API Changelog

Stay up to date on the API including versioning, new data and improvements

Subscribe to API specific updates at https://docs.bugcrowd.com/feed/changelogs/api_webhook.xml.

Jul 11th, 2024
Mar 27th, 2024
Feb 12th, 2024
Feb 9th, 2024
Jan 11th, 2024
Jul 4th, 2023
Apr 28th, 2022
Mar 8th, 2022

Deprecation of Generic Header Usage for Legacy (v3) API

  • Generic accept header not supported for legacy (v3) API

Mar 8th, 2022

Support for Generic Accept Headers on Current Version

  • The current API version will now accept Generic Accept Header

Feb 17th, 2022
Jan 27th, 2022
Dec 15th, 2021

API code examples

  • API code examples

Nov 29th, 2021

Auth token must be marked legacy to use the legacy (v3) API

  • Auth token must be marked legacy to use the legacy (v3) API

Nov 17th, 2021

New token deprecation warning for the legacy (v3) API

  • The legacy (v3) API will now 404 if used with a new auth token

Nov 9th, 2021

New field and button to copy raw request body from webhook delivery page

  • New field and button to copy raw request body from webhook delivery page

Oct 28th, 2021
Apr 16th, 2021

Updated with VRT 1.10

  • Introduced a variant for OAuth Accounting Squatting classified as a P4

  • Secure Code Warrior developed a VRT mapping to their developer training

  • Improved
  • Extended support for Automotive categorization, developed in collaboration with Stellantis.

  • Downgraded all Flash-based entries to a rating of P5

  • Improved existing remediation advice for a number of entries

  • Simplified Weak Login Function entries with a baseline severity rating of P4

Mar 11th, 2021

Bugfix for state filter on /submissions

  • Filtering for submissions in new state does not return any

Jan 25th, 2021
Jan 20th, 2021
Nov 19th, 2020
Sep 1st, 2020

API Token usage

  • Visibility into usage of API tokens across the team

Mar 14th, 2019

Updating to VRT 1.7

  • Automative Security Misconfiguration category

  • Sensitive Data Exposure > Weak Password Reset Implementation > Token Leakage via Host Header Poisoning as a new P2 variant, which is consistent with how this issue has been triaged by Bugcrowd’s Application Security Engineers so far.

  • Two new P4’s related to 2FA Secret Management

  • Improved
  • Remediation Advice links to latest OWASP Documentation

Feb 16th, 2019

Comparison Operators for Dates

  • Tokenized date search

Dec 17th, 2018

File Support Update

  • Platform supports 100MB for all file uploads

Nov 2nd, 2018
Oct 26th, 2018
Aug 7th, 2018
Jul 2nd, 2018
Jun 19th, 2018

Updating to VRT 1.4

Oct 4th, 2017

Introducing VRT 1.3

  • VRT v1.3 is shipped

Sep 1st, 2017

Advanced API Documentation

  • New API docs are available.

  • created_at DateTime within the Comment Object

Jul 26th, 2017

VRT Goes Open Source

  • VRT gem is now open sourced