Skip to main content

Troubleshooting APIs and wrappers

This section helps you remedy common problems and understand how better to use Veracode APIs and wrappers.


Veracode APIs and integrations require access to specific Region Domains, depending on the region for your Veracode account. Contact your IT team to ensure the correct domains for your region are on the allowlist for your organization. Also, ensure that there is one-way communication on port 443 to the domain for the REST APIs. Refer to the complete list of domains and IP addresses to add to your allowlist.

API or wrapperIssueSolution
Any API or wrapperI received an HTTP 401 or Access Denied error. I do not have access to the APIs or I am unsure what kind of access I need.
You must have a Veracode account with the required API roles assigned by your Veracode administrator.
Ensure your Veracode API credentials are valid and have not expired. You can generate new credentials in the Veracode Platform.
Any APII cannot log in to Veracode when using the APIs.Ensure you have added the required domains for your Veracode account to the allowlist for your organization. Refer to the complete list of domains and IP addresses to add to your allowlist.
Verify that your IP address is in the list or range of addresses in the Allowed IP Addresses field of your user account login settings. If the IP range is set incorrectly, edit the Allowed IP Addresses field to include the IP address of the location of your login.
Any APIThe scan stopped after prescan.To determine why a scan that started from an API failed after prescan, review the response code returned from When your script calls, the API returns a status code that confirms the scan successfully started, or provides an error message to explain why the scan did not start.
Any APII received cURL error 35.If you receive the cURL error 35: Unknown SSL protocol error in connection to ..., you need to update your version of cURL. Alternatively, you can pass the option -3, which forces cURL to use SSL version 3 when negotiating with a remote SSL server.
Any wrapperI received a message that displays missing mandatory parameters.Provide all mandatory parameters in your call. If you do not provide all mandatory parameters, the wrapper returns the missing mandatory parameters in your console.
Any wrapperI cannot connect to Veracode through my proxy.If your organization uses a proxy for outbound connections, provide this information to the wrapper to successfully connect to Veracode.
Archer APISee Troubleshooting GRC integrations.
Dynamic Analysis APII need to open a support case with Veracode Technical Support.Provide this information to Veracode Technical Support:
  • API call you are trying to make.
  • Response error code. For example, 201 or 401.
  • Response body from the call.
  • Description of the error you receive.
  • The username and API ID for the account.
  • API ID.
  • Whether the API call is programmatic or by an application like Postman. If an application is calling the API, then provide the name of the application.
Java API wrapper or Veracode Jenkins PluginSee Troubleshooting CI/CD system integrations.
Java API wrapperI experience a PKIX path building failure when installing the plugin from Eclipse.Add these lines to the eclipse.ini file in your Eclipse installation directory:
-vmargs"path for cacerts""path for cacerts"
Flaw Report APII see HTTPS status code 204 when I try to call you try to call before has completed, you receive HTTP status code 204 to indicate no content is available. Try to download the report at a later time. After an excessively long time, if the Veracode Platform does not return the report, contact Veracode Technical Support.
Results APIThe call is slow to deliver information.Veracode recommends that you use to generate a list of all applications and to generate a list of all builds for an application. You can then use and to retrieve the information about specific applications and builds.
Upload APII do not know if the prescan is complete or successful.To check the prescan results in the Upload API, call
Upload APIMy scan does not complete due to non-fatal errors.If you want to ensure the scan completes even though there are non-fatal errors such as unsupported frameworks, ensure you use the scan_all_top_level_modules parameter when you use the call.
Upload API and IntegrationsI received a fatal error after prescan, which is preventing my static analysis from starting automatically.Before the next time your static analysis is scheduled to start automatically, you need to:
  1. Review the prescan results to identify the modules that have fatal errors.
  2. Resolve the errors.
Optionally, if you do not want to resolve the errors, you can:
  1. Update your uploaded files to remove the modules that have errors.
  2. Start the analysis manually.
If you have not added or deleted any modules since the last analysis that contained the fatal errors, the next automated analysis uses the same selected modules.
Any Plugin, Any APIWhen using either a Veracode plugin, the Veracode API wrappers, or a custom script, I see this returned in the output text: App not in state where new builds are allowed.This message indicates that a previous static scan did not succeed for the specific application. Log into the Veracode Platform and review the application's current scans to determine if the previous scan did not successfully complete. A previous scan may still be in progress. If a previous scan is still running due to an error, select Delete. You can then use the plugin to submit a new scan request.
Any Plugin, Any APII receive an error when an API or integration attempts to access Veracode.Ensure you have added the required domains for your Veracode account to the allowlist for your organization. Refer to the complete list of domains and IP addresses to add to your allowlist.