Skip to content

Instantly share code, notes, and snippets.

@alexanderjeurissen

alexanderjeurissen/h1_hacker_api.json

Created January 15, 2025 13:54
Show Gist options
  • Save alexanderjeurissen/8a810118f6ab47dffc06cd971cae000c to your computer and use it in GitHub Desktop.
Save alexanderjeurissen/8a810118f6ab47dffc06cd971cae000c to your computer and use it in GitHub Desktop.
Download ZIP
HackerOne Hacker API OpenAPI schema
Raw
h1_hacker_api.json
{
"openapi": "3.0.1",
"info": {
"title": "HackerOne Hacker API",
"version": "v1"
},
"servers": [
{
"url": "https://api.hackerone.com/v1"
}
],
"security": [
{
"basicAuth": []
}
],
"components": {
"securitySchemes": {
"basicAuth": {
"type": "http",
"scheme": "basic"
}
},
"schemas": {
"activity": {
"title": "activity",
"description": "These objects represent an action that was performed on a [report](/customer-reference#report).\nActivities come in many sub types that can have additional attributes.\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the activity."
},
"type": {
"type": "string",
"description": "Indicates what kind of activity it is."
},
"attributes": {
"type": "object",
"properties": {
"report_id": {
"type": "string",
"description": "The report associated with the activity.\n"
},
"message": {
"type": "string",
"description": "The comment associated with the activity. May be updated through the\nHackerOne interface. Markdown is not parsed.\n",
"nullable": true
},
"internal": {
"type": "boolean",
"description": "Indicates if this activity can only be read by Program users\nand external users that were invited to the report.\n"
},
"created_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the object was created. Formatted according\nto ISO 8601.\n"
},
"updated_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the object was updated. Formatted according\nto ISO 8601.\n"
}
},
"required": [
"message",
"internal",
"created_at",
"updated_at"
]
},
"relationships": {
"type": "object",
"properties": {
"actor": {
"type": "object",
"properties": {
"data": {
"type": "object",
"items": {
"oneOf": [
{
"$ref": "#/components/schemas/user"
},
{
"$ref": "#/components/schemas/program"
}
]
}
}
},
"description": "The author of the activity.\n"
},
"attachments": {
"type": "object",
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/attachment"
}
}
},
"description": "A list of Attachment objects added to the activity.\n"
}
}
}
},
"required": [
"id",
"type",
"attributes"
],
"x-last-revised-date": "2021-07-01"
},
"attachment": {
"title": "attachment",
"description": "Users can add attachments when they file a report or when they interact with a\nreport. Attachments may contain dangerous proof of concepts and should be handled\nwith caution.\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the attachment."
},
"type": {
"type": "string",
"enum": [
"attachment"
]
},
"attributes": {
"properties": {
"file_name": {
"type": "string",
"description": "The file name of the attachment."
},
"content_type": {
"type": "string",
"description": "The content type of the attachment. The content type is derived from the\ncontents and extension of the file.\n"
},
"file_size": {
"type": "integer",
"description": "The file size of the attachment in bytes."
},
"expiring_url": {
"type": "string",
"description": "A URL to download the attachment. The URL will automatically expire after\n60 minutes.\n"
},
"created_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the object was created. Formatted according\nto ISO 8601.\n"
}
},
"required": [
"file_name",
"content_type",
"file_size",
"expiring_url",
"created_at"
]
}
},
"required": [
"id",
"type",
"attributes"
],
"example": {
"$ref": "fixtures/attachment.json"
},
"x-last-revised-date": "2021-07-01"
},
"bounty": {
"title": "bounty",
"description": "When a program pays a bounty to the hacker, a bounty object is created.\nA report may contain multiple bounty objects, one for each time a bounty was\nawarded. The hacker that reported the vulnerability is the user that received\nthe bounty.\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the bounty."
},
"type": {
"type": "string",
"enum": [
"bounty"
]
},
"attributes": {
"type": "object",
"properties": {
"amount": {
"type": "string",
"description": "Amount in USD.",
"nullable": true
},
"bonus_amount": {
"type": "string",
"description": "Bonus amount in USD.",
"nullable": true
},
"awarded_amount": {
"type": "string",
"description": "Amount in awarded currency.",
"nullable": true
},
"awarded_bonus_amount": {
"type": "string",
"description": "Bonus amount in awarded currency.",
"nullable": true
},
"awarded_currency": {
"type": "string",
"description": "The currency used to award the bounty and bonus.",
"nullable": true
},
"created_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the object was created. Formatted according\nto ISO 8601.\n"
}
},
"relationships": {
"properties": {
"report": {
"type": "object",
"properties": {
"data": {
"$ref": "#/components/schemas/report"
}
}
},
"awarded_user": {
"type": "object",
"description": "The user that was awarded the bounty.",
"nullable": true,
"properties": {
"data": {
"$ref": "#/components/schemas/user"
}
}
}
}
},
"required": [
"created_at"
]
}
},
"required": [
"id",
"type",
"attributes"
],
"example": {
"$ref": "fixtures/bounty.json"
},
"x-last-revised-date": "2023-04-27"
},
"earning": {
"title": "earning",
"description": "An earning object\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the earning object"
},
"type": {
"enum": [
"earning-bounty-earned",
"earning-retest-completed",
"earning-pentest-completed"
]
},
"attributes": {
"type": "object",
"properties": {
"amount": {
"type": "number",
"description": "The amount that was earned\n"
}
},
"required": [
"amount"
]
},
"required": [
"id",
"type",
"attributes"
],
"relationships": {
"type": "object",
"properties": {
"team": {
"type": "object",
"description": "The program where the earning was earned.\n",
"properties": {
"data": {
"$ref": "#/components/schemas/program"
}
}
},
"bounty": {
"type": "object",
"description": "The bounty object for the earning, in the case of earning-bounty-earned type\n",
"properties": {
"data": {
"$ref": "#/components/schemas/bounty"
}
}
},
"pentester": {
"type": "object",
"description": "The pentester object for the earning, in the case of earning-pentest-completed\n",
"properties": {
"data": {
"$ref": "#/components/schemas/pentester"
}
}
},
"report_retest_user": {
"type": "object",
"description": "The report_retest_user object for the earning, in the case of earning-retest-completed\n",
"properties": {
"data": {
"$ref": "#/components/schemas/report-retest-user"
}
}
}
}
}
},
"example": {
"$ref": "fixtures/earning.json"
},
"x-last-revised-date": "2023-09-12"
},
"group": {
"title": "group",
"description": "A group represents a set of users. A group is used to delegate permissions for\nthe users in it. It can also be assigned to one or multiple [reports](#report).\n",
"type": "object",
"discriminator": {
"propertyName": "type"
},
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the group.",
"example": 1337
},
"type": {
"enum": [
"group"
],
"example": "group"
},
"attributes": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "The name of the group.",
"example": "Admin"
},
"permissions": {
"type": "array",
"items": {
"type": "string"
},
"description": "The permissions of the group. Possible values are <strong>reward_management</strong>,\n<strong>program_management</strong>, <strong>user_management</strong>, and\n<strong>report_management</strong>.\n",
"example": [
"user_management",
"report_management"
]
},
"created_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the object was created. Formatted according\nto ISO 8601.\n",
"example": "2016-02-02T04:05:06.000Z"
}
},
"required": [
"name",
"permissions",
"created_at"
]
}
},
"required": [
"id",
"type",
"attributes"
],
"example": {
"$ref": "fixtures/group.json"
},
"x-last-revised-date": "2021-07-01"
},
"hacktivity_item": {
"title": "hacktivity_item",
"description": "A `hacktivity_item` object contains a limited set of information from a report.\nHacktivity items can be refined with a set of available filters and return\nmeta information such as state, bounty awards, the program and reporter.\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the report."
},
"type": {
"type": "string",
"enum": [
"report"
]
},
"attributes": {
"type": "object",
"properties": {
"title": {
"type": "string",
"description": "The title of the report.",
"nullable": true
},
"substate": {
"$ref": "#/components/schemas/report-states",
"description": "The current state of the report.\n",
"nullable": true
},
"url": {
"type": "string",
"format": "url",
"description": "The URL of the report.",
"nullable": true
},
"disclosed_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the report was disclosed. Formatted according\nto ISO 8601.\n",
"nullable": true
},
"submitted_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the report was submitted. Formatted according\nto ISO 8601.\n",
"nullable": true
},
"disclosed": {
"type": "boolean",
"description": "Whether the report has been disclosed or not.\n"
},
"cve_ids": {
"type": "array",
"description": "Assigned CVE id(s) for this report",
"items": {
"type": "string"
},
"nullable": true
},
"cwe": {
"type": "string",
"description": "The Weakness for this report.\n",
"nullable": true
},
"severity_rating": {
"type": "string",
"description": "The severity rating for this report.\n",
"nullable": true
},
"votes": {
"type": "integer",
"description": "The number of upvotes for this report.\n",
"nullable": true
},
"total_awarded_amount": {
"type": "integer",
"description": "The total bounty amount awarded for this report.\n",
"nullable": true
},
"latest_disclosable_action": {
"type": "string",
"description": "The type of the latest public activity that on this report.\n",
"nullable": true
},
"latest_disclosable_activity_at": {
"type": "string",
"format": "date-time",
"description": "The date and time that the latest public activity was posted on the report.\nFormatted according to ISO 8601.\n",
"nullable": true
}
},
"required": [
"disclosed"
]
},
"relationships": {
"properties": {
"report_generated_content": {
"type": "object",
"description": "The generated report summary.\n",
"properties": {
"data": {
"$ref": "#/components/schemas/report_generated_content"
}
}
},
"reporter": {
"type": "object",
"description": "The user that created the report. This object contains the user's username and name.\n",
"properties": {
"data": {
"$ref": "#/components/schemas/user"
}
}
},
"program": {
"type": "object",
"description": "The program that received the report.",
"properties": {
"data": {
"$ref": "#/components/schemas/program_small"
}
}
}
},
"required": [
"program"
]
}
},
"required": [
"id",
"type",
"attributes",
"relationships"
],
"example": {
"$ref": "fixtures/hacktivity_response.json"
},
"x-last-revised-date": "2024-03-07"
},
"links": {
"title": "links",
"description": "When querying for multiple objects, the client needs to know how to query\nthe next page. This kind of data is included in this attribute. In case there\nis no additional meta data, this attribute is not returned by the API.\n",
"type": "object",
"properties": {
"attributes": {
"type": "object",
"properties": {
"prev": {
"type": "string",
"description": "This attribute contains a URL to the previous page or previous resource when\nthe resource or resources are paginated.\n"
},
"self": {
"type": "string",
"description": "This attribute contains a URL to the resource itself when it can be queried as a\ntop level resource. At this moment, only <a href=\"#report\">report objects</a> can\nbe queried as individual resources.\n"
},
"next": {
"type": "string",
"description": "This attribute contains the URL to the next page or next resource when the resource\nor resources are paginated.\n"
}
}
}
},
"example": {
"$ref": "fixtures/response.json"
},
"x-last-revised-date": "2021-06-30"
},
"payout": {
"title": "payout",
"description": "A payout object\n",
"type": "object",
"properties": {
"amount": {
"type": "number",
"description": "the amount in USD that was paid out"
},
"paid_out_at": {
"type": "date-time",
"description": "The date and time the payout was created. Formatted according\nto ISO 8601.\n"
},
"reference": {
"type": "string"
},
"payout_provider": {
"type": "string"
},
"status": {
"type": "string"
}
},
"example": {
"$ref": "fixtures/payout.json"
},
"x-last-revised-date": "2021-07-01"
},
"pentest": {
"title": "pentest",
"description": "A pentest object\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the pentest object"
},
"type": {
"enum": [
"pentest"
]
},
"attributes": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "The name of the pentest\n"
},
"description": {
"type": "string",
"description": "The description of the pentest\n"
}
},
"required": [
"amount"
]
},
"required": [
"id",
"type",
"attributes"
]
},
"example": {
"$ref": "fixtures/pentest.json"
},
"x-last-revised-date": "2021-07-01"
},
"pentester": {
"title": "pentester",
"description": "A pentester object represents a completion of a pentest by a user.\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the pentester object"
},
"type": {
"enum": [
"pentester"
]
},
"attributes": {
"type": "object",
"properties": {
"amount": {
"type": "number",
"description": "The amount that was earned by the user\n"
},
"completed_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the user completed the pentest. Formatted according\nto ISO 8601.\n"
}
},
"required": [
"amount"
]
},
"required": [
"id",
"type",
"attributes"
],
"relationships": {
"type": "object",
"properties": {
"pentest": {
"type": "object",
"description": "The pentest object completed by the user\n",
"properties": {
"data": {
"$ref": "#/components/schemas/pentest"
}
}
}
}
}
},
"example": {
"$ref": "fixtures/pentester.json"
},
"x-last-revised-date": "2021-07-01"
},
"program": {
"title": "program",
"description": "A program object represents a disclosure program or bug bounty program on the\nplatform. When [a user](/customer-reference#user) reports a bug to a program, this is\nthe object they interact with. Behind a program, there can be multiple users\nthat are part of the program. Those users can interact with reports on behalf\nof the program.\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the program."
},
"type": {
"enum": [
"program"
]
},
"attributes": {
"type": "object",
"properties": {
"handle": {
"type": "string",
"description": "The handle of the program. Handles are unique and scoped under the same\nnamespace as user usernames.\n"
},
"name": {
"type": "string",
"description": "The name of the program."
},
"currency": {
"type": "string",
"description": "The currency used by the program for payments.",
"nullable": true
},
"profile_picture": {
"type": "string",
"format": "uri",
"description": "The profile picture of the program."
},
"submission_state": {
"type": "string",
"description": "The submission state of the program."
},
"triage_active": {
"type": "boolean",
"description": "Indicates if the program is actively triaging.",
"nullable": true
},
"state": {
"type": "string",
"description": "The state of the program.",
"nullable": true
},
"started_accepting_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the program started accepting submissions.",
"nullable": true
},
"number_of_reports_for_user": {
"type": "integer",
"description": "The number of reports submitted by the user.",
"nullable": true
},
"number_of_valid_reports_for_user": {
"type": "integer",
"description": "The number of valid reports submitted by the user.",
"nullable": true
},
"bounty_earned_for_user": {
"type": "number",
"description": "The total bounty earned by the user.",
"nullable": true
},
"last_invitation_accepted_at_for_user": {
"type": "string",
"format": "date-time",
"description": "The date and time the user last accepted an invitation.",
"nullable": true
},
"bookmarked": {
"type": "boolean",
"description": "Indicates if the program is bookmarked by the user.",
"nullable": true
},
"allows_bounty_splitting": {
"type": "boolean",
"description": "Indicates if the program allows bounty splitting (collaboration).",
"nullable": true
},
"offers_bounties": {
"type": "boolean",
"description": "Indicates if the program offers bounties.",
"nullable": true
},
"open_scope": {
"type": "boolean",
"description": "Indicates if the program has an open scope policy.",
"nullable": true
},
"fast_payments": {
"type": "boolean",
"description": "Indicates if the program commits to fast payouts.",
"nullable": true
},
"gold_standard_safe_harbor": {
"type": "boolean",
"description": "Indicates if the program is enrroled in the Gold Standard Safe Harbor.",
"nullable": true
}
},
"required": [
"handle",
"name",
"currency",
"profile_picture",
"submission_state",
"triage_active",
"state",
"started_accepting_at",
"number_of_reports_for_user",
"number_of_valid_reports_for_user",
"bounty_earned_for_user",
"last_invitation_accepted_at_for_user",
"bookmarked",
"allows_bounty_splitting",
"offers_bounties",
"open_scope",
"fast_payments",
"gold_standard_safe_harbor"
]
},
"relationships": {
"type": "object",
"properties": {
"structured_scopes": {
"type": "object",
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/structured-scope"
}
}
},
"description": "The assets of the program, which is used to determine whether a security\nvulnerability is within the scope of said program.\n"
}
}
}
},
"required": [
"id",
"type",
"attributes"
],
"example": {
"$ref": "fixtures/program.json"
},
"x-last-revised-date": "2024-03-22"
},
"program_small": {
"title": "program_small",
"description": "A program object represents a disclosure program or bug bounty program on the\nplatform. When [a user](/customer-reference#user) reports a bug to a program, this is\nthe object they interact with. Behind a program, there can be multiple users\nthat are part of the program. Those users can interact with reports on behalf\nof the program.\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the program."
},
"type": {
"enum": [
"program"
]
},
"attributes": {
"type": "object",
"properties": {
"handle": {
"type": "string",
"description": "The handle of the program. Handles are unique and scoped under the same\nnamespace as user usernames.\n"
}
},
"required": [
"handle"
]
}
},
"required": [
"id",
"type",
"attributes"
],
"example": {
"$ref": "fixtures/program_small.json"
},
"x-last-revised-date": "2021-07-01"
},
"report": {
"title": "report",
"description": "A report object contains the information that hackers submitted to a program,\nthe interactions the program users had with the report, and all additional\nmeta information like bounties, swag, and internal references.\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the report."
},
"type": {
"type": "string",
"enum": [
"report"
]
},
"attributes": {
"type": "object",
"properties": {
"title": {
"type": "string",
"description": "The title of the report. May be updated through the HackerOne interface."
},
"vulnerability_information": {
"type": "string",
"description": "The raw report's vulnerability information. Markdown is not parsed."
},
"state": {
"$ref": "#/components/schemas/report-states",
"description": "The report its current state. May be updated through the HackerOne interface or\n<a href=\"/hacker-resources/#reports-change-state\">the HackerOne API</a>.\n"
},
"created_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the object was created. Formatted according\nto ISO 8601.\n"
},
"triaged_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the report was triaged. This attribute is reset when the\nreport was reopened after it was triaged. Formatted according to ISO 8601.\n",
"nullable": true
},
"closed_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the report was closed. This attribute is reset when the\nreport was reopened after it was closed. Formatted according to ISO 8601.\n",
"nullable": true
},
"last_reporter_activity_at": {
"type": "string",
"format": "date-time",
"description": "The date and time that the most recent reporter activity was posted on the report.\nFormatted according to ISO 8601.\n",
"nullable": true
},
"first_program_activity_at": {
"type": "string",
"format": "date-time",
"description": "The date and time that the first program activity was posted on the report.\nFormatted according to ISO 8601.\n",
"nullable": true
},
"last_program_activity_at": {
"type": "string",
"format": "date-time",
"description": "The date and time that the most recent program activity was posted on the report.\nFormatted according to ISO 8601.\n",
"nullable": true
},
"last_activity_at": {
"type": "string",
"format": "date-time",
"description": "The date and time that the most recent activity was posted on the report.\nFormatted according to ISO 8601.\n",
"nullable": true
},
"last_public_activity_at": {
"type": "string",
"format": "date-time",
"description": "The date and time that the most recent public activity was posted on the report.\nFormatted according to ISO 8601.\n",
"nullable": true
},
"bounty_awarded_at": {
"type": "string",
"format": "date-time",
"description": "The date and time that the most recent bounty was awarded on the report.\nFormatted according to ISO 8601.\n",
"nullable": true
},
"swag_awarded_at": {
"type": "string",
"format": "date-time",
"description": "The date and time that the most recent swag was awarded on the report.\nFormatted according to ISO 8601.\n",
"nullable": true
},
"disclosed_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the report was disclosed. Formatted according\nto ISO 8601.\n",
"nullable": true
},
"reporter_agreed_on_going_public_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the reporter agreed for the public disclosure.\nFormatted according to ISO 8601.\n",
"nullable": true
},
"cve_ids": {
"type": "array",
"description": "An assigned CVE id(s) for this report",
"items": {
"type": "string"
}
}
},
"required": [
"title",
"state",
"created_at",
"triaged_at",
"closed_at",
"last_reporter_activity_at",
"first_program_activity_at",
"last_program_activity_at",
"last_activity_at",
"last_public_activity_at",
"bounty_awarded_at",
"swag_awarded_at",
"disclosed_at",
"reporter_agreed_on_going_public_at"
]
},
"relationships": {
"properties": {
"program": {
"type": "object",
"description": "The program that received the report.",
"properties": {
"data": {
"$ref": "#/components/schemas/program_small"
}
}
},
"attachments": {
"type": "object",
"description": "A list of Attachment objects that the reporter added to the report.",
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/attachment"
}
}
}
},
"swag": {
"type": "object",
"description": "A list of Swag objects that were awarded to the reporter.",
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/swag"
}
}
}
},
"weakness": {
"type": "object",
"description": "The Weakness object of the report provided by the reporter or team.",
"properties": {
"data": {
"$ref": "#/components/schemas/weakness"
}
}
},
"structured_scope": {
"type": "object",
"description": "The StructuredScope object of the report provided by the reporter or team.",
"properties": {
"data": {
"$ref": "#/components/schemas/structured-scope"
}
}
},
"severity": {
"type": "object",
"description": "The Severity object of the report provided by the reporter or team.",
"properties": {
"data": {
"$ref": "#/components/schemas/severity"
}
}
},
"reporter": {
"type": "object",
"description": "The user that created the report. This object contains the user's reputation, signal,\nand impact metrics.\n",
"properties": {
"data": {
"$ref": "#/components/schemas/user"
}
}
},
"activities": {
"type": "object",
"description": "A list of Activity objects that can be used to generate a timeline of changes.\nActivities are ordered by most recent first.\n",
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/activity"
}
}
}
},
"bounties": {
"type": "object",
"description": "A list of Bounty objects that were awarded to the reporter.",
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/bounty"
}
}
}
},
"summaries": {
"type": "object",
"description": "A list of Report Summary objects that were added to the report by the reporter\nand team.\n",
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/report-summary"
}
}
}
}
},
"required": [
"program"
]
}
},
"required": [
"id",
"type",
"attributes",
"relationships"
],
"example": {
"$ref": "fixtures/report.json"
},
"x-last-revised-date": "2021-07-01"
},
"report_generated_content": {
"title": "report_generated_content",
"description": "A `report_generated_content` object contains the AI summary of a report.\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the report_generated_content object"
},
"type": "string",
"attributes": {
"type": "object",
"properties": {
"hacktivity_summary": {
"type": "string",
"description": "The generated report summary.\n",
"nullable": true
},
"required": [
"hacktivity_summary"
]
}
},
"required": [
"id",
"type",
"attributes"
]
},
"example": {
"$ref": "fixtures/report_generated_content.json"
},
"x-last-revised-date": "2024-03-07"
},
"report-retest": {
"title": "report-retest",
"description": "A report-retest object\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the report-retest object"
},
"type": {
"enum": [
"report-retest"
]
},
"attributes": {
"type": "object"
},
"required": [
"id",
"type"
],
"relationships": {
"type": "object",
"properties": {
"report": {
"type": "object",
"description": "The retested report\n",
"properties": {
"data": {
"$ref": "#/components/schemas/report"
}
}
}
}
}
},
"example": {
"$ref": "fixtures/report_retest.json"
},
"x-last-revised-date": "2021-07-01"
},
"report-retest-user": {
"title": "report-retest-user",
"description": "A report-retest-user object represents a completion of a retest by a user.\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the report-retest-user object"
},
"type": {
"enum": [
"report-retest-user"
]
},
"attributes": {
"type": "object",
"properties": {
"completed_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the user completed the retest. Formatted according\nto ISO 8601.\n"
}
},
"required": [
"amount"
]
},
"required": [
"id",
"type",
"attributes"
],
"relationships": {
"type": "object",
"properties": {
"report_retest": {
"type": "object",
"description": "The retest object completed by the user\n",
"properties": {
"data": {
"$ref": "#/components/schemas/report-retest"
}
}
}
}
}
},
"example": {
"$ref": "fixtures/report_retest_user.json"
},
"x-last-revised-date": "2021-07-01"
},
"report-states": {
"title": "report-states",
"type": "string",
"enum": [
"new",
"pending-program-review",
"triaged",
"needs-more-info",
"resolved",
"not-applicable",
"informative",
"duplicate",
"spam",
"retesting"
],
"x-last-revised-date": "2021-07-01"
},
"report-summary": {
"title": "report-summary",
"description": "Before a report is disclosed, the program, the HackerOne Triage team and hacker may add a summary. A\nreport can have only one summary per party. Unlike activities, summaries can\nbe edited through HackerOne indefinitely. Triage summaries are only\nvisible to team members and the HackerOne Triage team.\n",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the report summary."
},
"type": {
"type": "string",
"enum": [
"report-summary"
]
},
"attributes": {
"type": "object",
"properties": {
"content": {
"type": "string",
"description": "The raw summary of the report. Markdown is not parsed."
},
"category": {
"type": "string",
"enum": [
"researcher",
"team",
"triage"
],
"description": "The involved party that wrote the summary."
},
"created_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the object was created. Formatted according\nto ISO 8601.\n"
},
"updated_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the object was last updated. Formatted according\nto ISO 8601.\n"
}
},
"required": [
"content",
"category",
"created_at",
"updated_at"
]
},
"relationships": {
"type": "object",
"properties": {
"user": {
"type": "object",
"description": "The author that added the summary to the report.",
"properties": {
"data": {
"$ref": "#/components/schemas/user"
}
}
}
}
}
},
"required": [
"id",
"type",
"attributes",
"relationships"
],
"example": {
"$ref": "fixtures/report_summary.json"
},
"x-last-revised-date": "2024-02-13"
},
"severity": {
"title": "severity",
"description": "A severity object represents the severity of a report, if provided by the reporter or\na team member.\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the severity."
},
"type": {
"type": "string",
"enum": [
"severity"
]
},
"attributes": {
"properties": {
"rating": {
"$ref": "#/components/schemas/severity-ratings"
},
"author_type": {
"type": "string",
"enum": [
"User",
"Team"
],
"description": "The involved party that provided the severity."
},
"user_id": {
"type": "integer",
"description": "The unique id of the user who created the object."
},
"score": {
"type": "number",
"description": "The vulnerability score calculated from the Common Vulnerability Scoring System (CVSS).\nOnly present if CVSS metrics were provided.\n",
"nullable": true
},
"attack_vector": {
"type": "string",
"enum": [
"network",
"adjacent",
"local",
"physical"
],
"description": "A CVSS metric that reflects the context by which vulnerability exploritation\nis possible.\n",
"nullable": true
},
"attack_complexity": {
"type": "string",
"enum": [
"low",
"high"
],
"description": "A CVSS metric that describes the conditions beyond the attacker's control that must exist\nin order to exploit the vulnerability.\n"
},
"privileges_required": {
"type": "string",
"enum": [
"none",
"low",
"high"
],
"description": "A CVSS metric that describes the level of privileges an attacker must possess before\nsuccessfully exploiting the vulnerability.\n"
},
"user_interaction": {
"type": "string",
"enum": [
"none",
"required"
],
"description": "A CVSS metric that captures the requirement for a user, other than the attacker, to\nparticipate in the successful compromise of the vulnerability component.\n"
},
"scope": {
"type": "string",
"enum": [
"unchanged",
"changed"
],
"description": "A CVSS metric that determines if a successful attack impacts a component other than the\nvulnerable component.\n",
"nullable": true
},
"confidentiality": {
"type": "string",
"enum": [
"none",
"low",
"high"
],
"description": "A CVSS metric that measures the impact to the confidentiality of the information resources\nmanaged by a software component due to a successfully exploited vulnerability.\n"
},
"integrity": {
"type": "string",
"enum": [
"none",
"low",
"high"
],
"description": "A CVSS metric that measures the impact to the integrity of a successfully exploited\nvulnerability.\n"
},
"availability": {
"type": "string",
"enum": [
"none",
"low",
"high"
],
"description": "A CVSS metric that measures the availability of the impacted component resulting from a\nsuccessfully exploited vulnerability.\n"
},
"created_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the object was created. Formatted according to ISO 8601."
}
},
"required": [
"rating",
"author_type",
"user_id",
"created_at"
]
}
},
"required": [
"id",
"type",
"attributes"
],
"example": {
"$ref": "fixtures/severity.json"
},
"x-last-revised-date": "2021-07-01"
},
"severity-ratings": {
"title": "severity-ratings",
"description": "The qualitative rating of the severity. Provided either directly from the author or mapped from the calculated vulnerability score.",
"type": "string",
"enum": [
"none",
"low",
"medium",
"high",
"critical"
],
"x-last-revised-date": "2021-07-01"
},
"structured-scope": {
"title": "structured-scope",
"description": "A StructuredScope object represents an asset defined by the program. The scope on a\nreport was initially provided by the hacker, but may be reviewed and corrected by\nthe program.\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the scope."
},
"type": {
"enum": [
"structured-scope"
]
},
"attributes": {
"properties": {
"asset_identifier": {
"type": "string",
"description": "The identifier of the asset."
},
"asset_type": {
"type": "string",
"description": "The type of the asset."
},
"eligible_for_bounty": {
"type": "boolean",
"description": "If the asset is eligible for bounty."
},
"eligible_for_submission": {
"type": "boolean",
"description": "If the asset is eligible for submission."
},
"instruction": {
"type": "string",
"description": "The raw intruction of the asset provided by the program.\nMarkdown is not parsed.\n",
"nullable": true
},
"confidentiality_requirement": {
"enum": [
"none",
"low",
"medium",
"high"
],
"description": "A CVSS environmental modifier that reweights Confidentiality Impact\nof a vulnerability on this asset.\n"
},
"integrity_requirement": {
"enum": [
"none",
"low",
"medium",
"high"
],
"description": "A CVSS environmental modifier that reweights Integrity Impact of a\nvulnerability on this asset.\n"
},
"availability_requirement": {
"enum": [
"none",
"low",
"medium",
"high"
],
"description": "A CVSS environmental modifier that reweights Availability Impact of\na vulnerability on this asset.\n"
},
"max_severity": {
"enum": [
"none",
"low",
"medium",
"high",
"critical"
],
"description": "The qualitative rating of the maximum severity allowed on this asset.\nIts value is calculated from the combination of all three of the\nenvironmental requirements (CR, IR, and AR).\n"
},
"created_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the object was created. Formatted according to ISO 8601.\n"
},
"updated_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the object was updated. Formatted according to ISO 8601.\n"
},
"reference": {
"type": "string",
"description": "The customer defined reference identifier or tag of the asset.\n",
"nullable": true
}
},
"required": [
"asset_identifier",
"asset_type",
"eligible_for_bounty",
"eligible_for_submission",
"max_severity",
"created_at",
"updated_at"
]
}
},
"required": [
"id",
"type",
"attributes"
],
"example": {
"$ref": "fixtures/structured_scope.json"
},
"x-last-revised-date": "2021-06-29"
},
"swag": {
"title": "swag",
"discriminator": {
"propertyName": "type"
},
"description": "Besides a financial reward, which is called [a bounty](/customer-reference#bounty), programs can\naward swag. Report objects may contain multiple swag objects, one for each time\nswag was awarded.\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the swag."
},
"type": {
"type": "string",
"enum": [
"swag"
]
},
"attributes": {
"properties": {
"sent": {
"type": "boolean",
"description": "Indicates whether the swag has been marked as sent. Swag can be marked as\nsent through the HackerOne interface.\n"
},
"created_at": {
"type": "string",
"format": "data-time",
"description": "The date and time the object was created. Formatted according\nto ISO 8601.\n"
}
},
"required": [
"sent",
"created_at"
]
},
"relationships": {
"properties": {
"user": {
"type": "object",
"properties": {
"data": {
"$ref": "#/components/schemas/user",
"discriminator": {
"propertyName": "type"
},
"description": "The user the swag was awarded to."
}
}
},
"address": {
"type": "object",
"properties": {
"data": {
"$ref": "#/components/schemas/address",
"discriminator": {
"propertyName": "type"
},
"description": "The user's address to send the swag to.",
"nullable": true
}
}
}
},
"required": [
"user",
"address"
]
}
},
"required": [
"id",
"type",
"attributes"
],
"example": {
"$ref": "fixtures/swag.json"
},
"x-last-revised-date": "2021-07-01"
},
"user": {
"title": "user",
"description": "User objects represent accounts on HackerOne. These objects are mostly referenced\nwhen someone performed an action using that account. All different actors on the\nplatform, hackers, API users, and program users, have a user account.\n",
"type": "object",
"discriminator": {
"propertyName": "type"
},
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the user."
},
"type": {
"type": "string",
"enum": [
"user"
]
},
"attributes": {
"type": "object",
"properties": {
"disabled": {
"type": "boolean",
"description": "Indicates if the user is disabled."
},
"username": {
"type": "string",
"description": "The username of the user. Usernames are unique and scoped under the same\nnamespace as program handles.\n"
},
"name": {
"type": "string",
"description": "The name of the user. A name may be empty and is free-format."
},
"profile_picture": {
"type": "object",
"description": "An object that holds URLs to different profile picture sizes.",
"properties": {
"62x62": {
"type": "string"
},
"82x82": {
"type": "string"
},
"110x110": {
"type": "string"
},
"260x260": {
"type": "string"
}
},
"required": [
"62x62",
"82x82",
"110x110",
"260x260"
]
},
"bio": {
"type": "string",
"description": "The user's biography, as provided by the user.",
"nullable": true
},
"website": {
"type": "string",
"description": "The user's website, as provided by the user.",
"nullable": true
},
"location": {
"type": "string",
"description": "The user's location, as provided by the user.",
"nullable": true
},
"reputation": {
"type": "number",
"description": "The reputation of the user. Read more about how this number is\ncalculated <a target=\"_blank\"\nhref=\"https://www.hackerone.com/blog/introducing-reputation\">here</a>. This\nattribute is only included in the reporter relationship of a\n<a href=\"#report\">report</a> object.\n",
"nullable": true
},
"signal": {
"type": "number",
"description": "The signal of the user. This number ranges from -10 to 7. The closer to 7,\nthe higher the average submission quality of the user. This attribute is only\nincluded in the reporter relationship of a <a href=\"#report\">report</a> object.\nLearn more about how this number is calculated <a target=\"_blank\"\nhref=\"https://www.hackerone.com/blog/introducing-signal-and-impact\">here</a>.\n",
"nullable": true
},
"impact": {
"type": "number",
"description": "The impact of the user. This number ranges from 0 to 50. The closer to 50,\nthe higher the average severity of the user's reports is. This attribute is only\nincluded in the reporter relationship of a <a href=\"#report\">report</a> object.\nLearn more about how this number is calculated <a target=\"_blank\"\nhref=\"https://www.hackerone.com/blog/introducing-signal-and-impact\">here</a>.\n",
"nullable": true
},
"hackerone_triager": {
"type": "boolean",
"description": "Indicates if the user is a hackerone triager.",
"nullable": true
},
"created_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the object was created. Formatted according\nto ISO 8601.\n"
}
},
"required": [
"disabled",
"username",
"name",
"profile_picture",
"created_at"
]
},
"relationships": {
"properties": {
"participating_programs": {
"type": "object",
"properties": {
"data": {
"type": "array",
"items": {
"type": "object"
},
"description": "List of private programs that you manage where this user is invited to.\nThis attribute is only included when making use of the User > Read endpoint.\n"
}
}
}
}
}
},
"required": [
"id",
"type",
"attributes"
],
"example": {
"$ref": "fixtures/user.json"
},
"x-last-revised-date": "2021-07-01"
},
"weakness": {
"title": "weakness",
"description": "A Weakness object represents the type of weakness the hacker submitted to a program.\nThe weakness was initially provided by the hacker, but may be reviewed and corrected\nby the program.\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the weakness."
},
"type": {
"enum": [
"weakness"
],
"example": "weakness"
},
"attributes": {
"properties": {
"name": {
"type": "string",
"description": "The name of the weakness."
},
"description": {
"type": "string",
"description": "The raw description of the weakness. Markdown is not parsed.\n"
},
"external_id": {
"type": "string",
"description": "The weakness' external reference to CWE or CAPEC.\n"
},
"created_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the object was created. Formatted according to ISO 8601.\n"
}
},
"required": [
"name",
"description",
"external_id",
"created_at"
]
}
},
"required": [
"id",
"type"
],
"example": {
"$ref": "fixtures/weakness.json"
},
"x-last-revised-date": "2021-06-29"
},
"address": {
"title": "address",
"discriminator": {
"propertyName": "type"
},
"description": "This object contains the postal address for the delivery of\nawarded [swag](/customer-reference#swag).\n",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The unique ID of the address."
},
"type": {
"type": "string",
"enum": [
"address"
]
},
"attributes": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"street": {
"type": "string"
},
"city": {
"type": "string"
},
"postal_code": {
"type": "string"
},
"state": {
"type": "string"
},
"country": {
"type": "string"
},
"tshirt_size": {
"type": "string",
"enum": [
"M_Small",
"M_Medium",
"M_Large",
"M_XLarge",
"M_XXLarge",
"W_Small",
"W_Medium",
"W_Large",
"W_XLarge",
"W_XXLarge"
]
},
"phone_number": {
"type": "string"
},
"created_at": {
"type": "string",
"format": "date-time",
"description": "The date and time the object was created. Formatted according\nto ISO 8601.\n"
}
},
"required": [
"name",
"street",
"city",
"postal_code",
"state",
"country",
"created_at"
]
}
},
"required": [
"id",
"type",
"attributes"
],
"example": {
"$ref": "../../../specification/v1/fixtures/address.json"
},
"x-last-revised-date": "2023-09-14"
}
}
},
"paths": {
"/hackers/hacktivity": {
"get": {
"summary": "Get Hacktivity",
"x-last-revised-date": "2024-03-07",
"tags": [
"Hacktivity"
],
"description": "This API endpoint allows you to query a paginated list of [hacktivity_item](/hacker-reference#hacktivity_item) objects.\n",
"parameters": [
{
"name": "queryString",
"in": "path",
"required": true,
"description": "Expects an [Apache Lucene query string syntax](https://lucene.apache.org/core/8_11_2/queryparser/org/apache/lucene/queryparser/classic/package-summary.html#package.description). Possible filters are `severity_rating`, `asset_type`, `substate`, `cwe`, `cve_ids`, `reporter`, `team`, `total_awarded_amount`, `disclosed_at`, `has_collaboration` and `disclosed`. Example: `queryString=severity_rating:critical AND disclosed_at:>=01-01-1970` displays reports with a severity rating of critical that were disclosed after January 1st, 1970. If no query string is provided, all reports will be returned.'\n",
"schema": {
"type": "string"
}
},
{
"name": "page[number]",
"in": "query",
"schema": {
"default": 1,
"type": "integer"
},
"required": false,
"description": "The page to retrieve from. The default is set to 1."
},
{
"name": "page[size]",
"in": "query",
"schema": {
"default": 25,
"type": "integer"
},
"required": false,
"description": "The number of objects per page (currently limited from 1 to 100). The default is set to 25."
}
],
"responses": {
"200": {
"description": "hacktivity items found",
"content": {
"application/json": {
"examples": {
"example_0": {
"value": {
"data": [
{
"id": 689314,
"type": "report",
"attributes": {
"title": "Project Template functionality can be used to copy private project data",
"substate": "Resolved",
"url": "https://hackerone.com/reports/689314",
"disclosed_at": "2019-11-27T10:02:44.156Z",
"cve_ids": [],
"cwe": "Privilege Escalation",
"severity_rating": "critical",
"votes": 438,
"total_awarded_amount": 12000,
"latest_disclosable_action": "Activities::ReportBecamePublic",
"latest_disclosable_activity_at": "2019-11-27T10:02:44.181Z",
"submitted_at": "2019-09-06T05:40:41.068Z",
"disclosed": true
},
"relationships": {
"report_generated_content": {
"data": {
"type": "report_generated_content",
"attributes": {
"hacktivity_summary": "Here you could see a generated summary."
}
}
},
"reporter": {
"data": {
"type": "user",
"attributes": {
"name": "Jobert Abma",
"username": "jobert"
}
}
},
"program": {
"data": {
"type": "program",
"attributes": {
"handle": "gitlab",
"name": "GitLab",
"currency": "usd",
"url": "https://hackerone.com/gitlab"
}
}
}
}
}
]
}
}
},
"schema": {
"type": "object",
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/hacktivity_item"
}
},
"links": {
"$ref": "#/components/schemas/links"
}
},
"required": [
"data"
]
}
}
}
}
}
}
},
"/hackers/me/reports": {
"get": {
"summary": "Get Reports",
"x-last-revised-date": "2023-09-07",
"tags": [
"Reports"
],
"description": "This API endpoint allows you to query a paginated list of [report](/hacker-reference#report) objects.\n",
"parameters": [
{
"name": "page[number]",
"in": "query",
"schema": {
"default": 1,
"type": "integer"
},
"required": false,
"description": "The page to retrieve from. The default is set to 1."
},
{
"name": "page[size]",
"in": "query",
"schema": {
"default": 25,
"type": "integer"
},
"required": false,
"description": "The number of objects per page (currently limited from 1 to 100). The default is set to 25."
}
],
"responses": {
"200": {
"description": "report found",
"content": {
"application/json": {
"examples": {
"example_0": {
"value": {
"data": [
{
"id": "1",
"type": "report",
"attributes": {
"title": "Yet Another XSS",
"state": "new",
"created_at": "2016-02-02T04:05:06.000Z",
"vulnerability_information": "Vuln information",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": null,
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"reporter_agreed_on_going_public_at": null,
"last_public_activity_at": null,
"last_activity_at": null
},
"relationships": {
"reporter": {
"data": {
"id": "1",
"type": "user",
"attributes": {
"username": "john",
"name": "John",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"bio": "Super great hacker",
"website": "http://hackerone.com",
"location": "Who wants to know?",
"hackerone_triager": false
}
}
},
"program": {
"data": {
"id": "1",
"type": "program",
"attributes": {
"handle": "teamy",
"created_at": null,
"updated_at": null
}
}
},
"weakness": {
"data": {
"id": "2",
"type": "weakness",
"attributes": {
"name": "Uncontrolled Resource Consumption",
"description": "The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",
"external_id": "3",
"created_at": "2016-02-02T04:05:06.000Z"
}
}
}
}
},
{
"id": "2",
"type": "report",
"attributes": {
"title": "Another XSS",
"state": "new",
"created_at": "2016-02-02T04:05:06.000Z",
"vulnerability_information": "Vuln information",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": null,
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"reporter_agreed_on_going_public_at": null,
"last_public_activity_at": null,
"last_activity_at": null
},
"relationships": {
"reporter": {
"data": {
"id": "3",
"type": "user",
"attributes": {
"username": "john",
"name": "John",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"bio": "Super great hacker",
"website": "http://hackerone.com",
"location": "Who wants to know?",
"hackerone_triager": false
}
}
},
"program": {
"data": {
"id": "4",
"type": "program",
"attributes": {
"handle": "teamy",
"created_at": null,
"updated_at": null
}
}
},
"weakness": {
"data": {
"id": "5",
"type": "weakness",
"attributes": {
"name": "Uncontrolled Resource Consumption",
"description": "The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",
"external_id": "2",
"created_at": "2016-02-02T04:05:06.000Z"
}
}
}
}
},
{
"id": "3",
"type": "report",
"attributes": {
"title": "XSS",
"state": "new",
"created_at": "2016-02-02T04:05:06.000Z",
"vulnerability_information": "Vuln information",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": null,
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"reporter_agreed_on_going_public_at": null,
"last_public_activity_at": null,
"last_activity_at": null
},
"relationships": {
"reporter": {
"data": {
"id": "4",
"type": "user",
"attributes": {
"username": "john",
"name": "John",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"bio": "Super great hacker",
"website": "http://hackerone.com",
"location": "Who wants to know?",
"hackerone_triager": false
}
}
},
"program": {
"data": {
"id": "5",
"type": "program",
"attributes": {
"handle": "teamy",
"created_at": null,
"updated_at": null
}
}
},
"weakness": {
"data": {
"id": "6",
"type": "weakness",
"attributes": {
"name": "Uncontrolled Resource Consumption",
"description": "The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",
"external_id": "7",
"created_at": "2016-02-02T04:05:06.000Z"
}
}
}
}
}
],
"links": {}
}
}
},
"schema": {
"type": "object",
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/report"
}
},
"links": {
"$ref": "#/components/schemas/links"
}
},
"required": [
"data"
]
}
}
}
}
}
}
},
"/hackers/payments/balance": {
"get": {
"summary": "Get Balance",
"x-last-revised-date": "2023-09-07",
"tags": [
"Balance"
],
"description": "This API endpoint allows you to query your balance.\n",
"responses": {
"200": {
"description": "balance found",
"content": {
"application/json": {
"examples": {
"example_0": {
"value": {
"data": {
"balance": 105
}
}
}
},
"schema": {
"type": "object",
"properties": {
"data": {
"type": "object",
"properties": {
"balance": {
"type": "number"
}
}
}
},
"required": [
"data"
]
}
}
}
}
}
}
},
"/hackers/payments/earnings": {
"get": {
"summary": "Get Earnings",
"x-last-revised-date": "2023-09-07",
"tags": [
"Earnings"
],
"description": "This API endpoint allows you to query a paginated list of [earning](/hacker-reference#earning) objects.\n",
"parameters": [
{
"name": "page[number]",
"in": "query",
"schema": {
"default": 1,
"type": "integer"
},
"required": false,
"description": "The page to retrieve from. The default is set to 1."
},
{
"name": "page[size]",
"in": "query",
"schema": {
"default": 25,
"type": "integer"
},
"required": false,
"description": "The number of objects per page (currently limited from 1 to 100). The default is set to 25."
}
],
"responses": {
"200": {
"description": "earnings found",
"content": {
"application/json": {
"examples": {
"example_0": {
"value": {
"data": [
{
"id": "1",
"type": "earning-bounty-earned",
"attributes": {
"amount": 150,
"created_at": "2015-02-02T04:05:06.000Z"
},
"relationships": {
"program": {
"data": {
"id": "9",
"type": "program",
"attributes": {
"handle": "acme",
"name": "Acme",
"currency": null,
"profile_picture": null,
"submission_state": null,
"triage_active": null,
"state": null,
"started_accepting_at": null,
"number_of_reports_for_user": null,
"number_of_valid_reports_for_user": null,
"bounty_earned_for_user": null,
"last_invitation_accepted_at_for_user": null,
"bookmarked": null,
"allows_bounty_splitting": null
}
}
},
"bounty": {
"data": {
"id": "123",
"type": "bounty",
"attributes": {
"amount": "150.00",
"bonus_amount": "0.00",
"awarded_amount": "150.00",
"awarded_bonus_amount": "0.00",
"awarded_currency": "USD",
"created_at": "2015-02-02T04:05:06.000Z"
},
"relationships": {
"report": {
"data": {
"id": "123",
"type": "report",
"attributes": {
"title": "Great bounty",
"state": "resolved",
"created_at": "2015-02-02T04:05:06.000Z",
"vulnerability_information": "Vuln information",
"triaged_at": null,
"closed_at": "2015-02-02T04:05:06.000Z",
"last_reporter_activity_at": null,
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"reporter_agreed_on_going_public_at": null,
"last_public_activity_at": null,
"last_activity_at": null
}
}
}
}
}
}
}
}
],
"links": {}
}
}
},
"schema": {
"type": "object",
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/earning"
}
},
"links": {
"$ref": "#/components/schemas/links"
}
},
"required": [
"data"
]
}
}
}
}
}
}
},
"/hackers/payments/payouts": {
"get": {
"summary": "Get Payouts",
"x-last-revised-date": "2023-09-07",
"tags": [
"Payouts"
],
"description": "This API endpoint allows you to query a paginated list of [payout](/hacker-reference#payout) objects.\n",
"parameters": [
{
"name": "page[number]",
"in": "query",
"schema": {
"default": 1,
"type": "integer"
},
"required": false,
"description": "The page to retrieve from. The default is set to 1."
},
{
"name": "page[size]",
"in": "query",
"schema": {
"default": 25,
"type": "integer"
},
"required": false,
"description": "The number of objects per page (currently limited from 1 to 100). The default is set to 25."
}
],
"responses": {
"200": {
"description": "earnings found",
"content": {
"application/json": {
"examples": {
"example_0": {
"value": {
"data": [
{
"amount": 100,
"paid_out_at": "2016-02-02T04:05:06.000Z",
"reference": "<reference>",
"payout_provider": "PayPal",
"status": "sent"
}
],
"links": {}
}
}
},
"schema": {
"type": "object",
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/payout"
}
},
"links": {
"$ref": "#/components/schemas/links"
}
},
"required": [
"data"
]
}
}
}
}
}
}
},
"/hackers/programs/{handle}/structured_scopes": {
"get": {
"summary": "Get Structured Scopes",
"x-last-revised-date": "2024-05-30",
"tags": [
"Programs"
],
"description": "The Structured Scopes endpoint enables you to retrieve a list of all structured_scopes of the program.<br/><br/>\n\nStructured Scopes can be fetched by sending a GET request to the structured_scopes endpoint. When the\nrequest is successful, the API will respond with paginated [structured_scope objects](/hacker-reference#structured-scope).\n",
"parameters": [
{
"name": "handle",
"in": "path",
"required": true,
"description": "The handle of the program.",
"schema": {
"type": "string"
}
},
{
"name": "page[number]",
"in": "query",
"schema": {
"default": 1,
"type": "integer"
},
"required": false,
"description": "The page to retrieve from. The default is set to 1."
},
{
"name": "page[size]",
"in": "query",
"schema": {
"default": 25,
"type": "integer"
},
"required": false,
"description": "The number of objects per page (currently limited from 1 to 100). The default is set to 25."
}
],
"responses": {
"200": {
"description": "structured scopes found",
"content": {
"application/json": {
"examples": {
"example_0": {
"value": {
"data": [
{
"id": "<id>",
"type": "structured-scope",
"attributes": {
"asset_type": "URL",
"asset_identifier": "https://api.hackerone.com",
"eligible_for_bounty": true,
"eligible_for_submission": true,
"instruction": "This is our API",
"max_severity": "critical",
"created_at": "<date>",
"updated_at": "<date>",
"confidentiality_requirement": "high",
"integrity_requirement": "high",
"availability_requirement": "high"
}
}
],
"links": {
"self": "http://api.test.host/v1/hackers/programs/acme/structured_scopes?page%5Bsize%5D=1",
"next": "http://api.test.host/v1/hackers/programs/acme/structured_scopes?page%5Bnumber%5D=2&page%5Bsize%5D=1",
"last": "http://api.test.host/v1/hackers/programs/acme/structured_scopes?page%5Bnumber%5D=3&page%5Bsize%5D=1"
}
}
}
},
"schema": {
"type": "object",
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/structured-scope"
}
}
},
"required": [
"data"
]
}
}
}
}
}
}
},
"/hackers/programs/{handle}/weaknesses": {
"get": {
"summary": "Get Weaknesses",
"x-last-revised-date": "2023-09-07",
"tags": [
"Programs"
],
"description": "The Weakness endpoint enables you to retrieve a list of all weaknesses of the program.<br/><br/>\n\nWeaknesses can be fetched by sending a GET request to the weaknesses endpoint. When the\nrequest is successful, the API will respond with paginated [weakness objects](/hacker-reference#weakness).\n",
"parameters": [
{
"name": "handle",
"in": "path",
"required": true,
"description": "The handle of the program.",
"schema": {
"type": "string"
}
},
{
"name": "page[number]",
"in": "query",
"schema": {
"default": 1,
"type": "integer"
},
"required": false,
"description": "The page to retrieve from. The default is set to 1."
},
{
"name": "page[size]",
"in": "query",
"schema": {
"default": 25,
"type": "integer"
},
"required": false,
"description": "The number of objects per page (currently limited from 1 to 100). The default is set to 25."
}
],
"responses": {
"200": {
"description": "weaknesses found",
"content": {
"application/json": {
"examples": {
"example_0": {
"value": {
"data": [
{
"id": "1337",
"type": "weakness",
"attributes": {
"name": "Cross-Site Request Forgery (CSRF)",
"description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
"created_at": "2016-02-02T04:05:06.000Z",
"external_id": "cwe-352"
}
},
{
"id": "1338",
"type": "weakness",
"attributes": {
"name": "SQL Injection",
"description": "The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",
"created_at": "2016-03-02T04:05:06.000Z",
"external_id": "cwe-89"
}
}
],
"links": {}
}
}
},
"schema": {
"type": "object",
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/weakness"
}
}
},
"required": [
"data"
]
}
}
}
}
}
}
},
"/hackers/programs": {
"get": {
"summary": "Get Programs",
"x-last-revised-date": "2023-09-07",
"tags": [
"Programs"
],
"description": "This API endpoint allows you to query a paginated list of [program](/hacker-reference#program) objects.\n",
"parameters": [
{
"name": "page[number]",
"in": "query",
"schema": {
"default": 1,
"type": "integer"
},
"required": false,
"description": "The page to retrieve from. The default is set to 1."
},
{
"name": "page[size]",
"in": "query",
"schema": {
"default": 25,
"type": "integer"
},
"required": false,
"description": "The number of objects per page (currently limited from 1 to 100). The default is set to 25."
}
],
"responses": {
"200": {
"description": "programs found",
"content": {
"application/json": {
"examples": {
"example_0": {
"value": {
"data": [
{
"id": 9,
"type": "program",
"attributes": {
"handle": "acme",
"name": "acme",
"currency": "usd",
"profile_picture": "/assets/global-elements/add-team.png",
"submission_state": "open",
"triage_active": null,
"state": "public_mode",
"started_accepting_at": null,
"number_of_reports_for_user": 0,
"number_of_valid_reports_for_user": 0,
"bounty_earned_for_user": 0,
"last_invitation_accepted_at_for_user": null,
"bookmarked": false,
"allows_bounty_splitting": false,
"offers_bounties": true,
"open_scope": true,
"fast_payments": true,
"gold_standard_safe_harbor": false
}
}
],
"links": {}
}
}
},
"schema": {
"type": "object",
"properties": {
"data": {
"type": "array",
"items": {
"$ref": "#/components/schemas/program"
}
},
"links": {
"$ref": "#/components/schemas/links"
}
},
"required": [
"data"
]
}
}
}
}
}
}
},
"/hackers/programs/{handle}": {
"get": {
"summary": "Get Program",
"x-last-revised-date": "2023-09-07",
"tags": [
"Programs"
],
"description": "A program object can be fetched by sending a GET request\nto a unique program object. When the request is successful, the API\nwill respond with a [program object](/hacker-reference#program).\n\n**NOTE**\n\nIf you want to fetch all structured_scopes for a program you can use\n[get structured scopes](/hacker-resources#programs-get-structured-scopes) API endpoint.\n",
"parameters": [
{
"name": "handle",
"in": "path",
"required": true,
"description": "The handle of the program. Find the program handle by [fetching your programs](/hacker-resources#programs-get-your-programs)",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "program found",
"content": {
"application/json": {
"examples": {
"example_0": {
"value": {
"data": {
"id": 9,
"type": "program",
"attributes": {
"handle": "acme",
"name": "acme",
"currency": "usd",
"profile_picture": "/assets/global-elements/add-team.png",
"submission_state": "open",
"triage_active": null,
"state": "public_mode",
"started_accepting_at": null,
"number_of_reports_for_user": 0,
"number_of_valid_reports_for_user": 0,
"bounty_earned_for_user": 0,
"last_invitation_accepted_at_for_user": null,
"bookmarked": false,
"allows_bounty_splitting": false,
"offers_bounties": true,
"open_scope": true,
"fast_payments": true,
"gold_standard_safe_harbor": false
},
"relationships": {
"structured_scopes": {
"data": []
}
}
}
}
}
},
"schema": {
"type": "object",
"properties": {
"data": {
"$ref": "#/components/schemas/program"
}
},
"required": [
"id"
]
}
}
}
}
}
}
},
"/hackers/reports": {
"post": {
"summary": "Create Report",
"x-last-revised-date": "2023-09-07",
"tags": [
"Reports"
],
"description": "This API endpoint can be used to submit reports to a specific team on the\nHackerOne platform. When the API call is successful, a [report object](/\nhacker-reference#report) will be returned.\n",
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"data": {
"type": "object",
"description": "The information to create a report.",
"properties": {
"type": {
"type": "string",
"enum": [
"report"
]
},
"attributes": {
"type": "object",
"properties": {
"team_handle": {
"type": "string",
"description": "The handle of the team that the report is being submitted to."
},
"title": {
"type": "string",
"description": "The title of the report."
},
"vulnerability_information": {
"type": "string",
"description": "Detailed information about the vulnerability including the steps to reproduce as well as supporting material and references."
},
"impact": {
"type": "string",
"description": "The security impact that an attacker could achieve."
},
"severity_rating": {
"$ref": "#/components/schemas/severity-ratings",
"description": "The severity rating of the security vulnerability."
},
"weakness_id": {
"type": "integer",
"description": "The ID of the weakness object that describes the type of the potential issue."
},
"structured_scope_id": {
"type": "integer",
"description": "The ID of the structured scope object that describes the attack surface."
}
},
"required": [
"team_handle",
"title",
"vulnerability_information",
"impact"
]
}
},
"required": [
"type",
"attributes"
]
}
},
"required": [
"data"
]
}
}
}
},
"parameters": [],
"responses": {
"201": {
"description": "report created",
"content": {
"application/json": {
"examples": {
"example_0": {
"value": {
"data": {
"id": "1337",
"type": "report",
"attributes": {
"title": "XSS in login form",
"state": "new",
"created_at": "2021-06-30T09:59:37.783Z",
"vulnerability_information": "Soo much vuln\n\n## Impact\n\nSoo much impact",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": "2021-06-30T09:59:38.294Z",
"first_program_activity_at": "2021-06-30T09:59:38.294Z",
"last_program_activity_at": "2021-06-30T09:59:38.294Z",
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"reporter_agreed_on_going_public_at": null,
"last_public_activity_at": "2021-06-30T09:59:38.294Z",
"last_activity_at": "2021-06-30T09:59:38.294Z",
"cve_ids": []
},
"relationships": {
"reporter": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "hacker",
"name": "Hacker",
"disabled": false,
"created_at": "2021-05-28T11:27:05.082Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"bio": "Hacker.",
"website": "https://example.com",
"location": "Hackland",
"hackerone_triager": false
}
}
},
"program": {
"data": {
"id": "1337",
"type": "program",
"attributes": {
"handle": "security",
"created_at": "2013-01-01T00:00:00.000Z",
"updated_at": "2021-06-25T10:04:59.678Z"
}
}
},
"severity": {
"data": {
"id": "74",
"type": "severity",
"attributes": {
"rating": "high",
"author_type": "User",
"user_id": 1337,
"created_at": "2021-06-30T09:59:38.029Z"
}
}
},
"swag": {
"data": []
},
"attachments": {
"data": []
},
"weakness": {
"data": {
"id": "1337",
"type": "weakness",
"attributes": {
"name": "Cross-Site Request Forgery (CSRF)",
"description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
"external_id": "cwe-352",
"created_at": "2021-05-28T11:26:59.604Z"
}
}
},
"activities": {
"data": []
},
"bounties": {
"data": []
},
"summaries": {
"data": []
}
}
}
}
}
},
"schema": {
"type": "object",
"properties": {
"data": {
"$ref": "#/components/schemas/report"
}
},
"required": [
"data"
]
}
}
}
}
}
}
},
"/hackers/reports/{id}": {
"get": {
"summary": "Get Report",
"x-last-revised-date": "2023-09-07",
"tags": [
"Reports"
],
"description": "A report object can be fetched by sending a GET request to a unique report object.\nIn case the request was successful, the API will respond with a\n[report object](/hacker-reference#report).<br/><br/>\n\nThe following report relationships are included: [reporter](/hacker-reference#user),\nassignee (a [user](/hacker-reference#user) or [group](/hacker-reference#group)),\n[program](/hacker-reference#program), [weakness](/hacker-reference#weakness),\n[severity](/hacker-reference#severity), [bounties](/hacker-reference#bounty),\n[swag](/hacker-reference#swag),[activities](/hacker-reference#activity),\n[attachments](/hacker-reference#attachment), [structured scope](/hacker-reference#structured-scope) and [summaries](/hacker-reference#summary)\n",
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"description": "The ID of the report.",
"schema": {
"type": "integer"
}
}
],
"responses": {
"200": {
"description": "report found",
"content": {
"application/json": {
"examples": {
"example_0": {
"value": {
"data": {
"id": "1337",
"type": "report",
"attributes": {
"title": "XSS in login form",
"state": "new",
"created_at": "2016-02-02T04:05:06.000Z",
"vulnerability_information": "...",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": null,
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"source": null
},
"relationships": {
"reporter": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"assignee": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "member",
"name": "Member",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
},
"program": {
"data": {
"id": "1337",
"type": "program",
"attributes": {
"handle": "security",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z"
}
}
},
"severity": {
"data": {
"id": "57",
"type": "severity",
"attributes": {
"rating": "high",
"author_type": "User",
"user_id": 1337,
"created_at": "2016-02-02T04:05:06.000Z",
"score": 8.7,
"attack_complexity": "low",
"attack_vector": "adjacent",
"availability": "high",
"confidentiality": "low",
"integrity": "high",
"privileges_required": "low",
"user_interaction": "required",
"scope": "changed"
}
}
},
"swag": {
"data": []
},
"attachments": {
"data": []
},
"weakness": {
"data": {
"id": "1337",
"type": "weakness",
"attributes": {
"name": "Cross-Site Request Forgery (CSRF)",
"description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
"external_id": "cwe-352",
"created_at": "2016-02-02T04:05:06.000Z"
}
}
},
"structured_scope": {
"data": {
"id": "57",
"type": "structured-scope",
"attributes": {
"asset_identifier": "api.example.com",
"asset_type": "url",
"confidentiality_requirement": "high",
"integrity_requirement": "high",
"availability_requirement": "high",
"max_severity": "critical",
"created_at": "2015-02-02T04:05:06.000Z",
"updated_at": "2016-05-02T04:05:06.000Z",
"instruction": null,
"eligible_for_bounty": true,
"eligible_for_submission": true,
"reference": "H001001"
}
}
},
"activities": {
"data": [
{
"type": "activity-comment",
"id": "445",
"attributes": {
"message": "Comment!",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"internal": false
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
},
"signal": null,
"impact": null,
"reputation": null,
"bio": null,
"website": null,
"location": null,
"hackerone_triager": false
}
}
},
"attachments": {
"data": [
{
"id": "1337",
"type": "attachment",
"attributes": {
"expiring_url": "/system/attachments/files/000/001/337/original/root.rb?1454385906",
"created_at": "2016-02-02T04:05:06.000Z",
"file_name": "root.rb",
"content_type": "text/x-ruby",
"file_size": 2871
}
}
]
}
}
},
{
"id": "1337",
"type": "activity-bug-resolved",
"attributes": {
"message": "Bug Resolved!",
"created_at": "2016-02-02T04:05:06.000Z",
"updated_at": "2016-02-02T04:05:06.000Z",
"internal": false
},
"relationships": {
"actor": {
"data": {
"id": "1337",
"type": "user",
"attributes": {
"username": "api-example",
"name": "API Example",
"disabled": false,
"created_at": "2016-02-02T04:05:06.000Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
}
}
}
]
},
"bounties": {
"data": []
},
"summaries": {
"data": []
},
"triggered_pre_submission_trigger": {
"data": {
"id": "1337",
"type": "trigger",
"attributes": {
"title": "Example Trigger"
}
}
},
"custom_field_values": {
"data": []
},
"automated_remediation_guidance": {
"data": {
"id": "1",
"type": "automated-remediation-guidance",
"attributes": {
"reference": "https://cwe.mitre.org/data/definitions/120.html",
"created_at": "2020-10-23T12:09:37.859Z"
}
}
},
"custom_remediation_guidance": {
"data": {
"id": "84",
"type": "custom-remediation-guidance",
"attributes": {
"message": "Check buffer boundaries if accessing the buffer in a loop and make sure you are not in danger of writing past the allocated space.",
"created_at": "2020-10-26T08:47:23.296Z"
},
"relationships": {
"author": {
"data": {
"id": "1338",
"type": "user",
"attributes": {
"username": "api-example-2",
"name": "API Example 2",
"disabled": false,
"created_at": "2020-10-22T011:22:05.402Z",
"profile_picture": {
"62x62": "/assets/avatars/default.png",
"82x82": "/assets/avatars/default.png",
"110x110": "/assets/avatars/default.png",
"260x260": "/assets/avatars/default.png"
}
}
}
}
}
}
}
}
}
}
}
},
"schema": {
"type": "object",
"properties": {
"data": {
"$ref": "#/components/schemas/report"
}
},
"required": [
"data"
]
}
}
}
}
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment