Bug Bounties

Omise

Powered by: 

Allows bounty splitting: 

Average time to first program response: 48

Average time to bounty awarded null: 970

Average time to report resolved: 468

Handle omise

Managed program: false

Name: Omise

Offers bounties: true

Offers swag: false

Response efficiency percentage: 75

Submission state: open

Url: https://hackerone.com/omise

Website: https://www.omise.co

In scope:

  • Asset identifier: api.omise.co
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://api.omise.co Omise API handles all operations except token creation. No credit card is ever transmitted to the API. The API can charge cards, capture charges, perform refunds, create transfers, among many others. All API endpoints can be found in our Documentation at https://www.omise.co/api-reference
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: co.omise.omise
  • Asset type: APPLE_STORE_APP_ID
  • Availability requirement: low
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: We also offer an iOS application to our merchants for a better mobile experience as an alternative to our dashboard page. https://itunes.apple.com/th/app/omise/id1170479422?ls=1&mt=8
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: co.omise.omise
  • Asset type: GOOGLE_PLAY_APP_ID
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Omise Alipay Android application: https://play.google.com/store/apps/details?id=co.omise.pay
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: dashboard.omise.co
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://dashboard.omise.co Web Dashboard where merchants signin, signup and view all information for their accounts. Some actions are also possible to be run from the dashboard, such as refunding a charge or creating a transfer withdraw.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: dashboard2.omise.co
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://dashboard2.omise.co New Version2 of Web Dashboard where merchants signin, signup and view all information for their accounts. Some actions are also possible to be run from the dashboard, such as refunding a charge or creating a transfer withdraw.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: github.com
  • Asset type: SOURCE_CODE
  • Availability requirement: low
  • Confidentiality requirement: low
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://github.com/omise
  • Integrity requirements: medium
  • Max severity: high



  • Asset identifier: link.omise.co
  • Asset type: URL
  • Availability requirement: low
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://link.omise.co Omise Links redirect. This page displays a form of payment for links created on dashboard or API.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: linksplus-dashboard.omise.co
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: low
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: low
  • Max severity: high



  • Asset identifier: offsite.omise.co
  • Asset type: URL
  • Availability requirement: low
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://offsite.omise.co Internet Banking redirect application.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: vault.omise.co
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://vault.omise.co Omise vault is used only for receiving credit cards data and exchanging it for a token which can be used to charge a card or create a permanent card on file (customer) for recurring charges. https://www.omise.co/tokens-api
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: www.omise.co
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: low
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://www.omise.co Omise Informational and Documentation main website.
  • Integrity requirements: low
  • Max severity: high