Skip to main content

Create a policy with the REST API

Send the following request to create a policy:

http --auth-type=veracode_hmac POST “” < input.json

The API passes the JSON file that you populate with the necessary values as shown in this example payload:

"name": "TestPolicy",
"type": "BLACKLIST",
"description": "Policy to test create endpoint in end-to-end testing",
"vendor_policy": false,
"finding_rules": [
"type": "MAX_SEVERITY",
"scan_type": [
"value": "3"
"scan_type": [
"value": "14212"

The example payload specifies to create a policy with two policy rules:

  • MAX_SEVERITY rule that specifies to apply a finding-severity rating of 3 to all dynamic analysis, manual testing, and static analysis scans.
  • BLACKLIST rule that specifies to apply the blocklist for the organization, based on the organization ID, to all SCA scans.

Policy API rules properties describes each of the rule properties.