The Bugcrowd API provides two different authentication schemes: token auth and basic auth.

Access tokens and basic auth credentials are provisioned on a per-user basis and provide authorization to resources based on the user's role.

Multiple access tokens can be provisioned per user, and it is possible to revoke access to a token whenever needed by the deleting that token.

Bugcrowd enforces API rate limits to 60 requests / minute / IP Address.

Provisioning Credentials

To provision an access credentials, log in to Bugcrowd and browse to the API Credentials page by clicking on your profile picture and selecting API Credentials from the drop-down menu.


Enter a descriptive name for the credentials, usually the name of the application you will be creating to access the API, then click Create API Credentials.

A section will be displayed containing both basic auth and token auth credentials. Please record these credentials before leaving the page, they are only displayed upon creation and won't be viewable after the page is refreshed.

Note: the authorization tokens used in this reference are example tokens only, you will need to generate your own tokens for use with the API.


Token Authentication

To access the API using token authentication, use the provided Authorization request header:

curl --include \
     --header "Accept: application/vnd.bugcrowd+json" \
     --header "Authorization: Token gvnzkgmklo:gPYS2SMN3zJ_k-QAEvyMAcr_PqsGlA-vJ2voA7ysZ635GlT_VZdr2Sg3_YCctkM3SwnBtDCn" \

Basic Authentication

To access the API using basic authentication, use the provided username and password. In this example we're using curl's - -user option:

curl --include \
     --header "Accept: application/vnd.bugcrowd+json" \
     --user "gvnzkgmklo:gPYS2SMN3zJ_k-QAEvyMAcr_PqsGlA-vJ2voA7ysZ635GlT_VZdr2Sg3_YCctkM3SwnBtDCn" \