Hacker Resources
Hacktivity
Get Hacktivity
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/hacktivity" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/hacktivity',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/hacktivity',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/hacktivity");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/hacktivity',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/hacktivity", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
hacktivity items found
{
"data": [
{
"id": 689314,
"type": "report",
"attributes": {
"title": "Project Template functionality can be used to copy private project data",
"substate": "Resolved",
"url": "https://hackerone.com/reports/689314",
"disclosed_at": "2019-11-27T10:02:44.156Z",
"cve_ids": [],
"cwe": "Privilege Escalation",
"severity_rating": "critical",
"votes": 438,
"total_awarded_amount": 12000,
"latest_disclosable_action": "Activities::ReportBecamePublic",
"latest_disclosable_activity_at": "2019-11-27T10:02:44.181Z",
"submitted_at": "2019-09-06T05:40:41.068Z",
"disclosed": true
},
"relationships": {
"report_generated_content": {
"data": {
"type": "report_generated_content",
"attributes": {
"hacktivity_summary": "Here you could see a generated summary."
}
}
},
"reporter": {
"data": {
"type": "user",
"attributes": {
"name": "Jobert Abma",
"username": "jobert"
}
}
},
"program": {
"data": {
"type": "program",
"attributes": {
"handle": "gitlab",
"name": "GitLab",
"currency": "usd",
"url": "https://hackerone.com/gitlab"
}
}
}
}
}
]
}
GET /hackers/hacktivity
This API endpoint allows you to query a paginated list of hacktivity_item objects.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| queryString | path | string | true | Expects an Apache Lucene query string syntax. Possible filters are severity_rating, asset_type, substate, cwe, cve_ids, reporter, team, total_awarded_amount, disclosed_at, has_collaboration and disclosed. Example: queryString=severity_rating:critical AND disclosed_at:>=01-01-1970 displays reports with a severity rating of critical that were disclosed after January 1st, 1970. If no query string is provided, all reports will be returned.' |
| page[number] | query | integer | false | The page to retrieve from. The default is set to 1. |
| page[size] | query | integer | false | The number of objects per page (currently limited from 1 to 100). The default is set to 25. |
Detailed descriptions
queryString: Expects an Apache Lucene query string syntax. Possible filters are severity_rating, asset_type, substate, cwe, cve_ids, reporter, team, total_awarded_amount, disclosed_at, has_collaboration and disclosed. Example: queryString=severity_rating:critical AND disclosed_at:>=01-01-1970 displays reports with a severity rating of critical that were disclosed after January 1st, 1970. If no query string is provided, all reports will be returned.'
Reports
Get Reports
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/me/reports" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/me/reports',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/me/reports',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/me/reports");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/me/reports',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/me/reports", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
report found
{
"data": [
{
"id": "1",
"type": "report",
"attributes": {
"title": "Yet Another XSS",
"state": "new",
"created_at": "2016-02-02T04:05:06.000Z",
"vulnerability_information": "Vuln information",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": null,
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"reporter_agreed_on_going_public_at": null,
"last_public_activity_at": null,
"last_activity_at": null
},
"relationships": {
"reporter": {
"data": {
"id": "1",
"type": "user",
"attributes": {
"username": "john",
"name": "John",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"bio": "Super great hacker",
"website": "http://hackerone.com",
"location": "Who wants to know?",
"hackerone_triager": false
}
}
},
"program": {
"data": {
"id": "1",
"type": "program",
"attributes": {
"handle": "teamy",
"created_at": null,
"updated_at": null
}
}
},
"weakness": {
"data": {
"id": "2",
"type": "weakness",
"attributes": {
"name": "Uncontrolled Resource Consumption",
"description": "The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",
"external_id": "3",
"created_at": "2016-02-02T04:05:06.000Z"
}
}
}
}
},
{
"id": "2",
"type": "report",
"attributes": {
"title": "Another XSS",
"state": "new",
"created_at": "2016-02-02T04:05:06.000Z",
"vulnerability_information": "Vuln information",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": null,
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"reporter_agreed_on_going_public_at": null,
"last_public_activity_at": null,
"last_activity_at": null
},
"relationships": {
"reporter": {
"data": {
"id": "3",
"type": "user",
"attributes": {
"username": "john",
"name": "John",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"bio": "Super great hacker",
"website": "http://hackerone.com",
"location": "Who wants to know?",
"hackerone_triager": false
}
}
},
"program": {
"data": {
"id": "4",
"type": "program",
"attributes": {
"handle": "teamy",
"created_at": null,
"updated_at": null
}
}
},
"weakness": {
"data": {
"id": "5",
"type": "weakness",
"attributes": {
"name": "Uncontrolled Resource Consumption",
"description": "The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",
"external_id": "2",
"created_at": "2016-02-02T04:05:06.000Z"
}
}
}
}
},
{
"id": "3",
"type": "report",
"attributes": {
"title": "XSS",
"state": "new",
"created_at": "2016-02-02T04:05:06.000Z",
"vulnerability_information": "Vuln information",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": null,
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"reporter_agreed_on_going_public_at": null,
"last_public_activity_at": null,
"last_activity_at": null
},
"relationships": {
"reporter": {
"data": {
"id": "4",
"type": "user",
"attributes": {
"username": "john",
"name": "John",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"bio": "Super great hacker",
"website": "http://hackerone.com",
"location": "Who wants to know?",
"hackerone_triager": false
}
}
},
"program": {
"data": {
"id": "5",
"type": "program",
"attributes": {
"handle": "teamy",
"created_at": null,
"updated_at": null
}
}
},
"weakness": {
"data": {
"id": "6",
"type": "weakness",
"attributes": {
"name": "Uncontrolled Resource Consumption",
"description": "The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",
"external_id": "7",
"created_at": "2016-02-02T04:05:06.000Z"
}
}
}
}
}
],
"links": {}
}
GET /hackers/me/reports
This API endpoint allows you to query a paginated list of report objects.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| page[number] | query | integer | false | The page to retrieve from. The default is set to 1. |
| page[size] | query | integer | false | The number of objects per page (currently limited from 1 to 100). The default is set to 25. |
Create Report
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/reports" \
-X POST \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d @- <<EOD
{
"data": {
"type": "report",
"attributes": {
"team_handle": "string",
"title": "string",
"vulnerability_information": "string",
"impact": "string",
"severity_rating": "none",
"weakness_id": 0,
"structured_scope_id": 0
}
}
}
EOD
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
data = {
"data": {
"type": "report",
"attributes": {
"team_handle": "string",
"title": "string",
"vulnerability_information": "string",
"impact": "string",
"severity_rating": "none",
"weakness_id": 0,
"structured_scope_id": 0
}
}
}
r = requests.post(
'https://api.hackerone.com/v1/hackers/reports',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
json = data,
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json'
}
data = {
"data": {
"type": "report",
"attributes": {
"team_handle": "string",
"title": "string",
"vulnerability_information": "string",
"impact": "string",
"severity_rating": "none",
"weakness_id": 0,
"structured_scope_id": 0
}
}
}
result = RestClient::Request.execute(
method: :post,
url: 'https://api.hackerone.com/v1/hackers/reports',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
payload: data,
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/reports");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/json; utf-8");
con.setRequestProperty("Accept", "application/json");
con.setDoOutput(true);
String jsonInputString = "{\n \"data\": {\n \"type\": \"report\",\n \"attributes\": {\n \"team_handle\": \"string\",\n \"title\": \"string\",\n \"vulnerability_information\": \"string\",\n \"impact\": \"string\",\n \"severity_rating\": \"none\",\n \"weakness_id\": 0,\n \"structured_scope_id\": 0\n }\n }\n}";
try(OutputStream os = con.getOutputStream()) {
byte[] input = jsonInputString.getBytes("utf-8");
os.write(input, 0, input.length);
}
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let inputBody = "{\n \"data\": {\n \"type\": \"report\",\n \"attributes\": {\n \"team_handle\": \"string\",\n \"title\": \"string\",\n \"vulnerability_information\": \"string\",\n \"impact\": \"string\",\n \"severity_rating\": \"none\",\n \"weakness_id\": 0,\n \"structured_scope_id\": 0\n }\n }\n}";
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Content-Type', 'application/json'); headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/reports',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"bytes"
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte(`"{\n \"data\": {\n \"type\": \"report\",\n \"attributes\": {\n \"team_handle\": \"string\",\n \"title\": \"string\",\n \"vulnerability_information\": \"string\",\n \"impact\": \"string\",\n \"severity_rating\": \"none\",\n \"weakness_id\": 0,\n \"structured_scope_id\": 0\n }\n }\n}"`))
req, err := http.NewRequest("POST", "https://api.hackerone.com/v1/hackers/reports", data)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
report created
{
"data": {
"id": "1337",
"type": "report",
"attributes": {
"title": "XSS in login form",
"state": "new",
"created_at": "2021-06-30T09:59:37.783Z",
"vulnerability_information": "Soo much vuln\n\n## Impact\n\nSoo much impact",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": "2021-06-30T09:59:38.294Z",
"first_program_activity_at": "2021-06-30T09:59:38.294Z",
"last_program_activity_at": "2021-06-30T09:59:38.294Z",
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"reporter_agreed_on_going_public_at": null,
"last_public_activity_at": "2021-06-30T09:59:38.294Z",
"last_activity_at": "2021-06-30T09:59:38.294Z",
"cve_ids": []
},
"relationships": {
"reporter": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "hacker",
"name": "Hacker",
"disabled": false,
"created_at": "2021-05-28T11:27:05.082Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"bio": "Hacker.",
"website": "https://example.com",
"location": "Hackland",
"hackerone_triager": false
}
}
},
"program": {
"data": {
"id": "1337",
"type": "program",
"attributes": {
"handle": "security",
"created_at": "2013-01-01T00:00:00.000Z",
"updated_at": "2021-06-25T10:04:59.678Z"
}
}
},
"severity": {
"data": {
"id": "74",
"type": "severity",
"attributes": {
"rating": "high",
"author_type": "User",
"user_id": 1337,
"created_at": "2021-06-30T09:59:38.029Z"
}
}
},
"swag": {
"data": []
},
"attachments": {
"data": []
},
"weakness": {
"data": {
"id": "1337",
"type": "weakness",
"attributes": {
"name": "Cross-Site Request Forgery (CSRF)",
"description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
"external_id": "cwe-352",
"created_at": "2021-05-28T11:26:59.604Z"
}
}
},
"activities": {
"data": []
},
"bounties": {
"data": []
},
"summaries": {
"data": []
}
}
}
}
POST /hackers/reports
This API endpoint can be used to submit reports to a specific team on the HackerOne platform. When the API call is successful, a report object will be returned.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| data | body | object | true | The information to create a report. |
| » type | body | string | true | none |
| » attributes | body | object | true | none |
| »» team_handle | body | string | true | The handle of the team that the report is being submitted to. |
| »» title | body | string | true | The title of the report. |
| »» vulnerability_information | body | string | true | Detailed information about the vulnerability including the steps to reproduce as well as supporting material and references. |
| »» impact | body | string | true | The security impact that an attacker could achieve. |
| »» severity_rating | body | severity-ratings | false | The qualitative rating of the severity. Provided either directly from the author or mapped from the calculated vulnerability score. |
| »» weakness_id | body | integer | false | The ID of the weakness object that describes the type of the potential issue. |
| »» structured_scope_id | body | integer | false | The ID of the structured scope object that describes the attack surface. |
Enumerated Values
| Parameter | Value |
|---|---|
| » type | report |
| »» severity_rating | none |
| »» severity_rating | low |
| »» severity_rating | medium |
| »» severity_rating | high |
| »» severity_rating | critical |
Get Report
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/reports/{id}" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/reports/{id}',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/reports/{id}',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/reports/{id}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/reports/{id}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/reports/{id}", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
report found
{
"data": {
"id": "1337",
"type": "report",
"attributes": {
"title": "XSS in login form",
"state": "new",
"created_at": "2016-02-02T04:05:06.000Z",
"vulnerability_information": "...",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": null,
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"source": null
},
"relationships": {
"reporter": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"assignee": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "member",
"name": "Member",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"program": {
"data": {
"id": "1337",
"type": "program",
"attributes": {
"handle": "security",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
}
}
},
"severity": {
"data": {
"id": "57",
"type": "severity",
"attributes": {
"rating": "high",
"author_type": "User",
"user_id": 1337,
"created_at": "2016-02-02T04:05:06.000Z",
"score": 8.7,
"attack_complexity": "low",
"attack_vector": "adjacent",
"availability": "high",
"confidentiality": "low",
"integrity": "high",
"privileges_required": "low",
"user_interaction": "required",
"scope": "changed"
}
}
},
"swag": {
"data": []
},
"attachments": {
"data": []
},
"weakness": {
"data": {
"id": "1337",
"type": "weakness",
"attributes": {
"name": "Cross-Site Request Forgery (CSRF)",
"description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
"external_id": "cwe-352",
"created_at": "2016-02-02T04:05:06.000Z"
}
}
},
"structured_scope": {
"data": {
"id": "57",
"type": "structured-scope",
"attributes": {
"asset_identifier": "api.example.com",
"asset_type": "url",
"confidentiality_requirement": "high",
"integrity_requirement": "high",
"availability_requirement": "high",
"max_severity": "critical",
"created_at": "2015-02-02T04:05:06.000Z",
"updated_at": "2016-05-02T04:05:06.000Z",
"instruction": null,
"eligible_for_bounty": true,
"eligible_for_submission": true,
"reference": "H001001"
}
}
},
"activities": {
"data": [
{
"type": "activity-comment",
"id": "445",
"attributes": {
"message": "Comment!",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"internal": false
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"signal": null,
"impact": null,
"reputation": null,
"bio": null,
"website": null,
"location": null,
"hackerone_triager": false
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
},
{
"id": "1337",
"type": "activity-bug-resolved",
"attributes": {
"message": "Bug Resolved!",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"internal": false
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
}
}
}
]
},
"bounties": {
"data": []
},
"summaries": {
"data": []
},
"triggered_pre_submission_trigger": {
"data": {
"id": "1337",
"type": "trigger",
"attributes": {
"title": "Example Trigger"
}
}
},
"custom_field_values": {
"data": []
},
"automated_remediation_guidance": {
"data": {
"id": "1",
"type": "automated-remediation-guidance",
"attributes": {
"reference": "https://cwe.mitre.org/data/definitions/120.html",
"created_at": "2020-10-23T12:09:37.859Z"
}
}
},
"custom_remediation_guidance": {
"data": {
"id": "84",
"type": "custom-remediation-guidance",
"attributes": {
"message": "Check buffer boundaries if accessing the buffer in a loop and make sure you are not in danger of writing past the allocated space.",
"created_at": "2020-10-26T08:47:23.296Z"
},
"relationships": {
"author": {
"data": {
"id": "1338",
"type": "user",
"attributes": {
"username": "api-example-2",
"name": "API Example 2",
"disabled": false,
"created_at": "2020-10-22T011:22:05.402Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
}
}
}
}
}
}
}
GET /hackers/reports/{id}
A report object can be fetched by sending a GET request to a unique report object.
In case the request was successful, the API will respond with a
report object.
The following report relationships are included: reporter, assignee (a user or group), program, weakness, severity, bounties, swag,activities, attachments, structured scope and summaries
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| id | path | integer | true | The ID of the report. |
Balance
Get Balance
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/payments/balance" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/payments/balance',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/payments/balance',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/payments/balance");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/payments/balance',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/payments/balance", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
balance found
{
"data": {
"balance": 105
}
}
GET /hackers/payments/balance
This API endpoint allows you to query your balance.
Earnings
Get Earnings
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/payments/earnings" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/payments/earnings',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/payments/earnings',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/payments/earnings");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/payments/earnings',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/payments/earnings", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
earnings found
{
"data": [
{
"id": "1",
"type": "earning-bounty-earned",
"attributes": {
"amount": 150,
"created_at": "2015-02-02T04:05:06.000Z"
},
"relationships": {
"program": {
"data": {
"id": "9",
"type": "program",
"attributes": {
"handle": "acme",
"name": "Acme",
"currency": null,
"profile_picture": null,
"submission_state": null,
"triage_active": null,
"state": null,
"started_accepting_at": null,
"number_of_reports_for_user": null,
"number_of_valid_reports_for_user": null,
"bounty_earned_for_user": null,
"last_invitation_accepted_at_for_user": null,
"bookmarked": null,
"allows_bounty_splitting": null
}
}
},
"bounty": {
"data": {
"id": "123",
"type": "bounty",
"attributes": {
"amount": "150.00",
"bonus_amount": "0.00",
"awarded_amount": "150.00",
"awarded_bonus_amount": "0.00",
"awarded_currency": "USD",
"created_at": "2015-02-02T04:05:06.000Z"
},
"relationships": {
"report": {
"data": {
"id": "123",
"type": "report",
"attributes": {
"title": "Great bounty",
"state": "resolved",
"created_at": "2015-02-02T04:05:06.000Z",
"vulnerability_information": "Vuln information",
"triaged_at": null,
"closed_at": "2015-02-02T04:05:06.000Z",
"last_reporter_activity_at": null,
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"reporter_agreed_on_going_public_at": null,
"last_public_activity_at": null,
"last_activity_at": null
}
}
}
}
}
}
}
}
],
"links": {}
}
GET /hackers/payments/earnings
This API endpoint allows you to query a paginated list of earning objects.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| page[number] | query | integer | false | The page to retrieve from. The default is set to 1. |
| page[size] | query | integer | false | The number of objects per page (currently limited from 1 to 100). The default is set to 25. |
Payouts
Get Payouts
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/payments/payouts" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/payments/payouts',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/payments/payouts',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/payments/payouts");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/payments/payouts',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/payments/payouts", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
earnings found
{
"data": [
{
"amount": 100,
"paid_out_at": "2016-02-02T04:05:06.000Z",
"reference": "<reference>",
"payout_provider": "PayPal",
"status": "sent"
}
],
"links": {}
}
GET /hackers/payments/payouts
This API endpoint allows you to query a paginated list of payout objects.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| page[number] | query | integer | false | The page to retrieve from. The default is set to 1. |
| page[size] | query | integer | false | The number of objects per page (currently limited from 1 to 100). The default is set to 25. |
Programs
Get Structured Scopes
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/programs/{handle}/structured_scopes" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/programs/{handle}/structured_scopes',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/programs/{handle}/structured_scopes',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/programs/{handle}/structured_scopes");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/programs/{handle}/structured_scopes',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/programs/{handle}/structured_scopes", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
structured scopes found
{
"data": [
{
"id": "<id>",
"type": "structured-scope",
"attributes": {
"asset_type": "URL",
"asset_identifier": "https://api.hackerone.com",
"eligible_for_bounty": true,
"eligible_for_submission": true,
"instruction": "This is our API",
"max_severity": "critical",
"created_at": "<date>",
"updated_at": "<date>",
"confidentiality_requirement": "high",
"integrity_requirement": "high",
"availability_requirement": "high"
}
}
],
"links": {
"self": "http://api.test.host/v1/hackers/programs/acme/structured_scopes?page%5Bsize%5D=1",
"next": "http://api.test.host/v1/hackers/programs/acme/structured_scopes?page%5Bnumber%5D=2&page%5Bsize%5D=1",
"last": "http://api.test.host/v1/hackers/programs/acme/structured_scopes?page%5Bnumber%5D=3&page%5Bsize%5D=1"
}
}
GET /hackers/programs/{handle}/structured_scopes
The Structured Scopes endpoint enables you to retrieve a list of all structured_scopes of the program.
Structured Scopes can be fetched by sending a GET request to the structured_scopes endpoint. When the request is successful, the API will respond with paginated structured_scope objects.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| handle | path | string | true | The handle of the program. |
| page[number] | query | integer | false | The page to retrieve from. The default is set to 1. |
| page[size] | query | integer | false | The number of objects per page (currently limited from 1 to 100). The default is set to 25. |
Get Weaknesses
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/programs/{handle}/weaknesses", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
weaknesses found
{
"data": [
{
"id": "1337",
"type": "weakness",
"attributes": {
"name": "Cross-Site Request Forgery (CSRF)",
"description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
"created_at": "2016-02-02T04:05:06.000Z",
"external_id": "cwe-352"
}
},
{
"id": "1338",
"type": "weakness",
"attributes": {
"name": "SQL Injection",
"description": "The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",
"created_at": "2016-03-02T04:05:06.000Z",
"external_id": "cwe-89"
}
}
],
"links": {}
}
GET /hackers/programs/{handle}/weaknesses
The Weakness endpoint enables you to retrieve a list of all weaknesses of the program.
Weaknesses can be fetched by sending a GET request to the weaknesses endpoint. When the request is successful, the API will respond with paginated weakness objects.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| handle | path | string | true | The handle of the program. |
| page[number] | query | integer | false | The page to retrieve from. The default is set to 1. |
| page[size] | query | integer | false | The number of objects per page (currently limited from 1 to 100). The default is set to 25. |
Get Programs
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/programs" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/programs',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/programs',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/programs");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/programs',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/programs", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
programs found
{
"data": [
{
"id": 9,
"type": "program",
"attributes": {
"handle": "acme",
"name": "acme",
"currency": "usd",
"profile_picture": "/assets/global-elements/add-team.png",
"submission_state": "open",
"triage_active": null,
"state": "public_mode",
"started_accepting_at": null,
"number_of_reports_for_user": 0,
"number_of_valid_reports_for_user": 0,
"bounty_earned_for_user": 0,
"last_invitation_accepted_at_for_user": null,
"bookmarked": false,
"allows_bounty_splitting": false,
"offers_bounties": true,
"open_scope": true,
"fast_payments": true,
"gold_standard_safe_harbor": false
}
}
],
"links": {}
}
GET /hackers/programs
This API endpoint allows you to query a paginated list of program objects.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| page[number] | query | integer | false | The page to retrieve from. The default is set to 1. |
| page[size] | query | integer | false | The number of objects per page (currently limited from 1 to 100). The default is set to 25. |
Get Program
Code samples
# You can also use wget
curl "https://api.hackerone.com/v1/hackers/programs/{handle}" \
-X GET \
-u "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>" \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get(
'https://api.hackerone.com/v1/hackers/programs/{handle}',
auth=('<YOUR_API_USERNAME>', '<YOUR_API_TOKEN>'),
headers = headers
)
print(r.json())
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient::Request.execute(
method: :get,
url: 'https://api.hackerone.com/v1/hackers/programs/{handle}',
password: '<YOUR_API_TOKEN>',
user: '<YOUR_API_USERNAME>',
headers: headers
)
p JSON.parse(result)
URL obj = new URL("https://api.hackerone.com/v1/hackers/programs/{handle}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
String userCredentials = "<YOUR_API_USERNAME>:<YOUR_API_TOKEN>";
String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userCredentials.getBytes()));
con.setRequestProperty ("Authorization", basicAuth);
con.setRequestMethod("GET");
try(BufferedReader br = new BufferedReader(
new InputStreamReader(con.getInputStream(), "utf-8"))) {
StringBuilder response = new StringBuilder();
String responseLine = null;
while ((responseLine = br.readLine()) != null) {
response.append(responseLine.trim());
}
System.out.println(response.toString());
}
let user = '<YOUR_API_USERNAME>';
let password = '<YOUR_API_TOKEN>';
let headers = new Headers();
headers.set('Authorization', 'Basic ' + btoa(user + ":" + password));
headers.set('Accept', 'application/json');
fetch('https://api.hackerone.com/v1/hackers/programs/{handle}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
req, err := http.NewRequest("GET", "https://api.hackerone.com/v1/hackers/programs/{handle}", nil)
req.Header = headers
req.SetBasicAuth("<YOUR_API_USERNAME>", "<YOUR_API_TOKEN>")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))
}
program found
{
"data": {
"id": 9,
"type": "program",
"attributes": {
"handle": "acme",
"name": "acme",
"currency": "usd",
"profile_picture": "/assets/global-elements/add-team.png",
"submission_state": "open",
"triage_active": null,
"state": "public_mode",
"started_accepting_at": null,
"number_of_reports_for_user": 0,
"number_of_valid_reports_for_user": 0,
"bounty_earned_for_user": 0,
"last_invitation_accepted_at_for_user": null,
"bookmarked": false,
"allows_bounty_splitting": false,
"offers_bounties": true,
"open_scope": true,
"fast_payments": true,
"gold_standard_safe_harbor": false
},
"relationships": {
"structured_scopes": {
"data": []
}
}
}
}
GET /hackers/programs/{handle}
A program object can be fetched by sending a GET request to a unique program object. When the request is successful, the API will respond with a program object.
NOTE
If you want to fetch all structured_scopes for a program you can use get structured scopes API endpoint.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| handle | path | string | true | The handle of the program. Find the program handle by fetching your programs |