Many of Bugcrowd’s customers are heavy users of the API, and use it extensively to integrate crowdsourced security into their workflows. As we roll out the new API to everybody, we want to ensure that customers have control and visibility to the usage of their API tokens. Especially for decentralized organizations, it is important for your Security team to know who’s using the API tokens and when.
To address this, the platform now provides details of API key usage, including the IP address and time stamp of last use. This audit log is currently available to Org Owner roles on Bugcrowd and applies to current and future use of the Bugcrowd API.