The Dynamic Analysis API enables you to use auto-login, basic authentication, and form-based login with a login script.
To create an analysis of multiple URLs with authentication, make a POST call to https://api.veracode.com/was/configservice/v1/analyses, specifying the authentication details.
The following are examples of the different types of authentication you can use with a Dynamic Analysis:
Auto-login
{ "name": "Veracode API Scan test Auto-Login", "scans": [ { "scan_config_request": { "target_url": { "url": "http://www.example.com", "http_and_https": true, "directory_restriction_type": "DIRECTORY_AND_SUBDIRECTORY" }, "auth_configuration": { "authentications": { "AUTO": { "username": "user", "password": "pass", "authtype": "AUTO" } } } } } ], "schedule": { "now": true, "duration": { "length": 1, "unit": "DAY" } } }
Client Certificate
{ "name": "Veracode Client cert", "scans": [ { "scan_config_request": { "target_url": { "url": "http://www.example.com", "http_and_https": true, "directory_restriction_type": "DIRECTORY_AND_SUBDIRECTORY" }, "auth_configuration": { "authentications": { "CERT": { "cert_name": "Cert-name.p12", "password": "Password", "base64_pkcs12": "<base64 encoded p12 cert>", "authtype": "CERT" } } } } } ], "schedule": { "now": true, "duration": { "length": 1, "unit": "DAY" } } }
Basic Authentication
{ "name": "Veracode API BASIC Auth", "scans": [ { "scan_config_request": { "target_url": { "url": "http://www.example.com", "http_and_https": true, "directory_restriction_type": "DIRECTORY_AND_SUBDIRECTORY" }, "auth_configuration": { "authentications": { "BASIC": { "username": "username", "password": "pass", "authtype": "BASIC" } } } } } ], "schedule": { "now": true, "duration": { "length": 1, "unit": "DAY" } } }
Form-Based Login with Login Script
Note: Before you paste the crawl script into the API
body, you must escape the JSON. If you need assistance, use the JSON escape utility
available at https://jsonformatter.orghttps://jsonformatter.org.
{ "name": "Veracode Form Based login test API", "scans": [ { "scan_config_request": { "target_url": { "url": "http://www.example.com", "http_and_https": true, "directory_restriction_type": "DIRECTORY_AND_SUBDIRECTORY" }, "auth_configuration": { "authentications": { "FORM": { "script_file": "example-login-script.side", "login_script_data": { "script_body": "<escaped JSON>", "script_type": "SELENIUM" }, "authtype": "FORM" } } } } } ], "schedule": { "now": true, "duration": { "length": 1, "unit": "DAY" } } }