Target Policy

https://hackerone.com/1uphealth?type=team

---

Structured Scope

• Asset Identifier

  Asset Type

  Max Severity

• api.1up.health

  ---

  Our documentation can be found here - https://1up.health/docs/api/rest-api-reference

  URL

  critical
• analytics.1up.health

  URL

  critical
• patient-app.1up.health

  ---

  To get started, create a 1upHealth developer account: https://developer.1up.health/

  URL

  critical
• app.1up.health

  ---

  We are not accepting any more issues for app.1up.health. It is being sunsetted.

  URL

  none
• developer.1up.health

  ---

  We are not accepting any more issues for developer.1up.health. It is being sunsetted.

  URL

  none
• 1up.health

  ---

  For issues regarding the domain itself, feel free to submit issues. For issues regarding the actual website, it is not considered a critical asset and will not rewarded for anything major.

  URL

  critical
• api.1updemohealthplan.com

  ---

  This environment is a representative of one of our customer environments. The API is exactly the same as our api.1up.health, so if something is found in the API, you do not get double bounty. However, you are welcome to look for any security misconfigurations, unauthorized access, etc in this domain.

  URL

  critical

Target Scope Domains

• 1up.health
• analytics.1up.health
• api.1up.health
• api.1updemohealthplan.com
• patient-app.1up.health

• 34 Subdomains
• 1922 Endpoints
• Download wordlist

---

Last Finished Scan:

---