Affirm

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
com.affirm.central.audit GOOGLE_PLAY_APP_ID high high high critical
This is the Android testing app built for HackerOne. It's distributed through Google Play Store.
com.affirm.internal.hackerone OTHER high high high critical
This is the testing iOS app built for HackerOne. It is distributed through Crashlytics.
http://hackerone.affirm-odin.com/ URL high high high critical
https://direct-hackerone.affirm-odin.com/ URL high high high critical
It is an example integration that demonstrates how our application integration works with a merchant. In general, websites will integrate with Affirm for payments. This domain is simply a testing site to show how the API works and to test the flow of taking out a loan for buying an item. It intentionally has no ACLs, or permissions. The endpoints that you access to at the end of a checkout emulate what websites who integrate with us have access to.
https://vcn-hackerone.affirm-odin.com/ URL high high high critical
It is an example integration that demonstrates how our application integration works with a merchant. In general, websites will integrate with Affirm for payments. This domain is simply a testing site to show how the API works and to test the flow of taking out a loan for buying an item. It intentionally has no ACLs, or permissions. The endpoints that you access to at the end of a checkout emulate what websites who integrate with us have access to.

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.affirm.com URL none