API Tokens

Organizations: Generate API Tokens for your organization

Updated over a week ago

Your program’s administrative users can generate and manage API tokens to experiment with or use the HackerOne API. The API token identifier and value are used as the username and password for HTTP Basic authentication.

To generate an API token:

  1. Go to Organization Settings > API Tokens.

    API token screen

  2. Click Create API Token.

  3. Enter an identifier for the new API token.

    New API Token screen - Add API token

  4. Optional: Select the groups you want to add this token to. When no groups are selected, they only have read-only permissions. The default groups you can choose from are:




This group has Report and Reward permissions.


This group has Admin and Program permissions.

If your program has more groups, you can choose from those groups as well.

  1. Click Add API token

  2. Store the generated API token.

  3. Click I have stored the API Token.

API Token with warning to save

Once you've generated your API token, you'll receive a confirmation email stating that you’ve created a new API token. To learn more about the HackerOne API, check out our API docs.

Note: h1 as a username prefix is locked and restricted to HackerOne employees only. This means that effective December 2022, HackerOne users will no longer be able to use h1 at the beginning of handles; this includes usernames and program handles. API tokens may use the h1 prefix.

Did this answer your question?