Skip to main content

Manage API specifications in the Veracode Platform

You use the API Specification Management tab in the Veracode Platform to upload, update, and permanently delete your API specifications or Postman Collections.

You can also upload an API specification with the REST API.

Before you begin:

  • You have a Veracode account with the Creator, Submitter, or Security Lead role. Any member of the team associated with the Dynamic Analysis is able to view the analysis and its results.
  • You have removed any API specification you want to update or delete from the associated analyses.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Scans and Analysis > Dynamic Analysis.
  3. Select API Specification Management.
  4. To upload a new API specification, select Upload API Specification. To manage an existing specification, locate it in the API Specification Management table and select from the following actions in the Actions column.
ActionDescription
View API Specification Details eye_icon.pngOpens a read-only window with detailed information about the API scanning configuration for the selected specification. The Associated Analysis field provides a list of analyses to which this specification is associated. You can select an analysis to view additional information, including options for reconfiguring and rerunning an analysis.
Update pencil_icon.pngUpdate the following configuration settings for the selected specification.
  • Rename the specification. If you do not enter a name for the API specification, by default, the Veracode Platform uses the filename of the uploaded specification.
  • Delete the specification file attached to the configuration and replace it with a different file. Depending on the size of your specification file, the upload might take several seconds to complete. Also, the Veracode Platform shows messages about any issues with the specification, such as unsupported file format, invalid syntax, or an issue with the relative URL.
  • For OpenAPI specifications and Postman Collections, you can add or update a custom base URL, which Veracode uses to identify the server to use during scanning. OpenAPI 2.0 and Postman Collection only support a single server, while OpenAPI 3.0 and HAR files support multiple servers. You typically use these servers to select different environments, such as a production instance and a staging environment, or multiple production instances located in different regions.
  • Change the visibility of the specification to either Security Leads only or both Security Leads and specific teams. After you add the specification to an analysis, you cannot change its visibility.
Delete trash_icon.pngPermanently delete the API specification and its configuration settings from Veracode. You cannot undo this action or recover the deleted specification file or its configuration settings.

Next steps:

Associate the API specification to a new or existing analysis.

Last updated on