NAV Navbar
shell

Reference

The following section contains a complete reference of all the objects that can be returned through the API. Objects that have been explained earlier in this documentation are not included. The objects in this section are never top level resources by themselves and will only be returned as sub resources.

All objects are made up of an id and a type attribute. With those, additional attributes and relationships can be specified. An example how the data schema looks like, take a look at the response structure or the response object. Additional reading can be done at jsonapi.org.

Activity

These objects represent an action that was performed on a report. Activities come in many sub types that can have additional attributes.

Attributes

Name Description Required Type
report_id The report associated with the activity. No String
message The comment associated with the activity. May be updated through the HackerOne interface. Markdown is not parsed. Yes String
internal Indicates if this activity can only be read by Program users and external users that were invited to the report. Yes Boolean
created_at The date and time the object was created. Formatted according to ISO 8601. Yes Date
updated_at The date and time the object was last updated. Formatted according to ISO 8601. Yes Date

Relationships

Name Description Required Type
actor The author of the activity. No User / Program
attachments A list of Attachment objects added to the activity. No Attachment

Activity Agreed On Going Public

Inherits attributes and relationships from the Activity object.

Activity Agreed on Going Public object

{
  "id": "1337",
  "type": "activity-agreed-on-going-public",
  "attributes": {
    "message": "Agreed On Going Public!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false,
    "disclosed_at": "2016-02-02T15:26:47.000Z"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Activity Bounty Awarded

Activity Bounty Awarded object

{
  "id": "1337",
  "type": "activity-bounty-awarded",
  "attributes": {
    "message": "Bounty Awarded!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false,
    "bounty_amount": "500",
    "bonus_amount": "50"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "program",
        "attributes": {
          "handle": "security",
          "created_at": "2016-02-02T04:05:06.000Z",
          "updated_at": "2016-02-02T04:05:06.000Z"
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Attributes

Name Description Required Type
bounty_amount No String
bonus_amount No String

Activity Bounty Suggested

Activity Bounty Suggested object

{
  "id": "1337",
  "type": "activity-bounty-suggested",
  "attributes": {
    "message": "Bounty Suggested!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false,
    "bounty_amount": "500",
    "bonus_amount": "50"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Attributes

Name Description Required Type
bounty_amount No String
bonus_amount No String

Activity Bug Cloned

Activity Bug Cloned object

{
  "id": "1337",
  "type": "activity-bug-cloned",
  "attributes": {
    "message": "Bug Cloned!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": true,
    "original_report_id": 1336
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Attributes

Name Description Required Type
original_report_id Yes Integer

Activity Bug Duplicate

Activity Bug Duplicate object

{
  "id": "1337",
  "type": "activity-bug-duplicate",
  "attributes": {
    "message": "Bug Duplicate!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false,
    "original_report_id": 1336
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Attributes

Name Description Required Type
original_report_id No Integer

Activity Bug Filed

Activity Bug Filed object

{
  "id": "7331",
  "type": "activity-bug-filed",
   "attributes": {
     "message": "",
     "created_at": "2016-02-02T04:05:06.000Z",
     "updated_at": "2016-02-02T04:05:06.000Z",
     "internal": false
   },
   "relationships": {
     "actor": {
       "data": {
         "type": "user",
         "id": "1337",
         "attributes": {
           "username": "api-example",
           "name": "API Example",
           "disabled": false,
           "created_at": "2017-11-09T10:52:25.443Z",
           "profile_picture": {
             "62x62": "/assets/avatars/default.png",
             "82x82": "/assets/avatars/default.png",
             "110x110": "/assets/avatars/default.png",
             "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Bug Inactive

Activity Bug Inactive object

{
  "id": "1337",
  "type": "activity-bug-inactive",
  "attributes": {
    "message": "Bug closed automatically due to inactivity in the last 30 days.",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": null
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Bug Informative

Activity Bug Informative object

{
  "id": "1337",
  "type": "activity-bug-informative",
  "attributes": {
    "message": "Bug Informative!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Bug Needs More Info

Activity Bug Needs More Info object

{
  "id": "1337",
  "type": "activity-bug-needs-more-info",
  "attributes": {
    "message": "Bug Needs More Info!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Bug New

Activity Bug New object

{
  "id": "1337",
  "type": "activity-bug-new",
  "attributes": {
    "message": "Bug New!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Bug Not Applicable

Activity Bug Not Applicable object

{
  "id": "1337",
  "type": "activity-bug-not-applicable",
  "attributes": {
    "message": "Bug Not Applicable!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Bug Reopened

Activity Bug Reopened object

{
  "id": "1337",
  "type": "activity-bug-reopened",
  "attributes": {
    "message": "Bug Reopened!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Bug Resolved

Activity Bug Resolved object

{
  "id": "1337",
  "type": "activity-bug-resolved",
  "attributes": {
    "message": "Bug Resolved!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Bug Spam

Activity Bug Spam object

{
  "id": "1337",
  "type": "activity-bug-spam",
  "attributes": {
    "message": "Bug Spam!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Bug Triaged

Activity Bug Triaged object

{
  "id": "1337",
  "type": "activity-bug-triaged",
  "attributes": {
    "message": "Bug Triaged!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Changed Scope

Activity Changed Scope object

{
  "id": "1337",
  "type": "activity-changed-scope",
  "attributes": {
    "message": "A different scope has added",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "old_scope": {
      "data": {
        "id": "1337",
        "type": "structured_scope",
        "attributes": {
          "asset_identifier": "www.example.com",
          "asset_type": "url",
          "confidentiality_requirement": null,
          "integrity_requirement": null,
          "availability_requirement": null,
          "max_severity": "critical",
          "created_at": "2015-02-02T04:05:06.000Z",
          "updated_at": "2016-05-02T04:05:06.000Z",
          "instruction": "not eligible for bounty",
          "eligible_for_bounty": false,
          "eligible_for_submission": true
        }
      }
    },
    "new_scope": {
      "data": {
        "id": "1338",
        "type": "structured_scope",
        "attributes": {
          "asset_identifier": "api.example.com",
          "asset_type": "url",
          "confidentiality_requirement": "high",
          "integrity_requirement": "high",
          "availability_requirement": "high",
          "max_severity": "critical",
          "created_at": "2015-02-02T04:05:06.000Z",
          "updated_at": "2016-05-02T04:05:06.000Z",
          "instruction": null,
          "eligible_for_bounty": true,
          "eligible_for_submission": true
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Attributes

Name Description Required Type
old_scope Yes Structured Scope
new_scope Yes Structured Scope

Activity Comment

Activity Comment object

{
  "id": "1337",
  "type": "activity-comment",
  "attributes": {
    "message": "Comment!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "attachments": {
      "data": [
        {
          "id": "1337",
          "type": "attachment",
          "attributes": {
            "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
            "created_at": "2016-02-02T04:05:06.000Z",
            "file_name": "root.rb",
            "content_type": "text/x-ruby",
            "file_size": 2871
          }
        }
      ]
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Comments Closed

Activity Comments Closed object

{
  "id": "1337",
  "type": "activity-comments-closed",
  "attributes": {
    "message": "Comments Closed!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity External User Invitation Cancelled

Activity External User Invitation Cancelled object

{
  "id": "1337",
  "type": "activity-external-user-invitation-cancelled",
  "attributes": {
    "message": "External User Invitation Cancelled!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": true,
    "email": "hacker@example.com"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Attributes

Name Description Required Type
email No String

Activity External User Invited

Activity External User Invited object

{
  "id": "1337",
  "type": "activity-external-user-invited",
  "attributes": {
    "message": "External User Invited!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false,
    "email": "hacker@example.com"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Attributes

Name Description Required Type
email No String

Activity External User Joined

Activity External User Joined object

{
  "id": "1337",
  "type": "activity-external-user-joined",
  "attributes": {
    "message": "External User Joined!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false,
    "duplicate_report_id": 10
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Attributes

Name Description Required Type
duplicate_report_id No Integer

Activity External User Removed

Activity External User Removed object

{
  "id": "1337",
  "type": "activity-external-user-removed",
  "attributes": {
    "message": "External User Removed!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": true
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "removed_user": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Attributes

Name Description Required Type
removed_user Yes User

Activity Group Assigned To Bug

Activity Group Assigned To Bug object

{
  "id": "1337",
  "type": "activity-group-assigned-to-bug",
  "attributes": {
    "message": "Group Assigned To Bug!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": true
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "group": {
      "data": {
        "id": "1337",
        "type": "group",
        "attributes": {
          "name": "Admin",
          "created_at": "2016-02-02T04:05:06.000Z",
          "permissions": [
            "user_management",
            "report_management"
          ]
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Attributes

Name Description Required Type
group Yes Group

Activity Hacker Requested Mediation

Activity Hacker Requested Mediation object

{
  "id": "1337",
  "type": "activity-hacker-requested-mediation",
  "attributes": {
    "message": "Hacker Requested Mediation!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Manually Disclosed

Activity Manually Disclosed object

{
  "id": "1337",
  "type": "activity-manually-disclosed",
  "attributes": {
    "message": "Manually Disclosed!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Mediation Requested

Activity Mediation Requested object

{
  "id": "1337",
  "type": "activity-mediation-requested",
  "attributes": {
    "message": "Mediation Requested!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": true
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Not Eligible For Bounty

Activity Not Eligible For Bounty object

{
  "id": "1337",
  "type": "activity-not-eligible-for-bounty",
  "attributes": {
    "message": "Not Eligible For Bounty!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Program Inactive

Activity Program Inactive object

{
  "id": "1337",
  "type": "activity-program-inactive",
  "attributes": {
    "message": "Closed report and changed status to Informative due to inactive state of program.",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": null
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Reference Id Added

Activity Reference Id Added object

{
  "id": "1337",
  "type": "activity-reference-id-added",
  "attributes": {
    "message": "Reference Id Added!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": true,
    "reference": "reference",
    "reference_url": "https://example.com/reference"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Attributes

Name Description Required Type
reference Yes String
reference_url Yes String

Activity Report Became Public

Activity Report Became Public object

{
  "id": "1337",
  "type": "activity-report-became-public",
  "attributes": {
    "message": "Report Became Public!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "program",
        "attributes": {
          "handle": "security",
          "created_at": "2016-02-02T04:05:06.000Z",
          "updated_at": "2016-02-02T04:05:06.000Z"
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Report Severity Updated

Activity Report Severity Updated object

{
  "id": "1337",
  "type": "activity-report-severity-updated",
  "attributes": {
    "message": "Report Severity Updated!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity Report Title Updated

Activity Report Title Updated object

{
  "id": "1337",
  "type": "activity-report-title-updated",
  "attributes": {
    "message": "Report Title Updated!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false,
    "old_title": "xss",
    "new_title": "XSS in login form"
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Attributes

Name Description Required Type
old_title Yes String
new_title Yes String

Activity Report Vulnerability Types Updated

Activity Report Vulnerability Types Updated object

{
  "id": "1337",
  "type": "activity-report-vulnerability-types-updated",
  "attributes": {
    "message": "Report Vulnerability Types Updated!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "old_weakness": {
      "data": {
        "id": "1337",
        "type": "weakness",
        "attributes": {
          "name": "Cryptographic Issues - Generic",
          "description": "Weaknesses in this category are related to the use of cryptography.",
          "created_at": "2016-02-02T04:05:06.000Z"
        }
      }
    },
    "new_weakness": {
      "data": {
        "id": "1338",
        "type": "weakness",
        "attributes": {
          "name": "Use of Hard-coded Cryptographic Key",
          "description": "The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.",
          "created_at": "2016-02-02T04:05:06.000Z"
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Relationships

Name Description Required Type
old_weakness The weakness that was set before the change Yes Weakness
new_weakness The weakness that was set after the change Yes Weakness

Activity Swag Awarded

Activity Swag Awarded object

{
  "id": "1337",
  "type": "activity-swag-awarded",
  "attributes": {
    "message": "Swag Awarded!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "swag": {
      "data": {
        "id": "1337",
        "type": "swag",
        "attributes": {
          "sent": false,
          "created_at": "2016-02-02T04:05:06.000Z"
        },
        "relationships": {
          "user": {
            "data": {
              "id": "1337",
              "type": "user",
              "attributes": {
                "username": "api-example",
                "name": "API Example",
                "disabled": false,
                "created_at": "2016-02-02T04:05:06.000Z",
                "profile_picture": {
                  "62x62": "/assets/avatars/default.png",
                  "82x82": "/assets/avatars/default.png",
                  "110x110": "/assets/avatars/default.png",
                  "260x260": "/assets/avatars/default.png"
                }
              }
            }
          },
          "address": {
            "data": {
              "id": "1337",
              "type": "address",
              "attributes": {
                "name": "Jane Doe",
                "street": "535 Mission Street",
                "city": "San Francisco",
                "postal_code": "94105",
                "state": "CA",
                "country": "United States of America",
                "created_at": "2016-02-02T04:05:06.000Z",
                "tshirt_size": "M_Large",
                "phone_number": "+1-510-000-0000"
              }
            }
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Relationships

Name Description Required Type
swag Yes Swag

Activity User Assigned To Bug

Activity User Assigned To Bug object

{
  "data": {
    "id": "1337",
    "type": "activity-user-assigned-to-bug",
    "attributes": {
      "message": "User Assigned To Bug!",
      "created_at": "2016-02-02T04:05:06.000Z",
      "updated_at": "2016-02-02T04:05:06.000Z",
      "internal": true
    },
    "relationships": {
      "actor": {
        "data": {
          "id": "1337",
          "type": "user",
          "attributes": {
            "username": "api-example",
            "name": "API Example",
            "disabled": false,
            "created_at": "2016-02-02T04:05:06.000Z",
            "profile_picture": {
              "62x62": "/assets/avatars/default.png",
              "82x82": "/assets/avatars/default.png",
              "110x110": "/assets/avatars/default.png",
              "260x260": "/assets/avatars/default.png"
            }
          }
        }
      },
      "assigned_user": {
        "data": {
          "id": "1336",
          "type": "user",
          "attributes": {
            "username": "other_user",
            "name": "Other User",
            "disabled": false,
            "created_at": "2016-02-02T04:05:06.000Z",
            "profile_picture": {
              "62x62": "/assets/avatars/default.png",
              "82x82": "/assets/avatars/default.png",
              "110x110": "/assets/avatars/default.png",
              "260x260": "/assets/avatars/default.png"
            }
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Relationships

Name Description Required Type
assigned_user Yes User

Activity User Banned From Program

Activity User Banned From Program object

{
  "id": "1337",
  "type": "activity-user-banned-from-program",
  "attributes": {
    "message": "User Banned From Program!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": true
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "removed_user": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Relationships

Name Description Required Type
removed_user Yes User

Activity User Completed Retest

Activity User Completed Retest object

{
  "id": "1337",
  "type": "activity-user-completed-retest",
  "attributes": {
    "message": "User Completed Retest!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Activity User left Retest

Activity User left Retest object

{
  "id": "1337",
  "type": "activity-user-left-retest",
  "attributes": {
    "message": "User left Retest!",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "internal": false
  },
  "relationships": {
    "actor": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Inherits attributes and relationships from the Activity object.

Address

Address object

{
  "id": "1337",
  "type": "address",
  "attributes": {
    "name": "Jane Doe",
    "street": "535 Mission Street",
    "city": "San Francisco",
    "postal_code": "94105",
    "state": "CA",
    "country": "United States of America",
    "created_at": "2016-02-02T04:05:06.000Z",
    "tshirt_size": "W_Large",
    "phone_number": "+1-510-000-0000"
  }
}

This object contains the postal address for the delivery of awarded swag.

Attributes

Name Description Possible Values Required Type
name Yes String
street Yes String
city Yes String
postal_code Yes String
state Yes String
country Yes String
tshirt_size No String
phone_number No String
tshirt_size M_Small
M_Medium
M_Large
M_XLarge
M_XXLarge
W_Small
W_Medium
W_Large
W_XLarge
W_XXLarge
No String
created_at The date and time the object was created. Formatted according to ISO 8601. Yes Date

Attachment

Attachment object

{
  "id": "1337",
  "type": "attachment",
  "attributes": {
    "expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
    "created_at": "2016-02-02T04:05:06.000Z",
    "file_name": "root.rb",
    "content_type": "text/x-ruby",
    "file_size": 2871
  }
}

Users can add attachments when they file a report or when they interact with a report. Attachments may contain dangerous proof of concepts and should be handled with caution.

Attributes

Name Description Required Type
file_name The file name of the attachment. Yes String
content_type The content type of the attachment. The content type is derived from the contents and extension of the file. Yes String
file_size The file size of the attachment in bytes. Yes Integer
expiring_url A URL to download the attachment. The URL will automatically expire after 60 minutes. Yes String
created_at The date and time the object was created. Formatted according to ISO 8601. Yes Date

Audit Log Item

Audit Log Item object

{
  "id": "1",
  "type": "audit-log-item",
  "attributes": {
    "log": "\"@member\" invited \"someone@example.com\".",
    "event": "invitations.team_members.create",
    "source": "User#1",
    "subject": "Invitation#1",
    "user_agent": "Chrome/11.0",
    "country": "US",
    "parameters": "{\"identifier\":\"jobert\"}",
    "created_at": "2019-05-15T04:05:06.000Z"
  }
}

An audit log item contains information to determine who did what in a program.

Attributes

Name Description Required Type
log A human-readable log entry describing what happened. Yes String
event The event that created the audit log item. Yes String
source A unique identifier that indicates the source of the audit log item. Yes String
subject A unique identifier that indicates the subject of the audit log item. Yes String
user_agent An optional string that contains the user agent specified by the client. No String
country An optional ISO 3166 country code. XX means that the country couldn't be found. T1 is a Tor node. No String
parameters A serialized JSON object containing the data that was used to construct the audit log. Yes Object
created_at The date and time the object was created. Formatted according to ISO 8601. Yes Date
updated_at The date and time the object was last updated. Formatted according to ISO 8601. Yes Date

Bounty

Bounty object

{
  "id": "1337",
  "type": "bounty",
  "attributes": {
    "amount": "500.00",
    "bonus_amount": "50.00",
    "created_at": "2016-02-02T04:05:06.000Z"
  }
}

When a program pays a bounty to the hacker, a bounty object is created. A report may contain multiple bounty objects, one for each time a bounty was awarded. The hacker that reported the vulnerability is the user that received the bounty.

Attributes

Name Description Required Type
amount Amount in USD. No String
bonus_amount Bonus amount in USD. No String
awarded_amount Amount in awarded currency. No String
awarded_bonus_amount Bonus amount in awarded currency. No String
awarded_currency The currency used to award the bounty and bonus. No String
created_at The date and time the object was created. Formatted according to ISO 8601. Yes Date

Custom Field Attribute

Custom Field Attribute object

{
  "id": "1337",
  "type": "custom-field-attribute",
  "attributes": {
    "label": "Team",
    "configuration": null,
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z",
    "archived_at": null
  }
}

A Custom Field Attribute is an object containing the label and configuration of a Custom Field created for a Report or Program.

Attributes

Name Description Required Type
label The attribute's label. Yes String
configuration An optional configuration for the attribute's type. No String
created_at The date and time the object was created. Formatted according to ISO 8601. Yes Date
updated_at The date and time the object was last updated. Formatted according to ISO 8601. Yes Date
archived_at The date and time the object was archived. Formatted according to ISO 8601. No Date

Custom Field Input

Custom Type input object

{
  "id__eq": "1",
  "value__eq": "Infrastructure",
}

An input to query for Report types by Custom Fields IDs and values.

Attributes

Name Description Required Type
id__eq The ID of the Custom Field Attribute that needs to be filtered by. Yes String
value__eq The Value of the corresponding Custom Field Value object that needs to be filtered by. Wildcards (% and _) can be used to loosely match on the stored value of the Custom Field. Yes String

Custom Field Value

Custom Field Value object

{
  "id": "1337",
  "type": "custom-field-value",
  "attributes": {
    "value": "Infrastructure",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  }
}

A Custom Field Value object contains the value set for a particular Custom Field Attribute.

Attributes

Name Description Required Type
value The attribute's value. Yes String
created_at The date and time the object was created. Formatted according to ISO 8601. Yes Date
updated_at The date and time the object was last updated. Formatted according to ISO 8601. Yes Date

Relationships

Name Description Required Type
custom_field_attribute The Custom Field Attribute associated with the Custom Field Value object. Yes custom-field-attribute

Group

Group object

{
  "id": "1337",
  "type": "group",
  "attributes": {
    "name": "Admin",
    "created_at": "2016-02-02T04:05:06.000Z",
    "permissions": [
      "user_management",
      "report_management"
    ]
  }
}

A group represents a set of users. A group is used to delegate permissions for the users in it. It can also be assigned to one or multiple reports.

Attributes

Name Description Required Type
name The name of the group. Yes String
permissions The permissions of the group. Possible values are reward_management, program_management, user_management, and report_management. Yes String[]
created_at The date and time the object was created. Formatted according to ISO 8601. Yes Date

Member

A member represents a user that is part of a program. A member is used to delegate permissions for the users attached to it.

Attributes

Name Description Required Type
permissions The permissions of the member. Possible values are reward_management, program_management, user_management, and report_management. Yes String[]
created_at The date and time the object was created. Formatted according to ISO 8601. Yes Date
groups The group list of the member where every element of the list includes the id and name of the group. No Object[]

Relationships

Name Description Required Type
user The user that is part of the program. Yes user

Payment Transaction

Payment transaction object

{
  "id": 10,
  "activity_date": "2019-09-25T04:22:42.686Z",
  "activity_description": "Bounty for report #9",
  "bounty_award": "1000.00",
  "bounty_fee": "200.00",
  "debit_or_credit_amount": "-1200.00",
  "balance": "-1200.00",
  "report_id": 9,
  "report_url": "http://hackerone.com/reports/9"
}

A Transaction object represents the information about the program payment transaction.

Attributes | Name | Description | Required | Type | | ---- | ----------- | -------- | ---- | | id | The unique ID of the transaction. | Yes | Integer | | activity_date | The date and time of the activity. Formatted according to ISO 8601. | Yes | Date | | activity_description | The description of the activity. | Yes | String | | bounty_award | The amount of awarded bounty. | Yes | String | | bounty_fee | The HackerOne bounty fee. | Yes | String | | debit_or_credit_amount | The amount that's debited or credited from your balance | No | String | | balance | The program's balance after this transaction | Yes | String | | report_id | The id of the report with the awarded bounty. | Yes | Integer | | report_url | The URL of the report with the awarded bounty. | Yes | String |

Report Summary

Report Summary object

{
  "id": "1337",
  "type": "report-summary",
  "attributes": {
    "content": "There was a cross-site scripting vulnerability in our login form.",
    "category": "team",
    "created_at": "2016-02-02T04:05:06.000Z",
    "updated_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "user": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    }
  }
}

Before a report is disclosed, the program and the hacker may add a summary. A report can have only one summary per party. Unlike activities, summaries can be edited through HackerOne indefinitely.

Attributes

Name Description Possible Values Required Type
content The raw summary of the report. Markdown is not parsed. Yes String
category The involved party that wrote the summary. researcher
team
Yes String
created_at The date and time the object was created. Formatted according to ISO 8601. Yes Date
updated_at The date and time the object was last updated. Formatted according to ISO 8601. Yes Date

Relationships

Name Description Required Type
user The author that added the summary to the report. Yes user

Severity

Severity object

{
  "id": "57",
  "type": "severity",
  "attributes": {
    "rating": "high",
    "author_type": "User",
    "user_id": 1337,
    "created_at": "2016-02-02T04:05:06.000Z",
    "score": 8.7,
    "attack_complexity": "low",
    "attack_vector": "adjacent",
    "availability": "high",
    "confidentiality": "low",
    "integrity": "high",
    "privileges_required": "low",
    "user_interaction": "required",
    "scope": "changed"
  }
}

A severity object represents the severity of a report, if provided by the reporter or a team member.

Attributes

Name Description Possible Values Required Type
rating The qualitative rating of the severity. Provided either directly from the author or mapped from the calculated vulnerability score. none
low
medium
high
critical
Yes String
author_type The involved party that provided the severity. User
Team
Yes String
user_id The unique id of the user who created the object. Yes Integer
score The vulnerability score calculated from the Common Vulnerability Scoring System (CVSS). Only present if CVSS metrics were provided. No Number
attack_vector A CVSS metric that reflects the context by which vulnerability exploritation is possible. network
adjacent
local
physical
No String
attack_complexity A CVSS metric that describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability. low
high
No String
privileges_required A CVSS metric that describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. none
low
high
No String
user_interaction A CVSS metric that captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerability component. none
required
No String
scope A CVSS metric that determines if a successful attack impacts a component other than the vulnerable component. unchanged
changed
No String
confidentiality A CVSS metric that measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. none
low
high
No String
integrity A CVSS metric that measures the impact to the integrity of a successfully exploited vulnerability. none
low
high
No String
availability A CVSS metric that measures the availability of the impacted component resulting from a successfully exploited vulnerability. none
low
high
No String
created_at The date and time the object was created. Formatted according to ISO 8601. Yes Date

Structured Scope

StructuredScope object

{
  "id": "57",
  "type": "structured-scope",
  "attributes": {
    "asset_identifier": "api.example.com",
    "asset_type": "url",
    "confidentiality_requirement": "high",
    "integrity_requirement": "high",
    "availability_requirement": "high",
    "max_severity": "critical",
    "created_at": "2015-02-02T04:05:06.000Z",
    "updated_at": "2016-05-02T04:05:06.000Z",
    "instruction": null,
    "eligible_for_bounty": true,
    "eligible_for_submission": true,
    "reference": "H001001"
  }
}

A StructuredScope object represents an asset defined by the program. The scope on a report was initially provided by the hacker, but may be reviewed and corrected by the program.

Name Description Possible Values Required Type
asset_identifier The identifier of the asset. Yes String
asset_type The type of the asset. Yes String
eligible_for_bounty If the asset is eligible for bounty. Yes Boolean
eligible_for_submission If the asset is eligible for submission. Yes Boolean
instruction The raw intruction of the asset provided by the program. Markdown is not parsed. No String
confidentiality_requirement A CVSS environmental modifier that reweights Confidentiality Impact of a vulnerability on this asset. none
low
medium
high
No String
integrity_requirement A CVSS environmental modifier that reweights Integrity Impact of a vulnerability on this asset. none
low
medium
high
No String
availability_requirement A CVSS environmental modifier that reweights Availability Impact of a vulnerability on this asset. none
low
medium
high
No String
max_severity The qualitative rating of the maximum severity allowed on this asset. Its value is calculated from the combination of all three of the environmental requirements (CR, IR, and AR). none
low
medium
high
critical
Yes String
created_at The date and time the object was created. Formatted according to ISO 8601. Yes Date
updated_at The date and time the object was updated. Formatted according to ISO 8601. Yes Date
reference The customer defined reference identifier or tag of the asset. No Date

Swag

Swag object

{
  "id": "1337",
  "type": "swag",
  "attributes": {
    "sent": false,
    "created_at": "2016-02-02T04:05:06.000Z"
  },
  "relationships": {
    "user": {
      "data": {
        "id": "1337",
        "type": "user",
        "attributes": {
          "username": "api-example",
          "name": "API Example",
          "disabled": false,
          "created_at": "2016-02-02T04:05:06.000Z",
          "profile_picture": {
            "62x62": "/assets/avatars/default.png",
            "82x82": "/assets/avatars/default.png",
            "110x110": "/assets/avatars/default.png",
            "260x260": "/assets/avatars/default.png"
          }
        }
      }
    },
    "address": {
      "data": {
        "id": "1337",
        "type": "address",
        "attributes": {
          "name": "Jane Doe",
          "street": "535 Mission Street",
          "city": "San Francisco",
          "postal_code": "94105",
          "state": "CA",
          "country": "United States of America",
          "created_at": "2016-02-02T04:05:06.000Z",
          "tshirt_size": "W_Large",
          "phone_number": "+1-510-000-0000"
        }
      }
    }
  }
}

Besides a financial reward, which is called a bounty, programs can award swag. Report objects may contain multiple swag objects, one for each time swag was awarded.

Attributes

Name Description Required Type
sent Indicates whether the swag has been marked as sent. Swag can be marked as sent through the HackerOne interface. Yes Boolean
created_at The date and time the object was created. Formatted according to ISO 8601. Yes Date

Relationships

Name Description Required Type
address The user's address to send the swag to. No Address

Trigger

Trigger object

{
    "id": "1337",
    "type": "trigger",
    "attributes": {
        "title": "Example Trigger"
    }
}

Triggers are a way to show a pop-up message or to automatically reply to reports based on their title or content.

Attributes

Name Description Required Type
title The name of the trigger. Yes String

User

User object

{
  "id": "1337",
  "type": "user",
  "attributes": {
    "username": "api-example",
    "name": "API Example",
    "disabled": false,
    "created_at": "2016-02-02T04:05:06.000Z",
    "profile_picture": {
      "62x62": "/assets/avatars/default.png",
      "82x82": "/assets/avatars/default.png",
      "110x110": "/assets/avatars/default.png",
      "260x260": "/assets/avatars/default.png"
    }
  }
}

User objects represent accounts on HackerOne. These objects are mostly referenced when someone performed an action using that account. All different actors on the platform, hackers, API users, and program users, have a user account.

Attributes

Name Description Required Type
disabled Indicates if the user is disabled. Yes Boolean
username The username of the user. Usernames are unique and scoped under the same namespace as program handles. Yes String
name The name of the user. A name may be empty and is free-format. Yes String
profile_picture An object that holds URLs to different profile picture sizes. Yes Object
profile_picture/62x62 Yes String
profile_picture/82x82 Yes String
profile_picture/110x110 Yes String
profile_picture/260x260 Yes String
bio The user's biography, as provided by the user. No String
website The user's website, as provided by the user. No String
location The user's location, as provided by the user. No String
reputation The reputation of the user. Read more about how this number is calculated here. This attribute is only included in the reporter relationship of a report object. No Number
signal The signal of the user. This number ranges from -10 to 7. The closer to 7, the higher the average submission quality of the user. This attribute is only included in the reporter relationship of a report object. Learn more about how this number is calculated here. No Number
impact The impact of the user. This number ranges from 0 to 50. The closer to 50, the higher the average severity of the user's reports is. This attribute is only included in the reporter relationship of a report object. Learn more about how this number is calculated here. No Number
hackerone_triager Indicates if the user is a hackerone triager. No Boolean
created_at The date and time the object was created. Formatted according to ISO 8601. Yes Date

Relationships

Name Description Required Type
participating_programs List of private programs that you manage where this user is invited to. This attribute is only included when making use of the User>Read endpoint. No Object[]

Weakness

Weakness object

{
  "id": "1337",
  "type": "weakness",
  "attributes": {
    "name": "Cross-Site Request Forgery (CSRF)",
    "description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
    "created_at": "2016-02-02T04:05:06.000Z",
    "external_id": "cwe-352"
  }
}

A Weakness object represents the type of weakness the hacker submitted to a program. The weakness was initially provided by the hacker, but may be reviewed and corrected by the program.

Attributes

Name Description Required Type
name The name of the weakness. Yes String
description The raw description of the weakness. Markdown is not parsed. Yes String
external_id The weakness' external reference to CWE or CAPEC. No String
created_at The date and time the object was created. Formatted according to ISO 8601. Yes Date