M
API Matrix

HackerOne API

Security / API Key Intermediate HTTPS
Varies by plan (check documentation)
77 Score
Grade B
Visit Official Site Compare Alternatives

Overview

HackerOne's API gives programmatic access to bug bounty program data, reports, and vulnerability information on the HackerOne platform. Developers and security teams can use it to automate report triage, track vulnerability status, and integrate bug bounty workflows into their existing tools. Access requires HackerOne credentials and is mainly aimed at program managers and researchers.

💡

Beginner Tip

Authenticate using HTTP Basic auth with your HackerOne username and an API token generated from your account settings — the API does not use a simple API key header. Start by listing programs to understand the data structure before fetching individual reports.

Available Data

HackerOne data via REST API
JSON-formatted response data
Requires API key authentication

Example Response

JSON Response 
{
  "status": "success",
  "data": {
    "result": "Data from HackerOne",
    "description": "The industry’s first hacker API that helps increase productivity towards creative bug bounty hunting",
    "timestamp": "2025-01-15T10:00:00Z"
  }
}

Field Reference

data.id Unique identifier for the resource (program, report, etc.).
data.type Resource type, such as "program" or "report".
data.attributes.state Current state of a report (e.g., new, triaged, resolved, closed).
data.attributes.severity_rating Severity of the vulnerability: none, low, medium, high, or critical.
data.attributes.bounty_amount Dollar amount awarded for the report, if a bounty has been paid.

Implementation Example 

const url = "https://api.hackerone.com/";
// Replace headers or query params with the values required by this API.
const response = await fetch(url, {
  headers: {
  "X-API-Key": "YOUR_API_KEY"
  }
});
if (!response.ok) throw new Error(`Request failed: ${response.status}`);
const data = await response.json();
console.log(data);

What Can You Build?

Note: These code examples are AI-generated and unverified. Always refer to the official API documentation for accurate usage.

Common Errors & Troubleshooting

401 Unauthorized Basic auth credentials are wrong or the API token has been revoked.
Regenerate your API token from HackerOne Settings > API Token and use it as the password in HTTP Basic auth.
403 Forbidden Your account does not have permission to access the requested program or report.
Ensure you are a member of the program and that your role grants access to the specific resource.
404 Not Found The report ID or program handle in the URL does not exist or is not accessible.
Double-check the program handle (e.g., "example_program") and report ID from the HackerOne web interface.

Matrix Score Breakdown

🌐 Reachability 30/30
⚡ Speed 10/20
🔒 Security 15/15
🛠 Developer XP 12/20
✓ Reliability 10/15

Partially tested on Apr 5, 2026

Technical Specifications

Auth API Key
HTTPS REQUIRED
CORS UNKNOWN
Category Security
Difficulty Intermediate
Verified: 2026-04-04

Similar APIs

View All →

Application Environment Verification

82

Application Environment Verification (AEV) is an Android library and API from FingerprintJS that checks whether a user device is safe to use.

API Key Intermediate HTTPS

BinaryEdge

82

BinaryEdge is a cybersecurity platform that continuously scans the entire internet and exposes the results through its API.

API Key Intermediate HTTPS

Botd

82

Botd is an open-source JavaScript library and API from FingerprintJS that detects whether a web visitor is a bot or a real human browser.

API Key Intermediate HTTPS

Bugcrowd

72

The Bugcrowd API gives you programmatic access to your organization's bug bounty program data, including submissions, rewards, and researcher profiles.

API Key Intermediate HTTPS

Censys

44

Censys is an internet-wide scanning platform that lets you search for any internet-connected host, device, or certificate using its REST API.

API Key Intermediate HTTPS