The Bugcrowd API provides two different authentication schemes: token auth and basic auth.
Access tokens and basic auth credentials are provisioned on a per-user basis and provide authorization to resources based on the user's role.
Multiple access tokens can be provisioned per user, and it is possible to revoke access to a token whenever needed by the deleting that token.
Bugcrowd enforces API rate limits to 60 requests / minute / IP Address.
To provision an access credentials, log in to Bugcrowd and browse to the
API Credentials page by clicking on your profile picture and selecting
API Credentials from the drop-down menu.
Enter a descriptive name for the credentials, usually the name of the application you will be creating to access the API, then click
Create API Credentials.
A section will be displayed containing both
basic auth and
token auth credentials. Please record these credentials before leaving the page, they are only displayed upon creation and won't be viewable after the page is refreshed.
Note: the authorization tokens used in this reference are example tokens only, you will need to generate your own tokens for use with the API.
To access the API using token authentication, use the provided
Authorization request header:
curl --include \ --header "Accept: application/vnd.bugcrowd+json" \ --header "Authorization: Token gvnzkgmklo:gPYS2SMN3zJ_k-QAEvyMAcr_PqsGlA-vJ2voA7ysZ635GlT_VZdr2Sg3_YCctkM3SwnBtDCn" \ 'https://api.bugcrowd.com/bounties'
To access the API using basic authentication, use the provided username and password. In this example we're using curl's
- -user option:
curl --include \ --header "Accept: application/vnd.bugcrowd+json" \ --user "gvnzkgmklo:gPYS2SMN3zJ_k-QAEvyMAcr_PqsGlA-vJ2voA7ysZ635GlT_VZdr2Sg3_YCctkM3SwnBtDCn" \ 'https://api.bugcrowd.com/bounties'