");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();

String userCredentials = "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);

con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/json; utf-8");
con.setRequestProperty("Accept", "application/json");
con.setDoOutput(true);
String jsonInputString = "{\n  \"data\": {\n    \"type\": \"report\",\n    \"attributes\": {\n      \"team_handle\": \"string\",\n      \"title\": \"string\",\n      \"vulnerability_information\": \"string\",\n      \"impact\": \"string\",\n      \"severity_rating\": \"none\",\n      \"weakness_id\": 0,\n      \"structured_scope_id\": 0\n    }\n  }\n}";
try(OutputStream os = con.getOutputStream()) {
    byte[] input = jsonInputString.getBytes("utf-8");
    os.write(input, 0, input.length);
}

try(BufferedReader br = new BufferedReader(
  new InputStreamReader(con.getInputStream(), "utf-8"))) {
    StringBuilder response = new StringBuilder();
    String responseLine = null;
    while ((responseLine = br.readLine()) != null) {
        response.append(responseLine.trim());
    }
    System.out.println(response.toString());
}

let inputBody = "{\n  \"data\": {\n    \"type\": \"report\",\n    \"attributes\": {\n      \"team_handle\": \"string\",\n      \"title\": \"string\",\n      \"vulnerability_information\": \"string\",\n      \"impact\": \"string\",\n      \"severity_rating\": \"none\",\n      \"weakness_id\": 0,\n      \"structured_scope_id\": 0\n    }\n  }\n}";
let user = 'username';
let password = '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
  headers.set('Content-Type', 'application/json');  headers.set('Accept', 'application/json');

fetch('https://api.hackerone.com/v1/hackers/reports',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

package main

import (
       "bytes"
       "io/ioutil"
       "log"
       "net/http"
)

func main() { 
    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},

    }
    data := bytes.NewBuffer([]byte(`"{\n  \"data\": {\n    \"type\": \"report\",\n    \"attributes\": {\n      \"team_handle\": \"string\",\n      \"title\": \"string\",\n      \"vulnerability_information\": \"string\",\n      \"impact\": \"string\",\n      \"severity_rating\": \"none\",\n      \"weakness_id\": 0,\n      \"structured_scope_id\": 0\n    }\n  }\n}"`))

    req, err := http.NewRequest("POST", "https://api.hackerone.com/v1/hackers/reports", data)
    req.Header = headers
    req.SetBasicAuth("username", "+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=")

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
      panic(err)
    }
    defer resp.Body.Close()

    body, _ := ioutil.ReadAll(resp.Body)

    log.Println(string(body))
}

201 Response

{
  "data": {
    "id": "1337",
    "type": "report",
    "attributes": {
      "title": "XSS in login form",
      "state": "new",
      "created_at": "2021-06-30T09:59:37.783Z",
      "vulnerability_information": "Soo much vuln\n\n## Impact\n\nSoo much impact",
      "triaged_at": null,
      "closed_at": null,
      "last_reporter_activity_at": "2021-06-30T09:59:38.294Z",
      "first_program_activity_at": "2021-06-30T09:59:38.294Z",
      "last_program_activity_at": "2021-06-30T09:59:38.294Z",
      "bounty_awarded_at": null,
      "swag_awarded_at": null,
      "disclosed_at": null,
      "reporter_agreed_on_going_public_at": null,
      "last_public_activity_at": "2021-06-30T09:59:38.294Z",
      "last_activity_at": "2021-06-30T09:59:38.294Z",
      "cve_ids": []
    },
    "relationships": {
      "reporter": {
        "data": {
          "id": "1337",
          "type": "user",
          "attributes": {
            "username": "hacker",
            "name": "Hacker",
            "disabled": false,
            "created_at": "2021-05-28T11:27:05.082Z",
            "profile_picture": {
              "62x62": "/assets/avatars/default.png",
              "82x82": "/assets/avatars/default.png",
              "110x110": "/assets/avatars/default.png",
              "260x260": "/assets/avatars/default.png"
            },
            "bio": "Hacker.",
            "website": "https://example.com",
            "location": "Hackland",
            "hackerone_triager": false
          }
        }
      },
      "program": {
        "data": {
          "id": "1337",
          "type": "program",
          "attributes": {
            "handle": "security",
            "created_at": "2013-01-01T00:00:00.000Z",
            "updated_at": "2021-06-25T10:04:59.678Z"
          }
        }
      },
      "severity": {
        "data": {
          "id": "74",
          "type": "severity",
          "attributes": {
            "rating": "high",
            "author_type": "User",
            "user_id": 1337,
            "created_at": "2021-06-30T09:59:38.029Z"
          }
        }
      },
      "swag": {
        "data": []
      },
      "attachments": {
        "data": []
      },
      "weakness": {
        "data": {
          "id": "1337",
          "type": "weakness",
          "attributes": {
            "name": "Cross-Site Request Forgery (CSRF)",
            "description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
            "external_id": "cwe-352",
            "created_at": "2021-05-28T11:26:59.604Z"
          }
        }
      },
      "activities": {
        "data": []
      },
      "bounties": {
        "data": []
      },
      "summaries": {
        "data": []
      }
    }
  }
}

POST /hackers/reports

This API endpoint can be used to submit reports to a specific team on the HackerOne platform. When the API call is successful, a report object will be returned.

Parameters

Name In Type Required Description
data body object true The information to create a report.
» type body string true none
» attributes body object true none
»» team_handle body string true The handle of the team that the report is being submitted to.
»» title body string true The title of the report.
»» vulnerability_information body string true Detailed information about the vulnerability including the steps to reproduce as well as supporting material and references.
»» impact body string true The security impact that an attacker could achieve.
»» severity_rating body severity-ratings false The qualitative rating of the severity. Provided either directly from the author or mapped from the calculated vulnerability score.
»» weakness_id body integer false The ID of the weakness object that describes the type of the potential issue.
»» structured_scope_id body integer false The ID of the structured scope object that describes the attack surface.

Enumerated Values

Parameter Value
» type report
»» severity_rating none
»» severity_rating low
»» severity_rating medium
»» severity_rating high
»» severity_rating critical

Get Report

Code samples

# You can also use wget
curl "https://api.hackerone.com/v1/hackers/reports/{id}" \
  -X GET \
  -u "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=" \
  -H 'Accept: application/json'

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.get(
  'https://api.hackerone.com/v1/hackers/reports/{id}',
  auth=('username', '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE='),
  headers = headers
)

print(r.json())

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json'
}

result = RestClient::Request.execute(
  method: :get,
  url: 'https://api.hackerone.com/v1/hackers/reports/{id}',
  password: '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=',
  user: 'username',
  headers: headers
)
p JSON.parse(result)

URL obj = new URL("https://api.hackerone.com/v1/hackers/reports/{id}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();

String userCredentials = "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);

con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
  new InputStreamReader(con.getInputStream(), "utf-8"))) {
    StringBuilder response = new StringBuilder();
    String responseLine = null;
    while ((responseLine = br.readLine()) != null) {
        response.append(responseLine.trim());
    }
    System.out.println(response.toString());
}


let user = 'username';
let password = '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
  headers.set('Accept', 'application/json');

fetch('https://api.hackerone.com/v1/hackers/reports/{id}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

package main

import (
       "io/ioutil"
       "log"
       "net/http"
)

func main() { 
    headers := map[string][]string{
        "Accept": []string{"application/json"},

    }

    req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/reports/{id}", nil)
    req.Header = headers
    req.SetBasicAuth("username", "+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=")

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
      panic(err)
    }
    defer resp.Body.Close()

    body, _ := ioutil.ReadAll(resp.Body)

    log.Println(string(body))
}

200 Response

{
  "data": {
    "id": "1337",
    "type": "report",
    "attributes": {
      "title": "XSS in login form",
      "state": "new",
      "created_at": "2016-02-02T04:05:06.000Z",
      "vulnerability_information": "...",
      "triaged_at": null,
      "closed_at": null,
      "last_reporter_activity_at": null,
      "first_program_activity_at": null,
      "last_program_activity_at": null,
      "bounty_awarded_at": null,
      "swag_awarded_at": null,
      "disclosed_at": null,
      "source": null
    },
    "relationships": {
      "reporter": {
        "data": {
          "id": "1337",
          "type": "user",
          "attributes": {
            "username": "api-example",
            "name": "API Example",
            "disabled": false,
            "created_at": "2016-02-02T04:05:06.000Z",
            "profile_picture": {
              "62x62": "/assets/avatars/default.png",
              "82x82": "/assets/avatars/default.png",
              "110x110": "/assets/avatars/default.png",
              "260x260": "/assets/avatars/default.png"
            }
          }
        }
      },
      "assignee": {
        "data": {
          "id": "1337",
          "type": "user",
          "attributes": {
            "username": "member",
            "name": "Member",
            "disabled": false,
            "created_at": "2016-02-02T04:05:06.000Z",
            "profile_picture": {
              "62x62": "/assets/avatars/default.png",
              "82x82": "/assets/avatars/default.png",
              "110x110": "/assets/avatars/default.png",
              "260x260": "/assets/avatars/default.png"
            }
          }
        }
      },
      "program": {
        "data": {
          "id": "1337",
          "type": "program",
          "attributes": {
            "handle": "security",
            "created_at": "2016-02-02T04:05:06.000Z",
            "updated_at": "2016-02-02T04:05:06.000Z"
          }
        }
      },
      "severity": {
        "data": {
          "id": "57",
          "type": "severity",
          "attributes": {
            "rating": "high",
            "author_type": "User",
            "user_id": 1337,
            "created_at": "2016-02-02T04:05:06.000Z",
            "score": 8.7,
            "attack_complexity": "low",
            "attack_vector": "adjacent",
            "availability": "high",
            "confidentiality": "low",
            "integrity": "high",
            "privileges_required": "low",
            "user_interaction": "required",
            "scope": "changed"
          }
        }
      },
      "swag": {
        "data": []
      },
      "attachments": {
        "data": []
      },
      "weakness": {
        "data": {
          "id": "1337",
          "type": "weakness",
          "attributes": {
            "name": "Cross-Site Request Forgery (CSRF)",
            "description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
            "external_id": "cwe-352",
            "created_at": "2016-02-02T04:05:06.000Z"
          }
        }
      },
      "structured_scope": {
        "data": {
          "id": "57",
          "type": "structured-scope",
          "attributes": {
            "asset_identifier": "api.example.com",
            "asset_type": "url",
            "confidentiality_requirement": "high",
            "integrity_requirement": "high",
            "availability_requirement": "high",
            "max_severity": "critical",
            "created_at": "2015-02-02T04:05:06.000Z",
            "updated_at": "2016-05-02T04:05:06.000Z",
            "instruction": null,
            "eligible_for_bounty": true,
            "eligible_for_submission": true,
            "reference": "H001001"
          }
        }
      },
      "activities": {
        "data": [
          {
            "type": "activity-comment",
            "id": "445",
            "attributes": {
              "message": "Comment!",
              "created_at": "2016-02-02T04:05:06.000Z",
              "updated_at": "2016-02-02T04:05:06.000Z",
              "internal": false
            },
            "relationships": {
              "actor": {
                "data": {
                  "id": "1337",
                  "type": "user",
                  "attributes": {
                    "username": "api-example",
                    "name": "API Example",
                    "disabled": false,
                    "created_at": "2016-02-02T04:05:06.000Z",
                    "profile_picture": {
                      "62x62": "/assets/avatars/default.png",
                      "82x82": "/assets/avatars/default.png",
                      "110x110": "/assets/avatars/default.png",
                      "260x260": "/assets/avatars/default.png"
                    },
                    "signal": null,
                    "impact": null,
                    "reputation": null,
                    "bio": null,
                    "website": null,
                    "location": null,
                    "hackerone_triager": false
                  }
                }
              },
              "attachments": {
                "data": [
                  {
                    "id": "1337",
                    "type": "attachment",
                    "attributes": {
                      "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
                      "created_at": "2016-02-02T04:05:06.000Z",
                      "file_name": "root.rb",
                      "content_type": "text/x-ruby",
                      "file_size": 2871
                    }
                  }
                ]
              }
            }
          },
          {
            "id": "1337",
            "type": "activity-bug-resolved",
            "attributes": {
              "message": "Bug Resolved!",
              "created_at": "2016-02-02T04:05:06.000Z",
              "updated_at": "2016-02-02T04:05:06.000Z",
              "internal": false
            },
            "relationships": {
              "actor": {
                "data": {
                  "id": "1337",
                  "type": "user",
                  "attributes": {
                    "username": "api-example",
                    "name": "API Example",
                    "disabled": false,
                    "created_at": "2016-02-02T04:05:06.000Z",
                    "profile_picture": {
                      "62x62": "/assets/avatars/default.png",
                      "82x82": "/assets/avatars/default.png",
                      "110x110": "/assets/avatars/default.png",
                      "260x260": "/assets/avatars/default.png"
                    }
                  }
                }
              }
            }
          }
        ]
      },
      "bounties": {
        "data": []
      },
      "summaries": {
        "data": []
      },
      "triggered_pre_submission_trigger": {
        "data": {
          "id": "1337",
          "type": "trigger",
          "attributes": {
            "title": "Example Trigger"
          }
        }
      },
      "custom_field_values": {
        "data": []
      },
      "automated_remediation_guidance": {
        "data": {
          "id": "1",
          "type": "automated-remediation-guidance",
          "attributes": {
            "reference": "https://cwe.mitre.org/data/definitions/120.html",
            "created_at": "2020-10-23T12:09:37.859Z"
          }
        }
      },
      "custom_remediation_guidance": {
        "data": {
          "id": "84",
          "type": "custom-remediation-guidance",
          "attributes": {
            "message": "Check buffer boundaries if accessing the buffer in a loop and make sure you are not in danger of writing past the allocated space.",
            "created_at": "2020-10-26T08:47:23.296Z"
          },
          "relationships": {
            "author": {
              "data": {
                "id": "1338",
                "type": "user",
                "attributes": {
                  "username": "api-example-2",
                  "name": "API Example 2",
                  "disabled": false,
                  "created_at": "2020-10-22T011:22:05.402Z",
                  "profile_picture": {
                    "62x62": "/assets/avatars/default.png",
                    "82x82": "/assets/avatars/default.png",
                    "110x110": "/assets/avatars/default.png",
                    "260x260": "/assets/avatars/default.png"
                  }
                }
              }
            }
          }
        }
      }
    }
  }
}

GET /hackers/reports/{id}

A report object can be fetched by sending a GET request to a unique report object. In case the request was successful, the API will respond with a report object.

The following report relationships are included: reporter, assignee (a user or group), program, weakness, severity, bounties, swag,activities, attachments, structured scope and summaries

Parameters

Name In Type Required Description
id path integer true The ID of the report.

Balance

Get Balance

Code samples

# You can also use wget
curl "https://api.hackerone.com/v1/hackers/payments/balance" \
  -X GET \
  -u "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=" \
  -H 'Accept: application/json'

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.get(
  'https://api.hackerone.com/v1/hackers/payments/balance',
  auth=('username', '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE='),
  headers = headers
)

print(r.json())

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json'
}

result = RestClient::Request.execute(
  method: :get,
  url: 'https://api.hackerone.com/v1/hackers/payments/balance',
  password: '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=',
  user: 'username',
  headers: headers
)
p JSON.parse(result)

URL obj = new URL("https://api.hackerone.com/v1/hackers/payments/balance");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();

String userCredentials = "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);

con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
  new InputStreamReader(con.getInputStream(), "utf-8"))) {
    StringBuilder response = new StringBuilder();
    String responseLine = null;
    while ((responseLine = br.readLine()) != null) {
        response.append(responseLine.trim());
    }
    System.out.println(response.toString());
}


let user = 'username';
let password = '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
  headers.set('Accept', 'application/json');

fetch('https://api.hackerone.com/v1/hackers/payments/balance',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

package main

import (
       "io/ioutil"
       "log"
       "net/http"
)

func main() { 
    headers := map[string][]string{
        "Accept": []string{"application/json"},

    }

    req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/payments/balance", nil)
    req.Header = headers
    req.SetBasicAuth("username", "+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=")

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
      panic(err)
    }
    defer resp.Body.Close()

    body, _ := ioutil.ReadAll(resp.Body)

    log.Println(string(body))
}

200 Response

{
  "data": {
    "balance": 105
  }
}

GET /hackers/payments/balance

This API endpoint allows you to query your balance.

Earnings

Get Earnings

Code samples

# You can also use wget
curl "https://api.hackerone.com/v1/hackers/payments/earnings" \
  -X GET \
  -u "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=" \
  -H 'Accept: application/json'

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.get(
  'https://api.hackerone.com/v1/hackers/payments/earnings',
  auth=('username', '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE='),
  headers = headers
)

print(r.json())

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json'
}

result = RestClient::Request.execute(
  method: :get,
  url: 'https://api.hackerone.com/v1/hackers/payments/earnings',
  password: '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=',
  user: 'username',
  headers: headers
)
p JSON.parse(result)

URL obj = new URL("https://api.hackerone.com/v1/hackers/payments/earnings");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();

String userCredentials = "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);

con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
  new InputStreamReader(con.getInputStream(), "utf-8"))) {
    StringBuilder response = new StringBuilder();
    String responseLine = null;
    while ((responseLine = br.readLine()) != null) {
        response.append(responseLine.trim());
    }
    System.out.println(response.toString());
}


let user = 'username';
let password = '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
  headers.set('Accept', 'application/json');

fetch('https://api.hackerone.com/v1/hackers/payments/earnings',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

package main

import (
       "io/ioutil"
       "log"
       "net/http"
)

func main() { 
    headers := map[string][]string{
        "Accept": []string{"application/json"},

    }

    req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/payments/earnings", nil)
    req.Header = headers
    req.SetBasicAuth("username", "+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=")

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
      panic(err)
    }
    defer resp.Body.Close()

    body, _ := ioutil.ReadAll(resp.Body)

    log.Println(string(body))
}

200 Response

{
  "data": [
    {
      "id": "1",
      "type": "earning-bounty-earned",
      "attributes": {
        "amount": 150,
        "created_at": "2015-02-02T04:05:06.000Z"
      },
      "relationships": {
        "program": {
          "data": {
            "id": "9",
            "type": "program",
            "attributes": {
              "handle": "acme",
              "name": "Acme",
              "currency": null,
              "profile_picture": null,
              "submission_state": null,
              "triage_active": null,
              "state": null,
              "started_accepting_at": null,
              "number_of_reports_for_user": null,
              "number_of_valid_reports_for_user": null,
              "bounty_earned_for_user": null,
              "last_invitation_accepted_at_for_user": null,
              "bookmarked": null,
              "allows_bounty_splitting": null
            }
          }
        },
        "bounty": {
          "data": {
            "id": "123",
            "type": "bounty",
            "attributes": {
              "amount": "150.00",
              "bonus_amount": "0.00",
              "awarded_amount": "150.00",
              "awarded_bonus_amount": "0.00",
              "awarded_currency": "USD",
              "created_at": "2015-02-02T04:05:06.000Z"
            },
            "relationships": {
              "report": {
                "data": {
                  "id": "123",
                  "type": "report",
                  "attributes": {
                    "title": "Great bounty",
                    "state": "resolved",
                    "created_at": "2015-02-02T04:05:06.000Z",
                    "vulnerability_information": "Vuln information",
                    "triaged_at": null,
                    "closed_at": "2015-02-02T04:05:06.000Z",
                    "last_reporter_activity_at": null,
                    "first_program_activity_at": null,
                    "last_program_activity_at": null,
                    "bounty_awarded_at": null,
                    "swag_awarded_at": null,
                    "disclosed_at": null,
                    "reporter_agreed_on_going_public_at": null,
                    "last_public_activity_at": null,
                    "last_activity_at": null
                  }
                }
              }
            }
          }
        }
      }
    }
  ],
  "links": {}
}

GET /hackers/payments/earnings

This API endpoint allows you to query a paginated list of earning objects.

Parameters

Name In Type Required Description
page[number] query any false The page to retrieve from.
page[size] query any false The number of objects per page (currently limited from 1 to 100).

Payouts

Get Payouts

Code samples

# You can also use wget
curl "https://api.hackerone.com/v1/hackers/payments/payouts" \
  -X GET \
  -u "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=" \
  -H 'Accept: application/json'

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.get(
  'https://api.hackerone.com/v1/hackers/payments/payouts',
  auth=('username', '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE='),
  headers = headers
)

print(r.json())

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json'
}

result = RestClient::Request.execute(
  method: :get,
  url: 'https://api.hackerone.com/v1/hackers/payments/payouts',
  password: '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=',
  user: 'username',
  headers: headers
)
p JSON.parse(result)

URL obj = new URL("https://api.hackerone.com/v1/hackers/payments/payouts");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();

String userCredentials = "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);

con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
  new InputStreamReader(con.getInputStream(), "utf-8"))) {
    StringBuilder response = new StringBuilder();
    String responseLine = null;
    while ((responseLine = br.readLine()) != null) {
        response.append(responseLine.trim());
    }
    System.out.println(response.toString());
}


let user = 'username';
let password = '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
  headers.set('Accept', 'application/json');

fetch('https://api.hackerone.com/v1/hackers/payments/payouts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

package main

import (
       "io/ioutil"
       "log"
       "net/http"
)

func main() { 
    headers := map[string][]string{
        "Accept": []string{"application/json"},

    }

    req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/payments/payouts", nil)
    req.Header = headers
    req.SetBasicAuth("username", "+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=")

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
      panic(err)
    }
    defer resp.Body.Close()

    body, _ := ioutil.ReadAll(resp.Body)

    log.Println(string(body))
}

200 Response

{
  "data": [
    {
      "amount": 100,
      "paid_out_at": "2016-02-02T04:05:06.000Z",
      "reference": "<reference>",
      "payout_provider": "PayPal",
      "status": "sent"
    }
  ],
  "links": {}
}

GET /hackers/payments/payouts

This API endpoint allows you to query a paginated list of payout objects.

Parameters

Name In Type Required Description
page[number] query any false The page to retrieve from.
page[size] query any false The number of objects per page (currently limited from 1 to 100).

Programs

Get Weaknesses

Code samples

# You can also use wget
curl "https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses" \
  -X GET \
  -u "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=" \
  -H 'Accept: application/json'

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.get(
  'https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses',
  auth=('username', '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE='),
  headers = headers
)

print(r.json())

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json'
}

result = RestClient::Request.execute(
  method: :get,
  url: 'https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses',
  password: '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=',
  user: 'username',
  headers: headers
)
p JSON.parse(result)

URL obj = new URL("https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();

String userCredentials = "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);

con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
  new InputStreamReader(con.getInputStream(), "utf-8"))) {
    StringBuilder response = new StringBuilder();
    String responseLine = null;
    while ((responseLine = br.readLine()) != null) {
        response.append(responseLine.trim());
    }
    System.out.println(response.toString());
}


let user = 'username';
let password = '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
  headers.set('Accept', 'application/json');

fetch('https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

package main

import (
       "io/ioutil"
       "log"
       "net/http"
)

func main() { 
    headers := map[string][]string{
        "Accept": []string{"application/json"},

    }

    req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses", nil)
    req.Header = headers
    req.SetBasicAuth("username", "+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=")

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
      panic(err)
    }
    defer resp.Body.Close()

    body, _ := ioutil.ReadAll(resp.Body)

    log.Println(string(body))
}

200 Response

{
  "data": [
    {
      "id": "1337",
      "type": "weakness",
      "attributes": {
        "name": "Cross-Site Request Forgery (CSRF)",
        "description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
        "created_at": "2016-02-02T04:05:06.000Z",
        "external_id": "cwe-352"
      }
    },
    {
      "id": "1338",
      "type": "weakness",
      "attributes": {
        "name": "SQL Injection",
        "description": "The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",
        "created_at": "2016-03-02T04:05:06.000Z",
        "external_id": "cwe-89"
      }
    }
  ],
  "links": {}
}

GET /hackers/programs/{handle}/weaknesses

The Weakness endpoint enables you to retrieve a list of all weaknesses of the program.

Weaknesses can be fetched by sending a GET request to the weaknesses endpoint. When the request is successful, the API will respond with paginated weakness objects.

Parameters

Name In Type Required Description
handle path string true The handle of the program.
page[number] query any false The page to retrieve from.
page[size] query any false The number of objects per page (currently limited from 1 to 100).

Get Programs

Code samples

# You can also use wget
curl "https://api.hackerone.com/v1/hackers/programs" \
  -X GET \
  -u "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=" \
  -H 'Accept: application/json'

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.get(
  'https://api.hackerone.com/v1/hackers/programs',
  auth=('username', '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE='),
  headers = headers
)

print(r.json())

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json'
}

result = RestClient::Request.execute(
  method: :get,
  url: 'https://api.hackerone.com/v1/hackers/programs',
  password: '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=',
  user: 'username',
  headers: headers
)
p JSON.parse(result)

URL obj = new URL("https://api.hackerone.com/v1/hackers/programs");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();

String userCredentials = "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);

con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
  new InputStreamReader(con.getInputStream(), "utf-8"))) {
    StringBuilder response = new StringBuilder();
    String responseLine = null;
    while ((responseLine = br.readLine()) != null) {
        response.append(responseLine.trim());
    }
    System.out.println(response.toString());
}


let user = 'username';
let password = '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
  headers.set('Accept', 'application/json');

fetch('https://api.hackerone.com/v1/hackers/programs',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

package main

import (
       "io/ioutil"
       "log"
       "net/http"
)

func main() { 
    headers := map[string][]string{
        "Accept": []string{"application/json"},

    }

    req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/programs", nil)
    req.Header = headers
    req.SetBasicAuth("username", "+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=")

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
      panic(err)
    }
    defer resp.Body.Close()

    body, _ := ioutil.ReadAll(resp.Body)

    log.Println(string(body))
}

200 Response

{
  "data": [
    {
      "id": 9,
      "type": "program",
      "attributes": {
        "handle": "acme",
        "name": "acme",
        "currency": "usd",
        "profile_picture": "/assets/global-elements/add-team.png",
        "submission_state": "open",
        "triage_active": null,
        "state": "public_mode",
        "started_accepting_at": null,
        "number_of_reports_for_user": 0,
        "number_of_valid_reports_for_user": 0,
        "bounty_earned_for_user": 0,
        "last_invitation_accepted_at_for_user": null,
        "bookmarked": false,
        "allows_bounty_splitting": false
      }
    }
  ],
  "links": {}
}

GET /hackers/programs

This API endpoint allows you to query a paginated list of program objects.

Parameters

Name In Type Required Description
page[number] query any false The page to retrieve from.
page[size] query any false The number of objects per page (currently limited from 1 to 100).

Get Program

Code samples

# You can also use wget
curl "https://api.hackerone.com/v1/hackers/programs/{handle}" \
  -X GET \
  -u "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=" \
  -H 'Accept: application/json'

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.get(
  'https://api.hackerone.com/v1/hackers/programs/{handle}',
  auth=('username', '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE='),
  headers = headers
)

print(r.json())

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json'
}

result = RestClient::Request.execute(
  method: :get,
  url: 'https://api.hackerone.com/v1/hackers/programs/{handle}',
  password: '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=',
  user: 'username',
  headers: headers
)
p JSON.parse(result)

URL obj = new URL("https://api.hackerone.com/v1/hackers/programs/{handle}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();

String userCredentials = "username:+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);

con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
  new InputStreamReader(con.getInputStream(), "utf-8"))) {
    StringBuilder response = new StringBuilder();
    String responseLine = null;
    while ((responseLine = br.readLine()) != null) {
        response.append(responseLine.trim());
    }
    System.out.println(response.toString());
}


let user = 'username';
let password = '+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
  headers.set('Accept', 'application/json');

fetch('https://api.hackerone.com/v1/hackers/programs/{handle}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

package main

import (
       "io/ioutil"
       "log"
       "net/http"
)

func main() { 
    headers := map[string][]string{
        "Accept": []string{"application/json"},

    }

    req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/programs/{handle}", nil)
    req.Header = headers
    req.SetBasicAuth("username", "+RkfaGmptinbuqtURvzscSf/Sm4NXlw/x9pPtaLLzLE=")

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
      panic(err)
    }
    defer resp.Body.Close()

    body, _ := ioutil.ReadAll(resp.Body)

    log.Println(string(body))
}

200 Response

{
  "data": {
    "id": 9,
    "type": "program",
    "attributes": {
      "handle": "acme",
      "name": "acme",
      "currency": "usd",
      "profile_picture": "/assets/global-elements/add-team.png",
      "submission_state": "open",
      "triage_active": null,
      "state": "public_mode",
      "started_accepting_at": null,
      "number_of_reports_for_user": 0,
      "number_of_valid_reports_for_user": 0,
      "bounty_earned_for_user": 0,
      "last_invitation_accepted_at_for_user": null,
      "bookmarked": false,
      "allows_bounty_splitting": false,
      "offers_bounties": true
    },
    "relationships": {
      "structured_scopes": {
        "data": []
      }
    }
  }
}

GET /hackers/programs/{handle}

A program object can be fetched by sending a GET request to a unique program object. When the request is successful, the API will respond with a program object.

Parameters

Name In Type Required Description
handle path string true The handle of the program. Find the program handle by fetching your programs