The createuser call creates a new human user account. You can create a human user account with this call only if you are logged in from a non-human API user account. If you want to create a non-human API user account, you must create it in the Veracode Platform.

Before using this API, Veracode strongly recommends that you read API Usage and Access Guidelines.

Resource URL


Non-human user accounts require the Admin API role to use this call. Human user accounts require the Administrator role to use this call.


first_name String. Required.
last_name String. Required.
email_address String. Required.
is_saml_user true or false. You can only update this parameter if your account is SAML-enabled.
custom_id String. Required for SAML users and is the SAML username.
login_enabled Boolean. Optional.
phone String. Optional.
requires_token Boolean. Optional.
roles Comma-delimited string. Required. Case-sensitive. You can only pass the following human user roles: Administrator, Creator, Executive, Greenlight IDE User, Mitigation Approver, Policy Administrator, Reviewer, Security Lead, Submitter, Security Insights, eLearning, Vendor Manager, Delete Scans, Sandbox Administrator, or Sandbox User. You cannot pass any of the non-human API user roles. If you use either the Creator, Security Lead, or Submitter role, Veracode automatically applies the Any Scan scan permission to the scans.

You can apply scan permissions to these types of scans: Static Analysis, DynamicDS, DynamicMP, Discovery, manual, and Dynamic Analysis.

teams Comma-delimited string. Optional. Case-sensitive. If the user creating a new login account has team membership restrictions, specified teams must be in the Team Memberships list of that user.
title String. User title or position.


 curl --compressed -u <VeracodeUsername>
          "first_name=testUserFirstName" -F "last_name=testUserLastName" -F
          "" -F "teams=Engineers" -F "roles=Creator,Submitter,Any
          Scan, eLearning">userinfo.xml 


The call returns the userinfo XML document, which references the userinfo.xsd. Additional userinfo.xsd schema documentation is available. Use the XSD file to validate the XML data.