NAV Navbar

Reference

The following section contains a complete reference of all the objects that can be returned through the API. Objects that have been explained earlier in this documentation are not included. The objects in this section are never top level resources by themselves and will only be returned as sub resources.

All objects are made up of an id and a type attribute. With those, additional attributes and relationships can be specified. An example how the data schema looks like, take a look at the response structure or the response object. Additional reading can be done at jsonapi.org.

activity

{
  "id": "string",
  "type": "string",
  "attributes": {
    "report_id": "string",
    "message": "string",
    "internal": true,
    "created_at": "2020-04-01T02:51:13Z",
    "updated_at": "2020-04-01T02:51:13Z"
  },
  "relationships": {
    "actor": {
      "data": {}
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

These objects represent an action that was performed on a report. Activities come in many sub types that can have additional attributes.

Attributes

Name Type Required Description
id string true The unique ID of the activity.
type string true Indicates what kind of activity it is.
attributes object true none
» report_id string false The report associated with the activity.
» message string¦null true The comment associated with the activity. May be updated through the
HackerOne interface. Markdown is not parsed.
» internal boolean true Indicates if this activity can only be read by Program users
and external users that were invited to the report.
» created_at string(date-time) true The date and time the object was created. Formatted according
to ISO 8601.
» updated_at string(date-time) true The date and time the object was updated. Formatted according
to ISO 8601.
relationships object false none
» actor object false The author of the activity.
»» data object false none

oneOf - discriminator: user.type

Name Type Required Description
»»» anonymous user false User objects represent accounts on HackerOne. These objects are mostly referenced
when someone performed an action using that account. All different actors on the
platform, hackers, API users, and program users, have a user account.

xor

Name Type Required Description
»»» anonymous program false A program object represents a disclosure program or bug bounty program on the
platform. When a user reports a bug to a program, this is
the object they interact with. Behind a program, there can be multiple users
that are part of the program. Those users can interact with reports on behalf
of the program.

continued

Name Type Required Description
» attachments object false A list of Attachment objects added to the activity.
»» data [attachment] false [Users can add attachments when they file a report or when they interact with a
report. Attachments may contain dangerous proof of concepts and should be handled
with caution.
]

activity-agreed-on-going-public

{
  "id": "1337",
  "type": "activity-agreed-on-going-public",
  "attributes": {
    "report_id": "string",
    "message": "Agreed On Going Public!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-agreed-on-going-public any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» attributes object false none
»» disclosed_at string(date-time)¦null false none
»» allow_singular_disclosure_at string(date-time)¦null false none

activity-bounty-awarded

{
  "id": "1337",
  "type": "activity-bounty-awarded",
  "attributes": {
    "report_id": "string",
    "message": "Bounty Awarded!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "bounty_amount": "500",
    "bonus_amount": "50"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "program",
        "attributes": {
          "handle": "security",
          "created_at": "2016-02-02T04:05:06.000Z",
          "updated_at": "2016-02-02T04:05:06.000Z"
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-bounty-awarded any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» attributes object false none
»» bounty_amount string false none
»» bonus_amount string false none

activity-bounty-suggested

{
  "id": "1337",
  "type": "activity-bounty-suggested",
  "attributes": {
    "report_id": "string",
    "message": "Bounty Suggested!",
    "internal": true,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "bounty_amount": "500",
    "bonus_amount": "50"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-bounty-suggested any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» attributes object false none
»» bounty_amount string false none
»» bonus_amount string false none

activity-bug-cloned

{
  "id": "1337",
  "type": "activity-bug-cloned",
  "attributes": {
    "report_id": "string",
    "message": "Bug Cloned!",
    "internal": true,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "original_report_id": 1336
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-bug-cloned any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» attributes object false none
»» original_report_id integer true none

activity-bug-duplicate

{
  "id": "1337",
  "type": "activity-bug-duplicate",
  "attributes": {
    "report_id": "string",
    "message": "Bug Duplicate!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "original_report_id": 1336
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-bug-duplicate any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» attributes object false none
»» original_report_id integer false none

activity-bug-filed

{
  "id": "7331",
  "type": "activity-bug-filed",
  "attributes": {
    "report_id": "string",
    "message": "",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "type": "user",
        "id": "1337",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2017-11-09T10:52:25.443Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-bug-filed any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-bug-inactive

{
  "id": "1337",
  "type": "activity-bug-inactive",
  "attributes": {
    "report_id": "string",
    "message": "Bug closed automatically due to inactivity in the last 30 days.",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": null
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-bug-inactive any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-bug-informative

{
  "id": "1337",
  "type": "activity-bug-informative",
  "attributes": {
    "report_id": "string",
    "message": "Bug Informative!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-bug-informative any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-bug-needs-more-info

{
  "id": "1337",
  "type": "activity-bug-needs-more-info",
  "attributes": {
    "report_id": "string",
    "message": "Bug Needs More Info!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-bug-needs-more-info any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-bug-new

{
  "id": "1337",
  "type": "activity-bug-new",
  "attributes": {
    "report_id": "string",
    "message": "Bug New!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-bug-new any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-bug-not-applicable

{
  "id": "1337",
  "type": "activity-bug-not-applicable",
  "attributes": {
    "report_id": "string",
    "message": "Bug Not Applicable!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-bug-not-applicable any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-bug-reopened

{
  "id": "1337",
  "type": "activity-bug-reopened",
  "attributes": {
    "report_id": "string",
    "message": "Bug Reopened!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-bug-reopened any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-bug-resolved

{
  "id": "1337",
  "type": "activity-bug-resolved",
  "attributes": {
    "report_id": "string",
    "message": "Bug Resolved!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-bug-resolved any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-bug-spam

{
  "id": "1337",
  "type": "activity-bug-spam",
  "attributes": {
    "report_id": "string",
    "message": "Bug Spam!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-bug-spam any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-bug-triaged

{
  "id": "1337",
  "type": "activity-bug-triaged",
  "attributes": {
    "report_id": "string",
    "message": "Bug Triaged!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-bug-triaged any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-cancelled-disclosure-request

{
  "id": "1337",
  "type": "activity-cancelled-disclosure-request",
  "attributes": {
    "report_id": "string",
    "message": "Cancel disclosure 1",
    "internal": false,
    "created_at": "2019-10-23T13:35:35.616Z",
    "updated_at": "2019-10-23T13:35:35.616Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api_user",
          "name": null,
          "disabled": false,
          "created_at": "2019-10-14T13:59:49.563Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          },
          "signal": null,
          "impact": null,
          "reputation": null,
          "bio": null,
          "website": null,
          "location": null,
          "hackerone_triager": false
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-cancelled-disclosure-request any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-changed-scope

{
  "id": "1337",
  "type": "activity-changed-scope",
  "attributes": {
    "report_id": "string",
    "message": "A different scope has added",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    },
    "old_scope": {
      "data": {
        "id": "1337",
        "type": "structured_scope",
        "attributes": {
          "asset_identifier": "www.example.com",
          "asset_type": "url",
          "confidentiality_requirement": null,
          "integrity_requirement": null,
          "availability_requirement": null,
          "max_severity": "critical",
          "created_at": "2015-02-02T04:05:06.000Z",
          "updated_at": "2016-05-02T04:05:06.000Z",
          "instruction": "not eligible for bounty",
          "eligible_for_bounty": false,
          "eligible_for_submission": true
        }
      }
    },
    "new_scope": {
      "data": {
        "id": "1338",
        "type": "structured_scope",
        "attributes": {
          "asset_identifier": "api.example.com",
          "asset_type": "url",
          "confidentiality_requirement": "high",
          "integrity_requirement": "high",
          "availability_requirement": "high",
          "max_severity": "critical",
          "created_at": "2015-02-02T04:05:06.000Z",
          "updated_at": "2016-05-02T04:05:06.000Z",
          "instruction": null,
          "eligible_for_bounty": true,
          "eligible_for_submission": true
        }
      }
    }
  }
}

Attributes

Name Type Required Description
activity-changed-scope any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» relationships object false none
»» old_scope object true none
»»» data structured-scope false A StructuredScope object represents an asset defined by the program. The scope on a
report was initially provided by the hacker, but may be reviewed and corrected by
the program.
»» new_scope object true none
»»» data structured-scope false A StructuredScope object represents an asset defined by the program. The scope on a
report was initially provided by the hacker, but may be reviewed and corrected by
the program.

activity-comment

{
  "id": "1337",
  "type": "activity-comment",
  "attributes": {
    "report_id": "string",
    "message": "Comment!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-comment any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-comments-closed

{
  "id": "1337",
  "type": "activity-comments-closed",
  "attributes": {
    "report_id": "string",
    "message": "Comments Closed!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-comments-closed any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-external-user-invitation-cancelled

{
  "id": "1337",
  "type": "activity-external-user-invitation-cancelled",
  "attributes": {
    "report_id": "string",
    "message": "External User Invitation Cancelled!",
    "internal": true,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "email": "hacker@example.com"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-external-user-invitation-cancelled any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» attributes object false none
»» email string¦null false none

activity-external-user-invited

{
  "id": "1337",
  "type": "activity-external-user-invited",
  "attributes": {
    "report_id": "string",
    "message": "External User Invited!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "email": "hacker@example.com"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-external-user-invited any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» attributes object false none
»» email string¦null false none

activity-external-user-joined

{
  "id": "1337",
  "type": "activity-external-user-joined",
  "attributes": {
    "report_id": "string",
    "message": "External User Joined!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "duplicate_report_id": 10
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-external-user-joined any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» attributes object false none
»» duplicate_report_id integer false none

activity-external-user-removed

{
  "id": "1337",
  "type": "activity-external-user-removed",
  "attributes": {
    "report_id": "string",
    "message": "External User Removed!",
    "internal": true,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    },
    "removed_user": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Attributes

Name Type Required Description
activity-external-user-removed any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» relationships object false none
»» removed_user object true none
»»» data user false User objects represent accounts on HackerOne. These objects are mostly referenced
when someone performed an action using that account. All different actors on the
platform, hackers, API users, and program users, have a user account.

activity-group-assigned-to-bug

{
  "id": "1337",
  "type": "activity-group-assigned-to-bug",
  "attributes": {
    "report_id": "string",
    "message": "Group Assigned To Bug!",
    "internal": true,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    },
    "group": {
      "data": {
        "id": "1337",
        "type": "group",
        "attributes": {
          "name": "Admin",
          "created_at": "2016-02-02T04:05:06.000Z",
          "permissions": [
            "user_management",
            "report_management"
          ]
        }
      }
    }
  }
}

Attributes

Name Type Required Description
activity-group-assigned-to-bug any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» relationships object false none
»» group object true none
»»» data group false A group represents a set of users. A group is used to delegate permissions for
the users in it. It can also be assigned to one or multiple reports.

activity-hacker-requested-mediation

{
  "id": "1337",
  "type": "activity-hacker-requested-mediation",
  "attributes": {
    "report_id": "string",
    "message": "Hacker Requested Mediation!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-hacker-requested-mediation any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-manually-disclosed

{
  "id": "1337",
  "type": "activity-manually-disclosed",
  "attributes": {
    "report_id": "string",
    "message": "Manually Disclosed!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-manually-disclosed any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-mediation-requested

{
  "id": "1337",
  "type": "activity-mediation-requested",
  "attributes": {
    "report_id": "string",
    "message": "Mediation Requested!",
    "internal": true,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-mediation-requested any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-nobody-assigned-to-bug

{
  "id": "1337",
  "type": "activity-nobody-assigned-to-bug",
  "attributes": {
    "report_id": "string",
    "message": "Nobody Assigned To Bug!",
    "internal": true,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-nobody-assigned-to-bug any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-not-eligible-for-bounty

{
  "id": "1337",
  "type": "activity-not-eligible-for-bounty",
  "attributes": {
    "report_id": "string",
    "message": "Not Eligible For Bounty!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-not-eligible-for-bounty any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-program-inactive

{
  "id": "1337",
  "type": "activity-program-inactive",
  "attributes": {
    "report_id": "string",
    "message": "Closed report and changed status to Informative due to inactive state of program.",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": null
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-program-inactive any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-reference-id-added

{
  "id": "1337",
  "type": "activity-reference-id-added",
  "attributes": {
    "report_id": "string",
    "message": "Reference Id Added!",
    "internal": true,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "reference": "reference",
    "reference_url": "https://example.com/reference"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-reference-id-added any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» attributes object false none
»» reference string true none
»» reference_url string true none

activity-report-became-public

{
  "id": "1337",
  "type": "activity-report-became-public",
  "attributes": {
    "report_id": "string",
    "message": "Report Became Public!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "program",
        "attributes": {
          "handle": "security",
          "created_at": "2016-02-02T04:05:06.000Z",
          "updated_at": "2016-02-02T04:05:06.000Z"
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-report-became-public any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-report-severity-updated

{
  "id": "1337",
  "type": "activity-report-severity-updated",
  "attributes": {
    "report_id": "string",
    "message": "Report Severity Updated!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-report-severity-updated any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-report-title-updated

{
  "id": "1337",
  "type": "activity-report-title-updated",
  "attributes": {
    "report_id": "string",
    "message": "Report Title Updated!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "old_title": "xss",
    "new_title": "XSS in login form"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-report-title-updated any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» attributes object false none
»» old_title string true none
»» new_title string true none

activity-report-vulnerability-types-updated

{
  "id": "1337",
  "type": "activity-report-vulnerability-types-updated",
  "attributes": {
    "report_id": "string",
    "message": "Report Vulnerability Types Updated!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    },
    "old_weakness": {
      "data": {
        "id": "1337",
        "type": "weakness",
        "attributes": {
          "name": "Cryptographic Issues - Generic",
          "description": "Weaknesses in this category are related to the use of cryptography.",
          "created_at": "2016-02-02T04:05:06.000Z"
        }
      }
    },
    "new_weakness": {
      "data": {
        "id": "1338",
        "type": "weakness",
        "attributes": {
          "name": "Use of Hard-coded Cryptographic Key",
          "description": "The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.",
          "created_at": "2016-02-02T04:05:06.000Z"
        }
      }
    }
  }
}

Attributes

Name Type Required Description
activity-report-vulnerability-types-updated any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» relationships object false none
»» old_weakness object false The weakness that was set before the change
»»» data weakness false A Weakness object represents the type of weakness the hacker submitted to a program.
The weakness was initially provided by the hacker, but may be reviewed and corrected
by the program.
»» new_weakness object false The weakness that was set after the change
»»» data weakness false A Weakness object represents the type of weakness the hacker submitted to a program.
The weakness was initially provided by the hacker, but may be reviewed and corrected
by the program.

activity-swag-awarded

{
  "id": "1337",
  "type": "activity-swag-awarded",
  "attributes": {
    "report_id": "string",
    "message": "Swag Awarded!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    },
    "swag": {
      "data": {
        "id": "1337",
        "type": "swag",
        "attributes": {
          "sent": false,
          "created_at": "2016-02-02T04:05:06.000Z"
        },
        "relationships": {
          "address": {
            "data": {
              "id": "1337",
              "type": "address",
              "attributes": {
                "name": "Jane Doe",
                "street": "535 Mission Street",
                "city": "San Francisco",
                "postal_code": "94105",
                "state": "CA",
                "country": "United States of America",
                "created_at": "2016-02-02T04:05:06.000Z",
                "tshirt_size": "M_Large",
                "phone_number": "+1-510-000-0000"
              }
            }
          }
        }
      }
    }
  }
}

Attributes

Name Type Required Description
activity-swag-awarded any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» relationships object false none
»» swag object true none
»»» data swag false Besides a financial reward, which is called a bounty, programs can
award swag. Report objects may contain multiple swag objects, one for each time
swag was awarded.

activity-user-assigned-to-bug

{
  "id": "string",
  "type": "string",
  "attributes": {
    "report_id": "string",
    "message": "string",
    "internal": true,
    "created_at": "2020-04-01T02:51:13Z",
    "updated_at": "2020-04-01T02:51:13Z"
  },
  "relationships": {
    "actor": {
      "data": {}
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  },
  "data": {
    "id": "1337",
    "type": "activity-user-assigned-to-bug",
    "attributes": {
      "message": "User Assigned To Bug!",
      "created_at": "2016-02-02T04:05:06.000Z",
      "updated_at": "2016-02-02T04:05:06.000Z",
      "internal": true
    },
    "relationships": {
      "actor": {
        "data": {
          "id": "1337",
          "type": "user",
          "attributes": {
            "username": "api-example",
            "name": "API Example",
            "disabled": false,
            "created_at": "2016-02-02T04:05:06.000Z",
            "profile_picture": {
              "62x62": "/assets/avatars/default.png",
              "82x82": "/assets/avatars/default.png",
              "110x110": "/assets/avatars/default.png",
              "260x260": "/assets/avatars/default.png"
            }
          }
        }
      },
      "assigned_user": {
        "data": {
          "id": "1336",
          "type": "user",
          "attributes": {
            "username": "other_user",
            "name": "Other User",
            "disabled": false,
            "created_at": "2016-02-02T04:05:06.000Z",
            "profile_picture": {
              "62x62": "/assets/avatars/default.png",
              "82x82": "/assets/avatars/default.png",
              "110x110": "/assets/avatars/default.png",
              "260x260": "/assets/avatars/default.png"
            }
          }
        }
      }
    }
  }
}

Attributes

Name Type Required Description
activity-user-assigned-to-bug any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» relationships object false none
»» assigned_user object true none
»»» data user false User objects represent accounts on HackerOne. These objects are mostly referenced
when someone performed an action using that account. All different actors on the
platform, hackers, API users, and program users, have a user account.

activity-user-banned-from-program

{
  "id": "1337",
  "type": "activity-user-banned-from-program",
  "attributes": {
    "report_id": "string",
    "message": "User Banned From Program!",
    "internal": true,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    },
    "removed_user": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Attributes

Name Type Required Description
activity-user-banned-from-program any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» relationships object false none
»» removed_user object true none
»»» data user false User objects represent accounts on HackerOne. These objects are mostly referenced
when someone performed an action using that account. All different actors on the
platform, hackers, API users, and program users, have a user account.

activity-user-completed-retest

{
  "id": "1337",
  "type": "activity-user-completed-retest",
  "attributes": {
    "report_id": "string",
    "message": "User Completed Retest!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-user-completed-retest any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

activity-user-left-retest

{
  "id": "1337",
  "type": "activity-user-left-retest",
  "attributes": {
    "report_id": "string",
    "message": "User left Retest!",
    "internal": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Attributes

Name Type Required Description
activity-user-left-retest any false none

allOf

Name Type Required Description
anonymous activity false These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none

address

{
  "id": "1337",
  "type": "address",
  "attributes": {
    "name": "Jane Doe",
    "street": "535 Mission Street",
    "city": "San Francisco",
    "postal_code": "94105",
    "state": "CA",
    "country": "United States of America",
    "created_at": "2016-02-02T04:05:06.000Z",
    "tshirt_size": "W_Large",
    "phone_number": "+1-510-000-0000"
  }
}

This object contains the postal address for the delivery of awarded swag.

Attributes

Name Type Required Description
id string true The unique ID of the address.
type string true none
attributes object true none
» name string true none
» street string true none
» city string true none
» postal_code string true none
» state string true none
» country string true none
» tshirt_size string false none
» phone_number string false none
» created_at string(date-time) true The date and time the object was created. Formatted according
to ISO 8601.

Enumerated Values

Property Value
type address
tshirt_size M_Small
tshirt_size M_Medium
tshirt_size M_Large
tshirt_size M_XLarge
tshirt_size M_XXLarge
tshirt_size W_Small
tshirt_size W_Medium
tshirt_size W_Large
tshirt_size W_XLarge
tshirt_size W_XXLarge

attachment

{
  "id": "1337",
  "type": "attachment",
  "attributes": {
    "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
    "created_at": "2016-02-02T04:05:06.000Z",
    "file_name": "root.rb",
    "content_type": "text/x-ruby",
    "file_size": 2871
  }
}

Users can add attachments when they file a report or when they interact with a report. Attachments may contain dangerous proof of concepts and should be handled with caution.

Attributes

Name Type Required Description
id string true The unique ID of the attachment.
type string true none
attributes object true none
» file_name string true The file name of the attachment.
» content_type string true The content type of the attachment. The content type is derived from the
contents and extension of the file.
» file_size integer true The file size of the attachment in bytes.
» expiring_url string true A URL to download the attachment. The URL will automatically expire after
60 minutes.
» created_at string(date-time) true The date and time the object was created. Formatted according
to ISO 8601.

Enumerated Values

Property Value
type attachment

audit-log

{
  "id": "1",
  "type": "audit-log-item",
  "attributes": {
    "log": "\"@member\" invited \"someone@example.com\".",
    "event": "invitations.team_members.create",
    "source": "User#1",
    "subject": "Invitation#1",
    "user_agent": "Chrome/11.0",
    "country": "US",
    "parameters": "{\"identifier\":\"jobert\"}",
    "created_at": "2019-05-15T04:05:06.000Z"
  }
}

An audit log item contains information to determine who did what in a program.

Attributes

Name Type Required Description
id string true The unique ID of the audit log item.
type string true Indicates what kind of object it is.
attributes object true none
» log string true A human-readable log entry describing what happened.
» event string¦null true The event that created the audit log item.
» source string true A unique identifier that indicates the source of the audit log item.
» subject string true A unique identifier that indicates the subject of the audit log item.
» user_agent string¦null false An optional string that contains the user agent specified by the client.
» country string¦null false An optional ISO 3166 country code. XX means that the country
couldn't be found. T1 is a Tor node.
» parameters string true A serialized JSON object containing the data that was used to construct
the audit log.
» created_at string(date-time) true The date and time the object was created. Formatted according to ISO 8601.

bounty

{
  "id": "1337",
  "type": "bounty",
  "attributes": {
    "amount": "500.00",
    "bonus_amount": "50.00",
    "created_at": "2016-02-02T04:05:06.000Z"
  }
}

When a program pays a bounty to the hacker, a bounty object is created. A report may contain multiple bounty objects, one for each time a bounty was awarded. The hacker that reported the vulnerability is the user that received the bounty.

Attributes

Name Type Required Description
id string true The unique ID of the bounty.
type string true none
attributes object true none
» amount string¦null false Amount in USD.
» bonus_amount string¦null false Bonus amount in USD.
» awarded_amount string¦null false Amount in awarded currency.
» awarded_bonus_amount string¦null false Bonus amount in awarded currency.
» awarded_currency string¦null false The currency used to award the bounty and bonus.
» created_at string(date-time) true The date and time the object was created. Formatted according
to ISO 8601.
» invitations [object] false A collection of invitations created to claim the awarded bounty.
»» id string false The ID of the invitation.
»» recipient string¦null false The email address of the invitation recipient.
»» claim_url string¦null false The URL to claim the awarded bounty.

Enumerated Values

Property Value
type bounty

custom-field-attribute

{
  "id": "1337",
  "type": "custom-field-attribute",
  "attributes": {
    "label": "Team",
    "configuration": null,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "archived_at": null
  }
}

A Custom Field Attribute is an object containing the label and configuration of a Custom Field created for a Report or Program.

Attributes

Name Type Required Description
id string true The unique ID of the custom field attribute.
type string true none
attributes object true none
» label string true The attribute's label.
» configuration string¦null false An optional configuration for the attribute's type.
» created_at string(date-time) true The date and time the object was created. Formatted according
to ISO 8601.
» updated_at string(date-time) true The date and time the object was updated. Formatted according
to ISO 8601.
» archived_at string(date-time)¦null false The date and time the object was archived. Formatted according
to ISO 8601.

Enumerated Values

Property Value
type custom-field-attribute

custom-field-input

{
  "id__eq": "1",
  "value__eq": "Infrastructure"
}

An input to query for Report types by Custom Fields IDs and values.

Attributes

Name Type Required Description
id__eq string true The ID of the Custom Field Attribute that needs to be filtered by.
value__eq string true The Value of the corresponding Custom Field Value object that needs to be
filtered by. Wildcards (% and _) can be used to loosely match on the stored
value of the Custom Field.

custom-field-value

{
  "id": "1337",
  "type": "custom-field-value",
  "attributes": {
    "value": "Infrastructure",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "custom_field_attribute": {
      "data": {
        "id": "287",
        "type": "custom-field-attribute",
        "attributes": {
          "label": "Product Squad",
          "configuration": null,
          "created_at": "2013-01-01T00:00:00.000Z",
          "updated_at": "2013-01-01T00:00:00.000Z",
          "archived_at": null
        }
      }
    }
  }
}

A Custom Field Value object contains the value set for a particular Custom Field Attribute.

Attributes

Name Type Required Description
id string true The unique ID of the custom field value.
type string true none
attributes object true none
» value string¦null true The attribute's value.
» created_at string(date-time) true The date and time the object was created. Formatted according
to ISO 8601.
» updated_at string(date-time) true The date and time the object was updated. Formatted according
to ISO 8601.
relationships object false none
» custom_field_attribute object true none
»» data custom-field-attribute false The Custom Field Attribute associated with the
Custom Field Value object.

Enumerated Values

Property Value
type custom-field-value

error

{
  "status": 0,
  "title": "string",
  "detail": "string",
  "source": {
    "parameter": "string"
  }
}

Attributes

Name Type Required Description
status integer true The HTTP status code.
title string false The error message.
detail string false Additional details about the error.
source object false none
» parameter string false The name of the parameter related to the error.

errors

{
  "errors": [
    {
      "status": 0,
      "title": "string",
      "detail": "string",
      "source": {
        "parameter": "string"
      }
    }
  ]
}

Attributes

Name Type Required Description
errors [error] true none

group

{
  "id": "1337",
  "type": "group",
  "attributes": {
    "name": "Admin",
    "created_at": "2016-02-02T04:05:06.000Z",
    "permissions": [
      "user_management",
      "report_management"
    ]
  }
}

A group represents a set of users. A group is used to delegate permissions for the users in it. It can also be assigned to one or multiple reports.

Attributes

Name Type Required Description
id string true The unique ID of the group.
type string true none
attributes object true none
» name string true The name of the group.
» permissions [string] true The permissions of the group. Possible values are reward_management,
program_management, user_management, and
report_management.
» created_at string(date-time) true The date and time the object was created. Formatted according
to ISO 8601.

Enumerated Values

Property Value
type group

invitation

{
  "id": "string",
  "type": "string",
  "attributes": {
    "created_at": "2020-04-01T02:51:13Z",
    "updated_at": "2020-04-01T02:51:13Z"
  }
}

These objects represent an invitation that was sent to a recipient. Invitations come in many sub types that can have additional attributes.

Attributes

Name Type Required Description
id string true The unique ID of the invitation.
type string true Indicates what kind of invitation it is.
attributes object true none
» created_at string(date-time) true The date and time the object was created. Formatted according
to ISO 8601.
» updated_at string(date-time) true The date and time the object was updated. Formatted according
to ISO 8601.

invitation-report

{
  "id": "1337",
  "type": "activity-agreed-on-going-public",
  "attributes": {
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "message": "Agreed On Going Public!",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Attributes

Name Type Required Description
invitation-report any false none

allOf

Name Type Required Description
anonymous invitation false These objects represent an invitation that was sent to a recipient.
Invitations come in many sub types that can have additional attributes.

and

Name Type Required Description
anonymous object false none
» attributes object false none
»» report_id string false The report associated with the invitation.
{
  "data": [
    {
      "id": "1337",
      "type": "some-object",
      "attributes": {
        "some_attribute": "some value"
      },
      "relationships": {
        "some_relationship": {
          "data": {
            "id": "1337",
            "type": "some-other-object",
            "attributes": {
              "some_attribute": "some value"
            }
          }
        }
      }
    }
  ],
  "links": {
    "first": "https://api.hackerone.com/v1/reports/1333",
    "prev": "https://api.hackerone.com/v1/reports/1336",
    "self": "https://api.hackerone.com/v1/reports/1337",
    "next": "https://api.hackerone.com/v1/reports/1338",
    "last": "https://api.hackerone.com/v1/reports/1345"
  }
}

When querying for multiple objects, the client needs to know how to query the next page. This kind of data is included in this attribute. In case there is no additional meta data, this attribute is not returned by the API.

Attributes

Name Type Required Description
attributes object false none
» first string false This attribute contains a URL to the first page or first resource when the resource
or resources are paginated.
» prev string false This attribute contains a URL to the previous page or previous resource when
the resource or resources are paginated.
» self string false This attribute contains a URL to the resource itself when it can be queried as a
top level resource. At this moment, only report objects can
be queried as individual resources.
» next string false This attribute contains the URL to the next page or next resource when the resource
or resources are paginated.
» last string false This attribute contains a URL to the last page or last resource when the resource
or resources are paginated.

member

{
  "id": "1337",
  "type": "member",
  "attributes": {
    "created_at": "2016-02-02T04:05:06.000Z",
    "permissions": [
      "program_management",
      "report_management",
      "reward_management",
      "user_management"
    ]
  },
  "relationships": {
    "user": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

A member represents a user that is part of a program. A member is used to delegate permissions for the users attached to it.

Attributes

Name Type Required Description
id string true The unique ID of the member.
type string true none
attributes object true none
» permissions [string] true The permissions of the member. Possible values are reward_management,
program_management, user_management, and
report_management.
» groups [object] false The list of groups the member belongs to.
»» data [group] false [A group represents a set of users. A group is used to delegate permissions for
the users in it. It can also be assigned to one or multiple reports.
]
» created_at string(date-time) true The date and time the object was created. Formatted according
to ISO 8601.
relationships object true none
» user object true The user that is part of the program.
»» data user false User objects represent accounts on HackerOne. These objects are mostly referenced
when someone performed an action using that account. All different actors on the
platform, hackers, API users, and program users, have a user account.

Enumerated Values

Property Value
type member

program

{
  "id": "1337",
  "type": "program",
  "attributes": {
    "handle": "security",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "groups": {
      "data": [
        {
          "id": "2557",
          "type": "group",
          "attributes": {
            "name": "Standard",
            "created_at": "2016-02-02T04:05:06.000Z",
            "permissions": [
              "report_management",
              "reward_management"
            ]
          }
        },
        {
          "id": "2558",
          "type": "group",
          "attributes": {
            "name": "Admin",
            "created_at": "2016-02-02T04:05:06.000Z",
            "permissions": [
              "user_management",
              "program_management"
            ]
          }
        }
      ]
    },
    "custom_field_attributes": {
      "data": [
        {
          "id": "1337",
          "type": "custom-field-attribute",
          "attributes": {
            "label": "Team",
            "configuration": null,
            "created_at": "2016-02-02T04:05:06.000Z",
            "updated_at": "2016-02-02T04:05:06.000Z",
            "archived_at": null
          }
        }
      ]
    },
    "members": {
      "data": [
        {
          "id": "1339",
          "type": "member",
          "attributes": {
            "created_at": "2016-02-02T04:05:06.000Z",
            "permissions": [
              "program_management",
              "report_management",
              "reward_management",
              "user_management"
            ]
          },
          "relationships": {
            "user": {
              "data": {
                "id": "1337",
                "type": "user",
                "attributes": {
                  "username": "api-example",
                  "name": "API Example",
                  "disabled": false,
                  "created_at": "2016-02-02T04:05:06.000Z",
                  "profile_picture": {
                    "62x62": "/assets/avatars/default.png",
                    "82x82": "/assets/avatars/default.png",
                    "110x110": "/assets/avatars/default.png",
                    "260x260": "/assets/avatars/default.png"
                  }
                }
              }
            }
          }
        }
      ]
    },
    "policy_attachments": {
      "data": [
        {
          "id": "<id>",
          "type": "attachment",
          "attributes": {
            "expiring_url": "<url>",
            "created_at": "<date>",
            "file_name": "logo.png",
            "content_type": "image/png",
            "file_size": 3650
          }
        }
      ]
    }
  }
}

A program object represents a disclosure program or bug bounty program on the platform. When a user reports a bug to a program, this is the object they interact with. Behind a program, there can be multiple users that are part of the program. Those users can interact with reports on behalf of the program.

Attributes

Name Type Required Description
id string true The unique ID of the program.
type string true none
attributes object true none
» handle string true The handle of the program. Handles are unique and scoped under the same
namespace as user usernames.
» policy string true The policy of the program.
» created_at string(date-time) true The date and time the object was created. Formatted according
to ISO 8601.
» updated_at string(date-time) true The date and time the object was updated. Formatted according
to ISO 8601.
relationships object false none
» groups object false The groups of the program, which is used to delegate permissions and
can be used to assign multiple users to a single report. Only included
when the program object is fetched through the program resource.
»» data [group] false [A group represents a set of users. A group is used to delegate permissions for
the users in it. It can also be assigned to one or multiple reports.
]
» members object false The members of the program, which is used to define the permissions of
a user's membership of a program. Only included when the program object
is fetched through the program resource.
»» data [member] false [A member represents a user that is part of a program. A member is used to delegate permissions
for the users attached to it.
]
» policy_attachments object false Policy attachments of the program. Only included when the program object
is fetched through the program resource.
»» data [attachment] false [Users can add attachments when they file a report or when they interact with a
report. Attachments may contain dangerous proof of concepts and should be handled
with caution.
]
» custom_field_attributes object false The Custom Field Attributes of the program, which are used to define
Custom Fields on a Report.
»» data [custom-field-attribute] false [A Custom Field Attribute is an object containing the label and configuration
of a Custom Field created for a Report or Program.
]
» transactions object false The payment transactions of the program for the selected period.
»» data [transaction] false [A Transaction object represents the information about the program
payment transaction.
]

Enumerated Values

Property Value
type program

report

{
  "id": "1337",
  "type": "report",
  "attributes": {
    "title": "XSS in login form",
    "state": "new",
    "created_at": "2016-02-02T04:05:06.000Z",
    "vulnerability_information": "...",
    "triaged_at": null,
    "closed_at": null,
    "last_reporter_activity_at": null,
    "first_program_activity_at": null,
    "last_program_activity_at": null,
    "bounty_awarded_at": null,
    "swag_awarded_at": null,
    "disclosed_at": null,
    "last_public_activity_at": null,
    "last_activity_at": null,
    "issue_tracker_reference_url": "https://example.com/reference",
    "cve_ids": [],
    "source": null,
    "reporter_agreed_on_going_public_at": null
  },
  "relationships": {
    "reporter": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          },
          "reputation": 7,
          "signal": 7,
          "impact": 30
        }
      }
    },
    "program": {
      "data": {
        "id": "1337",
        "type": "program",
        "attributes": {
          "handle": "security",
          "created_at": "2016-02-02T04:05:06.000Z",
          "updated_at": "2016-02-02T04:05:06.000Z"
        }
      }
    },
    "swag": {
      "data": []
    },
    "attachments": {
      "data": []
    },
    "weakness": {
      "data": {
        "id": "1337",
        "type": "weakness",
        "attributes": {
          "name": "Cross-Site Request Forgery (CSRF)",
          "description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
          "external_id": "cwe-352",
          "created_at": "2016-02-02T04:05:06.000Z"
        }
      }
    },
    "structured_scope": {
      "data": {
        "id": "287",
        "type": "structured-scope",
        "attributes": {
          "asset_type": "URL",
          "asset_identifier": "www.hackerone.com",
          "eligible_for_bounty": true,
          "eligible_for_submission": true,
          "instruction": "This asset does not contain any highly confidential information.",
          "max_severity": "critical",
          "created_at": "2016-02-02T04:05:06.000Z",
          "updated_at": "2016-02-02T04:05:06.000Z",
          "reference": "T12345",
          "confidentiality_requirement": "medium",
          "integrity_requirement": "high",
          "availability_requirement": "medium"
        }
      }
    },
    "activities": {
      "data": []
    },
    "bounties": {
      "data": []
    },
    "summaries": {
      "data": []
    }
  }
}

A report object contains the information that hackers submitted to a program, the interactions the program users had with the report, and all additional meta information like bounties, swag, and internal references.

Attributes

Name Type Required Description
id string true The unique ID of the report.
type string true none
attributes object true none
» title string true The title of the report. May be updated through the HackerOne interface.
» vulnerability_information string false The raw report's vulnerability information. Markdown is not parsed.
» state report-states true The report its current state. May be updated through the HackerOne interface or
the HackerOne API.
» created_at string(date-time) true The date and time the object was created. Formatted according
to ISO 8601.
» triaged_at string(date-time)¦null true The date and time the report was triaged. This attribute is reset when the
report was reopened after it was triaged. Formatted according to ISO 8601.
» closed_at string(date-time)¦null true The date and time the report was closed. This attribute is reset when the
report was reopened after it was closed. Formatted according to ISO 8601.
» last_reporter_activity_at string(date-time)¦null true The date and time that the most recent reporter activity was posted on the report.
Formatted according to ISO 8601.
» first_program_activity_at string(date-time)¦null true The date and time that the first program activity was posted on the report.
Formatted according to ISO 8601.
» last_program_activity_at string(date-time)¦null true The date and time that the most recent program activity was posted on the report.
Formatted according to ISO 8601.
» last_activity_at string(date-time)¦null true The date and time that the most recent activity was posted on the report.
Formatted according to ISO 8601.
» last_public_activity_at string(date-time)¦null true The date and time that the most recent public activity was posted on the report.
Formatted according to ISO 8601.
» bounty_awarded_at string(date-time)¦null true The date and time that the most recent bounty was awarded on the report.
Formatted according to ISO 8601.
» swag_awarded_at string(date-time)¦null true The date and time that the most recent swag was awarded on the report.
Formatted according to ISO 8601.
» disclosed_at string(date-time)¦null true The date and time the report was disclosed. Formatted according
to ISO 8601.
» reporter_agreed_on_going_public_at string(date-time)¦null true The date and time the reporter agreed for the public disclosure.
Formatted according to ISO 8601.
» issue_tracker_reference_id string false The id of the issue tracker reference typically used when
triaging a report.
» issue_tracker_reference_url string false The url of the issue tracker reference.
» cve_ids [string] false An assigned CVE id(s) for this report
» source string¦null true A free-form string defining the source of the report for tracking purposes.
For example, "detectify", "rapid7" or "jira".
relationships object true none
» program object true The program that received the report.
»» data program false A program object represents a disclosure program or bug bounty program on the
platform. When a user reports a bug to a program, this is
the object they interact with. Behind a program, there can be multiple users
that are part of the program. Those users can interact with reports on behalf
of the program.
» assignee object false The user or group that is assigned to handle the report.
»» data any false none

oneOf - discriminator: user.type

Name Type Required Description
»»» anonymous user false User objects represent accounts on HackerOne. These objects are mostly referenced
when someone performed an action using that account. All different actors on the
platform, hackers, API users, and program users, have a user account.

xor - discriminator: group.type

Name Type Required Description
»»» anonymous group false A group represents a set of users. A group is used to delegate permissions for
the users in it. It can also be assigned to one or multiple reports.

continued

Name Type Required Description
» attachments object false A list of Attachment objects that the reporter added to the report.
»» data [attachment] false [Users can add attachments when they file a report or when they interact with a
report. Attachments may contain dangerous proof of concepts and should be handled
with caution.
]
» swag object false A list of Swag objects that were awarded to the reporter.
»» data [swag] false [Besides a financial reward, which is called a bounty, programs can
award swag. Report objects may contain multiple swag objects, one for each time
swag was awarded.
]
» weakness object false The Weakness object of the report provided by the reporter or team.
»» data weakness false A Weakness object represents the type of weakness the hacker submitted to a program.
The weakness was initially provided by the hacker, but may be reviewed and corrected
by the program.
» structured_scope object false The StructuredScope object of the report provided by the reporter or team.
»» data structured-scope false A StructuredScope object represents an asset defined by the program. The scope on a
report was initially provided by the hacker, but may be reviewed and corrected by
the program.
» severity object false The Severity object of the report provided by the reporter or team.
»» data severity false A severity object represents the severity of a report, if provided by the reporter or
a team member.
» reporter object false The user that created the report. This object contains the user's reputation, signal,
and impact metrics.
»» data user false User objects represent accounts on HackerOne. These objects are mostly referenced
when someone performed an action using that account. All different actors on the
platform, hackers, API users, and program users, have a user account.
» triggered_pre_submission_trigger object false A pre-submission trigger that notified the hacker before submission.
This field is only present for reports filed after February 14, 2016.
»» data trigger false Triggers are a way to show a pop-up message or to automatically reply to reports
based on their title or content.
» activities object false A list of Activity objects that can be used to generate a timeline of changes.
Activities are ordered by most recent first.
»» data [activity] false [These objects represent an action that was performed on a report.
Activities come in many sub types that can have additional attributes.
]
» bounties object false A list of Bounty objects that were awarded to the reporter.
»» data [bounty] false [When a program pays a bounty to the hacker, a bounty object is created.
A report may contain multiple bounty objects, one for each time a bounty was
awarded. The hacker that reported the vulnerability is the user that received
the bounty.
]
» summaries object false A list of Report Summary objects that were added to the report by the reporter
and team.
»» data [report-summary] false [Before a report is disclosed, the program and the hacker may add a summary. A
report can have only one summary per party. Unlike activities, summaries can
be edited through HackerOne indefinitely.
]
» custom_field_values object false A list of Custom Field Value objects containing all Custom Field Attributes
that are set for the report. Enterprise only.
»» data [custom-field-value] false [A Custom Field Value object contains the value set for a particular
Custom Field Attribute.
]

Enumerated Values

Property Value
type report

report-states

"new"

Attributes

Name Type Required Description
report-states string false none

Enumerated Values

Property Value
report-states new
report-states triaged
report-states needs-more-info
report-states resolved
report-states not-applicable
report-states informative
report-states duplicate
report-states spam

report-summary

{
  "id": "1337",
  "type": "report-summary",
  "attributes": {
    "content": "There was a cross-site scripting vulnerability in our login form.",
    "category": "team",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "user": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Before a report is disclosed, the program and the hacker may add a summary. A report can have only one summary per party. Unlike activities, summaries can be edited through HackerOne indefinitely.

Attributes

Name Type Required Description
id string true The unique ID of the report summary.
type string true none
attributes object true none
» content string true The raw summary of the report. Markdown is not parsed.
» category string true The involved party that wrote the summary.
» created_at string(date-time) true The date and time the object was created. Formatted according
to ISO 8601.
» updated_at string(date-time) true The date and time the object was last updated. Formatted according
to ISO 8601.
relationships object true none
» user object true The author that added the summary to the report.
»» data user false User objects represent accounts on HackerOne. These objects are mostly referenced
when someone performed an action using that account. All different actors on the
platform, hackers, API users, and program users, have a user account.

Enumerated Values

Property Value
type report-summary
category researcher
category team

severity

{
  "id": "57",
  "type": "severity",
  "attributes": {
    "rating": "high",
    "author_type": "User",
    "user_id": 1337,
    "created_at": "2016-02-02T04:05:06.000Z",
    "score": 8.7,
    "attack_complexity": "low",
    "attack_vector": "adjacent",
    "availability": "high",
    "confidentiality": "low",
    "integrity": "high",
    "privileges_required": "low",
    "user_interaction": "required",
    "scope": "changed"
  }
}

A severity object represents the severity of a report, if provided by the reporter or a team member.

Attributes

Name Type Required Description
id string true The unique ID of the severity.
type string true none
attributes object true none
» rating severity-ratings true The qualitative rating of the severity. Provided either directly from the author or
mapped from the calculated vulnerability score.
» author_type string true The involved party that provided the severity.
» user_id integer true The unique id of the user who created the object.
» score number¦null false The vulnerability score calculated from the Common Vulnerability Scoring System (CVSS).
Only present if CVSS metrics were provided.
» attack_vector string¦null false A CVSS metric that reflects the context by which vulnerability exploritation
is possible.
» attack_complexity string false A CVSS metric that describes the conditions beyond the attacker's control that must exist
in order to exploit the vulnerability.
» privileges_required string false A CVSS metric that describes the level of privileges an attacker must possess before
successfully exploiting the vulnerability.
» user_interaction string false A CVSS metric that captures the requirement for a user, other than the attacker, to
participate in the successful compromise of the vulnerability component.
» scope string¦null false A CVSS metric that determines if a successful attack impacts a component other than the
vulnerable component.
» confidentiality string false A CVSS metric that measures the impact to the confidentiality of the information resources
managed by a software component due to a successfully exploited vulnerability.
» integrity string false A CVSS metric that measures the impact to the integrity of a successfully exploited
vulnerability.
» availability string false A CVSS metric that measures the availability of the impacted component resulting from a
successfully exploited vulnerability.
» created_at string(date-time) true The date and time the object was created. Formatted according to ISO 8601.

Enumerated Values

Property Value
type severity
author_type User
author_type Team
attack_vector network
attack_vector adjacent
attack_vector local
attack_vector physical
attack_complexity low
attack_complexity high
privileges_required none
privileges_required low
privileges_required high
user_interaction none
user_interaction required
scope unchanged
scope changed
confidentiality none
confidentiality low
confidentiality high
integrity none
integrity low
integrity high
availability none
availability low
availability high

severity-ratings

"none"

Attributes

Name Type Required Description
severity-ratings string false none

Enumerated Values

Property Value
severity-ratings none
severity-ratings low
severity-ratings medium
severity-ratings high
severity-ratings critical

structured-scope

{
  "id": "57",
  "type": "structured-scope",
  "attributes": {
    "asset_identifier": "api.example.com",
    "asset_type": "URL",
    "confidentiality_requirement": "high",
    "integrity_requirement": "high",
    "availability_requirement": "high",
    "max_severity": "critical",
    "created_at": "2015-02-02T04:05:06.000Z",
    "updated_at": "2016-05-02T04:05:06.000Z",
    "instruction": null,
    "eligible_for_bounty": true,
    "eligible_for_submission": true,
    "reference": "H001001"
  }
}

A StructuredScope object represents an asset defined by the program. The scope on a report was initially provided by the hacker, but may be reviewed and corrected by the program.

Attributes

Name Type Required Description
id string true The unique ID of the scope.
type string true none
attributes object true none
» asset_identifier string true The identifier of the asset.
» asset_type string true The type of the asset.
» eligible_for_bounty boolean true If the asset is eligible for bounty.
» eligible_for_submission boolean true If the asset is eligible for submission.
» instruction string¦null false The raw intruction of the asset provided by the program.
Markdown is not parsed.
» confidentiality_requirement any false A CVSS environmental modifier that reweights Confidentiality Impact
of a vulnerability on this asset.
» integrity_requirement any false A CVSS environmental modifier that reweights Integrity Impact of a
vulnerability on this asset.
» availability_requirement any false A CVSS environmental modifier that reweights Availability Impact of
a vulnerability on this asset.
» max_severity any true The qualitative rating of the maximum severity allowed on this asset.
Its value is calculated from the combination of all three of the
environmental requirements (CR, IR, and AR).
» created_at string(date-time) true The date and time the object was created. Formatted according to ISO 8601.
» updated_at string(date-time) true The date and time the object was updated. Formatted according to ISO 8601.
» reference string¦null false The customer defined reference identifier or tag of the asset.

Enumerated Values

Property Value
type structured-scope
confidentiality_requirement none
confidentiality_requirement low
confidentiality_requirement medium
confidentiality_requirement high
integrity_requirement none
integrity_requirement low
integrity_requirement medium
integrity_requirement high
availability_requirement none
availability_requirement low
availability_requirement medium
availability_requirement high
max_severity none
max_severity low
max_severity medium
max_severity high
max_severity critical

swag

{
  "id": "1337",
  "type": "swag",
  "attributes": {
    "sent": false,
    "created_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "user": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "address": {
      "data": {
        "id": "1337",
        "type": "address",
        "attributes": {
          "name": "Jane Doe",
          "street": "535 Mission Street",
          "city": "San Francisco",
          "postal_code": "94105",
          "state": "CA",
          "country": "United States of America",
          "created_at": "2016-02-02T04:05:06.000Z",
          "tshirt_size": "W_Large",
          "phone_number": "+1-510-000-0000"
        }
      }
    }
  }
}

Besides a financial reward, which is called a bounty, programs can award swag. Report objects may contain multiple swag objects, one for each time swag was awarded.

Attributes

Name Type Required Description
id string true The unique ID of the swag.
type string true none
attributes object true none
» sent boolean true Indicates whether the swag has been marked as sent. Swag can be marked as
sent through the HackerOne interface.
» created_at string(data-time) true The date and time the object was created. Formatted according
to ISO 8601.
relationships object false none
» user object true none
»» data user false The user the swag was awarded to.
» address object true none
»» data address false The user's address to send the swag to.

Enumerated Values

Property Value
type swag

thanks-item

{
  "type": "thanks-item",
  "attributes": {
    "total_report_count": 1,
    "reputation": 7,
    "recognized_report_count": 1,
    "username": "lorem",
    "user_id": "55"
  }
}

A thanks item object represents thanks given to hackers by program members

Attributes

Name Type Required Description
attributes object false none
» total_report_count integer false The number of reports
» reputation integer false The reputation of the user
» recognized_report_count integer false The number of resolved reports
» username string false The username of the user
» user_id string false The user id of the user

transaction

{
  "id": 10,
  "bounty_award": "1000.00",
  "bounty_fee": "200.00",
  "activity_date": "2019-09-25T04:22:42.686Z",
  "activity_description": "Bounty for report #9",
  "report_id": 9,
  "report_url": "http://hackerone.com/reports/9",
  "debit_or_credit_amount": "-1200.00",
  "balance": "-1200.00"
}

A Transaction object represents the information about the program payment transaction.

Attributes

Name Type Required Description
id integer true The unique ID of the transaction.
type string true none
attributes object true none
» activity_date string(date-time) true The date and time of the activity. Formatted according
to ISO 8601.
» activity_description string true The description of the activity.
» balance string true The date of the payment.
» bounty_award string¦null true The amount of awarded bounty.
» bounty_fee string¦null true The HackerOne bounty fee.
» debit_or_credit_amount string false The amount that's debited or credited from your balance.
relationships object false none
» report object false none
»» data object true none
»»» id integer true The ID of the report with the awarded bounty.
»»» type string true none
»» links object true none
»»» self string true The URL of the report with the awarded bounty.

Enumerated Values

Property Value
type payment-transaction
type report

trigger

{
  "id": "1337",
  "type": "trigger",
  "attributes": {
    "title": "Example Trigger"
  }
}

Triggers are a way to show a pop-up message or to automatically reply to reports based on their title or content.

Attributes

Name Type Required Description
id string false The unique ID of the trigger.
type string false none
attributes object false none
» title string false The name of the trigger.

Enumerated Values

Property Value
type trigger

user

{
  "id": "1337",
  "type": "user",
  "attributes": {
    "username": "api-example",
    "name": "API Example",
    "disabled": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "profile_picture": {
      "62x62": "/assets/avatars/default.png",
      "82x82": "/assets/avatars/default.png",
      "110x110": "/assets/avatars/default.png",
      "260x260": "/assets/avatars/default.png"
    }
  }
}

User objects represent accounts on HackerOne. These objects are mostly referenced when someone performed an action using that account. All different actors on the platform, hackers, API users, and program users, have a user account.

Attributes

Name Type Required Description
id string true The unique ID of the user.
type string true none
attributes object true none
» disabled boolean true Indicates if the user is disabled.
» username string true The username of the user. Usernames are unique and scoped under the same
namespace as program handles.
» name string true The name of the user. A name may be empty and is free-format.
» profile_picture object true An object that holds URLs to different profile picture sizes.
»» 62x62 string true none
»» 82x82 string true none
»» 110x110 string true none
»» 260x260 string true none
» bio string¦null false The user's biography, as provided by the user.
» website string¦null false The user's website, as provided by the user.
» location string¦null false The user's location, as provided by the user.
» reputation number¦null false The reputation of the user. Read more about how this number is
calculated href="https://www.hackerone.com/blog/introducing-reputation">here. This
attribute is only included in the reporter relationship of a
report object.
» signal number¦null false The signal of the user. This number ranges from -10 to 7. The closer to 7,
the higher the average submission quality of the user. This attribute is only
included in the reporter relationship of a report object.
Learn more about how this number is calculated href="https://www.hackerone.com/blog/introducing-signal-and-impact">here.
» impact number¦null false The impact of the user. This number ranges from 0 to 50. The closer to 50,
the higher the average severity of the user's reports is. This attribute is only
included in the reporter relationship of a report object.
Learn more about how this number is calculated href="https://www.hackerone.com/blog/introducing-signal-and-impact">here.
» hackerone_triager boolean¦null false Indicates if the user is a hackerone triager.
» created_at string(date-time) true The date and time the object was created. Formatted according
to ISO 8601.
relationships object false none
» participating_programs object false none
»» data [object] false List of private programs that you manage where this user is invited to.
This attribute is only included when making use of the User > Read endpoint.

Enumerated Values

Property Value
type user

weakness

{
  "id": "1337",
  "type": "weakness",
  "attributes": {
    "name": "Cross-Site Request Forgery (CSRF)",
    "description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
    "created_at": "2016-02-02T04:05:06.000Z",
    "external_id": "cwe-352"
  }
}

A Weakness object represents the type of weakness the hacker submitted to a program. The weakness was initially provided by the hacker, but may be reviewed and corrected by the program.

Attributes

Name Type Required Description
id string true The unique ID of the weakness.
type string true none
attributes object false none
» name string true The name of the weakness.
» description string true The raw description of the weakness. Markdown is not parsed.
» external_id string true The weakness' external reference to CWE or CAPEC.
» created_at string(date-time) true The date and time the object was created. Formatted according to ISO 8601.

Enumerated Values

Property Value
type weakness