How i got 100$ bounty

hi everyone my self sai,

its my first writeup sorry if you found any mistakes in my English.

its bugcrowd public program and its ecommerce related. and it has widescope.

lets name it has example.com.

like every bughunter, first i was started with subdomain enumeration.

after enumeration i started looking for intersting subdomains.

i found api.example.com. i know every bug hunter already tested this subdomain. but i thought “every software have a bug when you think widely”. i start exploring the subdomain.

first i read the api docs of that subdomain.

then i start looking into waybackurls for api.example.com endpoints

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

here i suggest the chrome extension (xnl Reveal ).

explore it . you definitely got something new.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -

coming back to our topic, i manually checked every endpoint.but nothing

i got.

here main note is:

“try to understand the what is the purpose of this api “