About Licensing for API Scanning

Getting Started with Veracode API Scanning

API Scanning requires a Dynamic Analysis license. Veracode uses target URLs in your license to determine the number of API specifications you can scan. Each target URL equates to a unique API server defined in your specifications. When you upload a specification in the Veracode Platform, it imports the URLs of the defined API servers.

During a specification scan, Veracode detects the target API server and deducts it from the number of target URLs available in your license. If a specification has multiple servers defined, you can select the server you want to use when configuring the scan. If you scan a specification using a defined server and then scan that same specification using a different server, Veracode treats both servers as separate target URLs and deducts both target URLs from your license.

Ensure your Dynamic Analysis license has an adequate number of target URLs for the number of API specifications you want to scan. To obtain or change a Dynamic Analysis license, contact your Veracode sales representative.