Managing API Users

Administration Guide

You can define two types of users who can access Veracode APIs, human and non-human users. Human Veracode users can access the Veracode Results XML API, Using the Upload XML API, and Mitigation and Comments XML API if they have the necessary role permissions.

In addition, if you have the Administrator role, you can define users who can only access the Veracode APIs. These users are only able to log into the Veracode Platform to manage their Veracode account and API credentials and must do everything else via the APIs.

To configure a non-human user for API access:

  1. Click the gear icon in the upper-right corner of the Veracode Platform, and select Admin.
  2. In the Users tab, click Add New User.
  3. Give the user a descriptive first and last name.
  4. Select the Customer API (Non-Human User) checkbox.
    Note: You cannot update an existing human user account to become an API user. You must start by adding a new user, and selecting the Customer API (Non-Human User) checkbox.
  5. Set and confirm the password for the API user.
    Note: This password must follow the password policy in every way.
  6. Provide a valid email address for the API user. This email address is used to send error messages, password expiration notifications, and other automated success and error messages.
  7. Optionally, define the IP range restrictions for the user.
  8. Select the APIs to which the API user is to have access in the User Roles section.
  9. Click Save to create and enable the user.


If the IP range is set incorrectly, the API user is not able to log in. If you do not know the IP range for the API user, use the Activity Log to see the IP address from which the API user is attempting to log in, then grant access to that IP range.