Instruction: **Tier 1 Asset**
* What it does: Gojek iOS and Android apps communicate with this service while you use Gojek. This endpoint acts as an API gateway proxy to all of our services. This API exposes the largest attack surface of any service here at Gojek.
* Please keep in mind that you should only ever perform this testing against accounts you own, failure to do so could result in ban from the program, which nobody wants.
*Note that all of api.gojekapi.com will be considered Tier 1, with the exception if it's coming from go-tix.id (Tier 2)*
Integrity requirements:
Max severity: critical
Asset identifier: *.gopayapi.com
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: **Tier 1 Asset**
Integrity requirements:
Max severity: critical
Asset identifier: *.mab.co.id
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: **Tier 2 Asset**
Integrity requirements:
Max severity: critical
Asset identifier: 1573529788
Asset type: APPLE_STORE_APP_ID
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: **Tier 1 Asset**
[Download GoPartner App on the Apple App Store](https://apps.apple.com/app/gopartner/id1573529788)
Integrity requirements:
Max severity: critical
Asset identifier: 944875099
Asset type: APPLE_STORE_APP_ID
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: **Tier 1 Asset**
[Download Gojek App on the Apple App Store](https://apps.apple.com/app/gojek/id944875099)
Integrity requirements:
Max severity: critical
Asset identifier: api.gojek.co.id
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: **Tier 1 Asset**
*Note that all of api.gojek.co.id will be considered Tier 1, with the exception if it's coming from go-tix.id (Tier 2)*
Integrity requirements:
Max severity: critical
Asset identifier: com.gojek.app
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: **Tier 1 Asset**
[Download Gojek App on the Android Play Store ](https://play.google.com/store/apps/details?id=com.gojek.app)
Integrity requirements:
Max severity: critical
Asset identifier: com.gojek.partner
Asset type: GOOGLE_PLAY_APP_ID
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: **Tier 1 Asset**
[Download GoPartner App on the Android Play Store ](https://play.google.com/store/apps/details?id=com.gojek.partner)
Integrity requirements:
Max severity: critical
Asset identifier: https://go-tix.id/
Asset type: URL
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: **Tier 2 Asset**
Please note that any vulnerabilities found on Tier 1 API assets that are coming from go-tix.id will be considered as a Tier 2.
