The call returns generateflawreport.xml, which contains the token you need for downloading the flaw report. The flaw report lists all fixed and unfixed flaws for the specified applications and/or scan type.

Before using this API, Veracode strongly recommends that you read API Usage and Access Guidelines.

Resource URL


You need the Archer API role to use this call.


app_id_list Integer. Optional. Comma-separated.
scan_type String. Optional. Values include:
  • static
  • dynamic
  • manual


curl --compressed -u <VeracodeUsername>:<VeracodePassword>
          "app_id_list=12266,12267,12269,12270" -F "scan_type=dynamic"


The call initiates the process of generating the generateflawreport XML document, which references the archerreportrequest.xsd. Additional archerreportrequest.xsd schema documentation is available. Use the XSD file to validate the XML data. The returned XML contains the token string you need to retrieve the report, when it is available, using the call. The following is an example of the returned XML.

<archerreport xmlns:xsi="" xmlns="" xsi:schemaLocation=" https://localhost:18443/resource/1.0/archerreportrequest.xsd" token="5a1b163a-d340-48e6-9170-e5a77c4dc5e2" archer_report_version="3.0"></archerreport>