Data from integration saved in HackEDU

For this integration, we make a request to https://api.hackerone.com/v1/me/programs and get the list of programs you have registered in your HackerOne account. We only save the id of the programs you choose in the integration process from this response.

{ 
"data": [
{
"id": "49409",
"type": "program",
"attributes": "[REDACTED]"
},
....
],
"links": {}
}


Each time the sync process is run we make an api call to https://api.hackerone.com/v1/programs/:programId and get the handle code of your program. None of the data from this endpoint is saved.

Next, we make a call to https://api.hackerone.com/v1/reports where we just fetch the information of the programs you selected in the integration process. We save the full response except for the attributes.vulnerability_information field (the report body), which may contain sensitive data we do not need.

{ 
"id": "908194",
"type": "report",
"attributes": {
"title": "Demo report: XSS in HackEDU home page",
"state": "new",
"created_at": "2020-06-25T18:08:39.104Z",
"vulnerability_information": "[REDACTED]",
"triaged_at": null,
"closed_at": null,
"last_reporter_activity_at": "2020-06-28T18:08:40.161Z",
"first_program_activity_at": null,
"last_program_activity_at": null,
"bounty_awarded_at": null,
"swag_awarded_at": null,
"disclosed_at": null,
"reporter_agreed_on_going_public_at": null,
"last_public_activity_at": "2020-06-28T18:08:40.161Z",
"last_activity_at": "2020-06-28T18:08:40.161Z",
"source": null,
"timer_bounty_awarded_elapsed_time": null,
"timer_bounty_awarded_miss_at": null,
"timer_first_program_response_miss_at": null,
"timer_first_program_response_elapsed_time": null,
"timer_report_resolved_miss_at": null,
"timer_report_resolved_elapsed_time": null,
"timer_report_triage_miss_at": null,
"timer_report_triage_elapsed_time": null
}
Did this answer your question?