The call returns a list of the Veracode user accounts in your organization.

Before using this API, Veracode strongly recommends that you read API Usage and Access Guidelines.

Resource URL


Non-human user accounts require the Admin API role to use this call. Human user accounts require the Administrator role to use this call.


There are no required parameters but if you want to filter the list, use any of the following parameters:

first_name String.
last_name String.
custom_id String.
email_address Valid email address.
login_account_type user or api.
phone String.
teams Comma-delimited string. This filter only returns users matching all the listed team names.
roles Comma-delimited string. Case-sensitive. You can filter on theses human user roles: Administrator, Creator, Executive, Mitigation Approver, Policy Administrator, Reviewer, Security Lead, Submitter, Security Insights, eLearning. This filter only returns users that match all of the listed teams.

You can apply scan permissions to these types of scans: Static Analysis, DynamicDS, DynamicMP, Discovery, manual, and Dynamic Analysis.

is_saml_user true or false.
login_enabled true or false.
requires_token true or false.
is_elearning_manager true or false.
elearning_manager String. The first and last name (not the username) of the eLearning manager. For example, Mary Doe.
elearning_track String. The eLearning track name.
elearning_curriculum String. The eLearning curriculum name.
keep_elearning_active true or false.
custom_one String. Custom field.
custom_two String. Custom field.
custom_three String. Custom field.
custom_four String. Custom field.
custom_five String. Custom field.


 curl --compressed -u <VeracodeUsername>
 -F "login_enabled=true" -F
          "roles=Creator,Submitter" > userlist.xml 


The call returns a comma-delimited list of usernames in the userlist XML document, which references the userlist.xsd. Additional userlist.xsd schema documentation is available. Use the XSD file to validate the XML data.