Reverse engineering, use of undocumented API endpoints


Continuing the discussion from Group DM support via the APIs?:

This is a good discussion although heading off-topic, so I’m starting a new one :slight_smile: if anything it suggests that we could probably clarify the wording around this the next time we revise the policy and agreement. Thanks for the really helpful input!

(you’re right that we do indeed accept reports of security issues, via HackerOne)