Getting Started


The Veracode REST and XML APIs mirror the major steps you complete on the Veracode Platform, automating the scanning, reviewing, mitigating, and administrative tasks. To understand how the APIs work, it is recommended that you familiarize yourself with the Veracode Platform workflow for scanning applications before you use the APIs.

The intended users of the Veracode APIs are developers who are members of the software development team responsible for performing the security checks on the software code. The objective of the APIs is to enable developers who work in rapid build and test cycles to fully automate security verification for entire software portfolios, and to integrate with internal build and bug-tracking systems. Instead of manually using the platform to go through the individual steps of configuring and submitting a scan request then reviewing the results, you can integrate the API calls directly into your IDE and build system code to scan early and often.

Note: Before you begin using the XML APIs, ensure you have the correct permissions to use the APIs. Your Veracode user account must have API permissions to be able to access and use the APIs.

Veracode XML APIs

The Veracode XML APIs are web APIs, each having a defined set of HTTP request messages that return structured response messages in XML. Some previous knowledge of how APIs function is recommended.

Veracode REST APIs

The Veracode REST APIs follow the OpenAPI industry standard specification. These APIs return JSON instead of XML, and require authentication using HMAC.

You can access Veracode REST APIs using a tool that supports Veracode HMAC authentication, including the Java or Python authentication libraries.
Note: Using the Veracode REST APIs requires the use of the Veracode API ID and Key credentials.