Announcing the HackerOne API
We’re excited to announce the first version of our API is now available! The API augments the HackerOne interface to empower you to build the best bug bounty programs.
Every organization has specific metrics they rely on to measure the performance of its bug bounty program. The HackerOne API allows for custom metrics, beyond those found in HackerOne, and offers organizations access to raw report data and a powerful query interface to build custom dashboards. We have good news for organizations that run multiple programs: the API allows you to generate credentials that works across all your programs and can be used to combine the data of multiple programs at once.
Here are some of the use cases available now:
- Dashboards: generate your own custom internal dashboards
- Analysis: use the raw report information to do your own data analysis, for example to determine who to assign to a submission based on the contents of the report
- Efficiency: export a single report into your bug tracker to streamline the process for escalating a bug to your engineering team
- Metrics: use raw report data to calculate internal performance metrics for your bug bounty program
- Data Portability: unlimited access to all of your submissions and its activities, which allows you to create full backups of your data
The API documentation can be found at https://api.hackerone.com/docs/v1. The code examples in the documentation all work, so we encourage you to play around with it and see if the API is right for you. To get started today, please contact your customer success manager or email us at firstname.lastname@example.org.
We are just getting started and have additional features in the works for the API to help make your programs even more effective. The next iteration will focus on assigning one or multiple people to a report, closing a submission, and sending more frequent updates to our hackers.
If you have an API use case that you think we should know about or a feature request, please shoot us a message at email@example.com. We’re eager to get you started and hear about the cool integrations you build!
Oh, and to all hackers out there: the API is now included in the scope of our own bug bounty program. Do your best and let us know about the vulnerabilities you find!