HackerOne

API

Industry-first hacker API to boost bug bounty hunting productivity

Overview

The HackerOne API is a RESTful interface designed to streamline bug bounty workflows. It uses JSON for all requests/responses, with endpoints for browsing public/private programs, submitting vulnerability reports, accessing hacker profiles, and managing bounties. Use cases include automating program discovery, integrating report management into security tools, building custom researcher dashboards, and optimizing team collaboration on fixes. It requires OAuth2 authentication, with rate limits for free users. Ideal for researchers to enhance productivity and organizations to improve bug bounty program efficiency.

Example Integration (JavaScript)

script.js JS


fetch('https://api.hackerone.com/')
  .then(res => res.json())
  .then(data => console.log(data))
  .catch(err => console.error(err));

Key Features

RESTful Architecture
JSON Support
OAuth2 Authentication
Program & Report Endpoints
Workflow Automation

Frequently Asked Questions

? Is the HackerOne API free to use?

Yes, it offers a free tier for public program access and basic features; advanced capabilities (like private program data) require a paid plan.

? Does it require authentication?

Yes, it uses OAuth2 for secure access—users need to generate client credentials from their HackerOne account.

? What is the response format?

All responses are in JSON, compatible with most programming languages and security tools.

Top Alternatives

Tool Info

Pricing Freemium

Category Security

Platform Public API

Pros

⊕ Boosts bug hunting productivity
⊕ Integrates with security tools
⊕ Access to diverse programs
⊕ Secure authentication

Cons

⊖ Rate-limited free tier
⊖ Premium for private programs
⊖ Steep learning curve
⊖ Requires account approval