Veracode provides API users with additional secure credentials.
Veracode API user accounts can access APIs and plugins using the ID and key credentials. In addition, if you use single sign-on with SAML, you can use the ID and key credentials instead of using a separate Veracode Platform API user account to access the APIs.
Using the Veracode API ID and key is the preferred authentication method for accessing the APIs and provides improved security and session management. You can generate and use the Veracode ID and key credentials for both human and non-human user accounts. Authentication using only your username and password is supported. However, the use of username and password with a human user account can result in conflicts between API sessions and sessions in the Veracode Platform. Veracode recommends that you use the API ID and key credentials.
After you create API ID and key credentials, you can use these credentials to automatically sign in to Veracode APIs and plugins without using a separate API user account to be able to access the APIs. You can only have one API ID and key pair at a time per Veracode user. If you create new credentials, the previous ones are automatically revoked. An administrator can revoke user credentials at any time.
Veracode sends an email notifying you when your API credentials are expiring one week before the expiration date and another one the day before the expiration date.