Create a Dynamic Analysis with Authentication

Veracode APIs

The Dynamic Analysis API enables you to use auto-login, basic authentication, and form-based login with a login script.

To create an analysis of multiple URLs with authentication, make a POST call to https://api.veracode.com/was/configservice/v1/analyses, specifying the authentication details.

The following are examples of the different types of authentication you can use with a Dynamic Analysis:

Auto-login
{
  "name": "Veracode API Scan test Auto-Login",
  "scans": [
    {
      "scan_config_request": {
        "target_url": {
          "url": "http://www.example.com",
          "http_and_https": true,
          "directory_restriction_type": "DIRECTORY_AND_SUBDIRECTORY"
        },
        "auth_configuration": {
          "authentications": {
            "AUTO": {
              "username": "user",
              "password": "pass",
              "authtype": "AUTO"
            }
          }
        }
      }
    }
  ],
  "schedule": {
    "now": true,
    "duration": {
      "length": 1,
      "unit": "DAY"
    }
  }
}          
Client Certificate
{
  "name": "Veracode Client cert",
  "scans": [
    {
      "scan_config_request": {
        "target_url": {
          "url": "http://www.example.com",
          "http_and_https": true,
          "directory_restriction_type": "DIRECTORY_AND_SUBDIRECTORY"
        },
        "auth_configuration": {
          "authentications": {
            "CERT": {
              "cert_name": "Cert-name.p12",
              "password": "Password",
              "base64_pkcs12": "<base64 encoded p12 cert>",
              "authtype": "CERT"
            }
          }
        }
      }
    }
  ],
  "schedule": {
    "now": true,
    "duration": {
      "length": 1,
      "unit": "DAY"
    }
  }
}
Basic Authentication
{
  "name": "Veracode API BASIC Auth",
  "scans": [
    {
      "scan_config_request": {
        "target_url": {
          "url": "http://www.example.com",
          "http_and_https": true,
          "directory_restriction_type": "DIRECTORY_AND_SUBDIRECTORY"
        },
        "auth_configuration": {
          "authentications": {
            "BASIC": {
              "username": "username",
              "password": "pass",
              "authtype": "BASIC"
            }
          }
        }
      }
    }
  ],
  "schedule": {
    "now": true,
    "duration": {
      "length": 1,
      "unit": "DAY"
    }
  }
}
Form-Based Login with Login Script
Note: Before you paste the crawl script into the API body, you must escape the JSON. If you need assistance, use the JSON escape utility available at https://jsonformatter.orghttps://jsonformatter.org.
{
  "name": "Veracode Form Based login test API",
  "scans": [
    {
      "scan_config_request": {
        "target_url": {
          "url": "http://www.example.com",
          "http_and_https": true,
          "directory_restriction_type": "DIRECTORY_AND_SUBDIRECTORY"
        },
        "auth_configuration": {
          "authentications": {
            "FORM": {
              "script_file": "example-login-script.side",
              "login_script_data": {
                "script_body": "<escaped JSON>",
                "script_type": "SELENIUM"
              },
              "authtype": "FORM"
            }
          }
        }
      }
    }
  ],
  "schedule": {
    "now": true,
    "duration": {
      "length": 1,
      "unit": "DAY"
    }
  }
}