Your program’s administrative users can create and manage API tokens for testing or utilizing the HackerOne API. The API token identifier and value are used as the username and password for HTTP Basic authentication.
Generating a Token
Go to Organization Settings > API Tokens.
Click Create API Token.
Enter an identifier for the new API token.
Select the groups you want to add this token to. When no groups are selected, the user will be added to the organization without any access rights. The API token will inherit the permissions of the group you add it to.
Click Add API token
Store the generated API token.
Click I have stored the API Token.
Once you've generated your API token, you'll receive a confirmation email stating that you’ve created a new API token. To learn more about the HackerOne API, check out our API docs.
Editing API Groups
To add or edit groups for your API token, click the kebab menu (three vertical dots), then click Edit api token.
Click the Manage groups for this API token button to add or remove groups. You can also toggle Organization Admin permissions on or off through the prompt at the top of the page.
Note: h1 as a username prefix is locked and restricted to HackerOne employees only. This means that effective December 2022, HackerOne users will no longer be able to use h1 at the beginning of handles; this includes usernames and program handles. API tokens may use the h1 prefix.