API Roles

APIs

The following tables outline which non-API user roles you must have to use APIs with a human user account to be able to automate specific tasks. If you are a member of a team, your permissions are also determined by the access of that team to specific accounts.

To use the Upload, Results, and Mitigation and Comments APIs, you must select one of the following checkboxes:
  • API Account checkbox (non-human account) and the respective API user roles, or
  • The respective non-API user roles (human account), such as Reviewer or Security Lead.

Archer Report API

API Role Human Account User Role Tasks
Archer Report Submitter
  • Run Archer reports
  • View reports

Admin API

If you intend to use the Admin API to create a new human user account, you have to pass the role parameters as well as the scan type permissions.
Note: The human user role parameters are case-sensitive.
The user role parameters are:
  • Administrator
  • Creator
  • Executive
  • Mitigation Approver
  • Policy Administrator
  • Reviewer
  • Security Lead
  • Submitter
  • Security Insights
  • eLearning
The scan permission types are:
  • Static Scan
  • Dynamic Scan
  • Manual Scan
  • Discovery Scan
  • DynamicMP Scan
  • All Scan Types
Note: When an application has its visibility set to Teams & Security Leads, then a human account with the Reviewer, Creator, or Submitter user role must be a member of the specified team to be able to access that application using the APIs.
API Role Human Account User Role Tasks
Admin Security Lead, Creator, or Submitter, depending on the task you want to perform.
  • Create login account
  • Access Admin API
  • Delete team
  • Create a curriculum
  • Application portfolio
  • Manage account level Elearning
  • Assign application to any team
  • Assign application to team
  • Edit team
  • Create team
  • Edit login account
  • Delete login accoun

Greenlight API

The Greenlight API User role is only available to organizations with active Veracode Greenlight subscriptions.
API Role Human Account User Role Tasks
Greenlight API User Greenlight IDE User
  • Submit code for Greenlight scans
  • Review Greenlight scan results

Mitigation and Comments API

API Role Human Account User Role Tasks
Mitigation and Comments Mitigation Approver AND either Reviewer or Security Lead Approve or reject proposed mitigations
Mitigation Reviewer or Security Lead
  • View results
  • Update results
  • Approve or reject proposed mitigations

Results API

API Role Human Account User Role Tasks
Results Reviewer or Security Lea
  • View reports
  • View results
  • Export custom data
  • View the list of sandboxes
  • Access Results API
  • Download build and application results data, and summary and detailed reports

Upload API

API Role Human Account User Role Tasks
Upload

Security Lead, Creator, or Submitter, depending on the task you want to perform.

The Creator role can create an application profile and the Submitter role can submit a scan request. The Security Lead role can perform all tasks. API users need the Upload API role to add a new application using the Veracode Visual Studio Extension and to create sandboxes using the Veracode Jenkins Plugin.

  • Ability to enable applications for next day consultations for Creation and Update
  • Change application assurance level
  • Delete a sandbox scan
  • Create a sandbox scan for an application
  • Change the Archer name of an application
  • Manage policies
  • Create a sandbox in an application
  • View the list of sandboxes in an application
  • Create a policy scan for an application
  • Create a new application
  • Delete an application
  • Delete a policy scan

Upload API - Submit Only

This role can also create and delete scan requests, and has the ability to edit builds before rescanning the application. However, this role does not allow users to create new applications, including users of the Veracode plugins.
API Role Human Account User Role Tasks
Upload - Submit only Submitter
  • Create a new build for an existing application profile
  • Upload files to a build
  • Begin prescan
  • Check prescan status
  • Submit scan request
  • Delete a policy scan

  • Delete a sandbox scan
  • Create a policy scan
  • Create a sandbox scan
  • View the list of sandboxes