The call returns a generated XML report when it is available. This report lists all fixed and unfixed flaws for the specified applications and/or scan type.

Before using this API, Veracode strongly recommends that you read API Usage and Access Guidelines.

Resource URL


You need the Archer API role to use this call.


token Universally unique identifier (UUID). Optional. Obtain this token from the XML report returned by calling

You can use this token to download that flaw report. Tokens are limited to the five most recent reports and expire after 30 days.

If you do not provide a token, the call returns the latest report produced by, if one exists.


curl --compressed -u <VeracodeUsername>:<VeracodePassword>
 taken from
          generateflawreport XML> flawreport.xml


The call returns the flaw report XML document, which references archerreport.xsd. Additional archerreport.xsd schema documentation is available. Use the XSD file to validate the XML data.