Airtable

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.staging-airtableblocks.com URL critical
*.staging.airtable.com URL critical
staging.airtable.com URL critical
api-staging.airtable.com URL critical
Go to https://staging.airtable.com/account to generate an API key. See https://staging.airtable.com/api for API documentation per base.
airtable.js SDK (https://www.npmjs.com/package/airtable) SOURCE_CODE critical
- Install `airtable.js` via `npm install airtable` - Visit https://staging.airtable.com/account and generate an API key - Create a new Javascript file and add the following lines: ```javascript const Airtable = require('airtable'); const airtable = new Airtable({ apiKey: 'PUT YOUR API KEY HERE', endpointUrl: 'https://api-staging.airtable.com', // IMPORTANT: you MUST set the endpointUrl attribute to this URL, or else you will be testing on airtable.com, which is out of scope }); ``` See https://staging.airtable.com/api for instructions on how to use the API, as well as [the source code on Github](https://github.com/airtable/airtable.js) Please note that reports about outdated/vulnerable dependencies flagged by `npm audit` or `yarn audit` are **out of scope**. Vulnerabilities discovered via manual code audits are acceptable.

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
Airtable Windows app OTHER none
The Airtable Windows app is available for download at: https://staging.airtable.com/downloads
Airtable macOS app OTHER none
The Airtable macOS app is available for download at: https://staging.airtable.com/downloads
airtable.com URL none
This is production environment. All testing should be performed against staging.airtable.com.
blog.airtable.com URL none
com.FormaGrid.Hyperbase APPLE_STORE_APP_ID none
Airtable's iOS is not in-scope for bounties.
com.formagrid.airtable GOOGLE_PLAY_APP_ID none
dl.airtable.com URL none
dl.getforma.com URL none
guide.airtable.com URL none
support.airtable.com URL none
community.airtable.com URL none