The API Report CardAPI Index
BugHerd

BugHerd API

Visual website feedback & bug tracking for agencies and web teams · bugherd.com

BugHerd ships a fully public REST v2 API with self-serve API keys and webhooks for task and comment events. Auth is HTTP Basic with a static key and no OAuth, and bulk jobs run into the 60 requests per minute sliding window. There is no OpenAPI spec and no official SDK.

Last verified: July 2026Software & Data Tools
API GRADE
B+
VERIFIED JUL 2026

SCORECARD

ExistenceGOODFully documented public REST v2 API, JSON over HTTPS, at docs.bugherd.com and api.bugherd.com.
AccessGOODSelf-serve: the API key lives in account settings. Webhook-based apps can request elevated rate limits from support.
CoverageGOODProjects, tasks with status, assignee, and severity filters, comments, users, and webhook subscriptions.
AuthPOORHTTP Basic with a static API key and no OAuth or scoped per-user tokens; rotating the key means updating every integration.
Docs & DXPOORNo OpenAPI spec and no official SDKs in any language; docs are HTML-only, so clients are hand-written.
StabilityGOODv2 is current with v1 deprecated. One footgun: a receiver answering 410 gets its webhook silently removed.
Supergood: BugHerd shipped a real API. Most vendors don't; we ship near-native APIs for the rest.

Frequently asked questions

BugHerd scores B+ on the API Report Card. BugHerd ships a fully public REST v2 API with self-serve API keys and webhooks for task and comment events. Auth is HTTP Basic with a static key and no OAuth, and bulk jobs run into the 60 requests per minute sliding window. There is no OpenAPI spec and no official SDK.

Tried to integrate with BugHerd?
SOURCES
60 req/min sliding window with 10-burst cap is restrictive for bulk export, full-history migration, and reporting jobs; large organizations hit 429s during nightly syncs docs.bugherd.com
HTTP Basic auth with a static API key (and literal `x` as password), no OAuth, no scoped tokens, no per-user keys; key rotation requires updating every integration docs.bugherd.com
No OpenAPI/Swagger spec, clients must be hand-written or rely on community libraries (e.g., spekkionu/bugherd on GitHub) github.com
No official SDKs in Node, Python, Ruby, Go, or .NET; community libraries are sparse and not always maintained apitracker.io
Webhook payloads have no documented signing/HMAC secret in the public docs, verifying authenticity of incoming events is non-trivial docs.bugherd.com
410 Gone auto-removes a webhook, which is footgun-prone, a temporarily mis-deployed receiver can silently lose its subscription docs.bugherd.com
429 responses include limited backoff metadata (no `Retry-After` header documented), forcing client-side guesswork docs.bugherd.com
Two-way sync into Jira/Asana/ClickUp is implemented as separate first-party integrations rather than via the public API; custom integrators have to re-implement state reconciliation themselves g2.com
No bulk endpoints (no batch task create/update); each entity is one HTTP call, amplifying rate-limit pressure docs.bugherd.com
API does not expose all UI fields (e.g., some custom-tag and severity metadata historically gated to the web UI); forces browser-automation workarounds for edge cases github.com
Approved-app rate-limit increases require an email to support@bugherd.com rather than self-serve developer portal, slow turnaround for ISVs docs.bugherd.com
No developer portal, app marketplace, or OAuth-app registration model, third-party integrators cannot publish a one-click 'connect BugHerd' install bugherd.com
Screenshots intermittently fail to capture, especially during rapid pin creation; pin coordinates can land in the wrong location on the page g2.com
Captured screenshots open in a new window rather than inline, slowing triage g2.com
Steep learning curve for non-technical clients; browser-extension-vs-snippet setup confuses first-time users capterra.com
No built-in time tracking; agencies have to bolt on Harvest/Toggl/Clockify capterra.com
Jira integration is fragile, field mappings break, two-way sync occasionally drops updates, SCORM-hosted content has rendering issues g2.com
Email notifications are inconsistent, users miss new bug reports because alerts don't fire capterra.com
Guest/reviewer access is limited, guests can't see overall project status, forcing manual report exports g2.com
Seats are account-wide, not per-project, agencies juggling many active projects over-buy seats capterra.com
Per-seat pricing scales aggressively: Standard 5 seats $42/mo → Deluxe 50 seats $229/mo → Enterprise ~$199+/mo for 100+; ~400% jump as agencies grow rightfeature.com
Reporting/analytics is thin, limited cross-project dashboards, no native time-in-status, no SLA reporting trustradius.com
Mobile/responsive feedback workflow is weaker than desktop; capturing bugs on mobile breakpoints is fiddly marker.io
Side panel/extension can interfere with the host site's JS in edge cases (z-index, event handlers, frameworks like Vue/React with shadow DOM) support.bugherd.com