Courier

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.ct0.app URL high high high critical
The ct0.app domains are used for click-through tracking.
api.trycourier.app URL high high high critical
This API is used by Courier customers to programmatically send notifications to their users; this is the core use case for our product, without which Courier is of limited value.
www.trycourier.app URL medium high high critical
This is our web application, which customers use to design & configure the notifications they will send via our API.
www.trycourier.com URL low none medium high
This is our public-facing website. It is a static site, and open source: https://github.com/trycourier/website
api.courier.com URL high high high critical
This API is used by Courier customers to programmatically send notifications to their users; this is the core use case for our product, without which Courier is of limited value.
www.courier.com URL low none medium high
This is our public-facing website. It is a static site, and open source: https://github.com/trycourier/website

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
docs.courier.com URL none
Our technical documentation portal, hosted by Readme.com.
help.courier.com URL none
Our user-documentation portal, hosted by Intercom.
status.courier.com URL none
updates.courier.com URL none