About API Roles

Veracode Administration

This section describes the non-API user roles that your user account must have before you can use the APIs to automate specific tasks.

If you are a member of a team, the team's access to specific accounts also determines your permissions.

To use the Upload, Results, and Mitigation and Comments APIs, you must select one of these checkboxes:
  • API Service Account checkbox and the respective API user roles, or
  • The respective non-API user roles (user account), such as Reviewer or Security Lead.

Archer Report API

API Role User Account Role Tasks
Archer Report Submitter
  • Run Archer reports
  • View reports

Admin API

If you intend to use the Admin API to create a new user account, you must pass the role parameters and the scan type permissions.
Note: The role parameters for the user account are case-sensitive.
The user role parameters are:
  • Administrator
  • Creator
  • Executive
  • Mitigation Approver
  • Policy Administrator
  • Reviewer
  • Security Lead
  • Submitter
  • Security Insights
  • eLearning
The scan permission types are:
  • Static Scan
  • Dynamic Scan
  • Manual Scan
  • Discovery Scan
  • DynamicMP Scan
  • All Scan Types
Note: When the visbility for an application is set to Teams & Security Leads, before a user account can access the application using the Veracode APIs, that account must have the Reviewer, Creator, or Submitter user roles and be a member of the specified team.
API Role User Account Role Tasks
Admin Security Lead, Creator, or Submitter, depending on the task you want to perform.
  • Create login account
  • Access Admin API
  • Delete team
  • Create a curriculum
  • Application portfolio
  • Manage account level Elearning
  • Assign application to any team
  • Assign application to team
  • Edit team
  • Create team
  • Edit login account
  • Delete login account

Greenlight API

The Greenlight API User role is only available to organizations with active Veracode Greenlight subscriptions.
API Role User Account Role Tasks
Greenlight API User Greenlight IDE User
  • Submit code for Greenlight scans
  • Review Greenlight scan results

Mitigation and Comments API

API Role User Account Role Tasks
Mitigation and Comments Mitigation Approver and either Reviewer or Security Lead Approve or reject proposed mitigations
Mitigation Reviewer or Security Lead
  • View results
  • Update results
  • Approve or reject proposed mitigations

Results API

API Role User Account Role Tasks
Results Reviewer or Security Lead
  • View reports
  • View results
  • Export custom data
  • View the list of sandboxes
  • Access Results API
  • Download build and application results data, and summary and detailed reports

Upload and Scan API

API Role User Account Role Tasks
Upload and Scan

Security Lead, Creator, or Submitter, depending on the task you want to perform.

A user with the Creator role can only create application profiles for teams in which the Creator is a member. The Submitter role can submit a scan request. The Security Lead role can perform all tasks. API users need the Upload and Scan API role to create a new application using Veracode Static for Visual Studio and to create sandboxes using the Veracode Jenkins Plugin.

  • Ability to enable applications for next day consultations for Creation and Update
  • Change business criticality of the application
  • Delete a sandbox scan
  • Create a sandbox scan for an application
  • Change the Archer name of an application
  • Manage policies
  • Create a sandbox in an application
  • View the list of sandboxes in an application
  • Create a policy scan for an application
  • Create a new application
  • Delete an application
  • Delete a policy scan
  • Submit a pipeline scan
  • Use the Dynamic Analysis REST API

Upload API - Submit Only

This role can also create and delete scan requests, and has the ability to edit builds before rescanning the application. However, this role does not allow users to create new applications, including users of the Veracode integrations.
API Role User Account Role Tasks
Upload - Submit only Submitter
  • Create a new build for an existing application profile
  • Upload files to a build
  • Begin prescan
  • Check prescan status
  • Submit scan request
  • Delete a policy scan

  • Delete a sandbox scan
  • Create a policy scan
  • Create a sandbox scan
  • Submit a pipeline scan
  • View the list of sandboxes