You can configure two types of user accounts that can access the Veracode APIs: user accounts and API service accounts.
In addition, if you have the Administrator role, you can define users who can only access the Veracode APIs. These users are only able to log into the Veracode Platform to manage their Veracode account and Veracode API credentials. For all other tasks, these users must use the Veracode APIs.
To configure an API service account:
- Click the gear icon in the upper-right corner of the Veracode Platform and, then, select Admin.
- On the Users tab, click Add New User.
- Enter a descriptive first and last name.
- Select the Non-Human User checkbox. Note: You cannot change an existing user account to an API service account. You must create a new user account and select the Non-Human User checkbox.
- Provide a valid email address for the API service account. Veracode uses this email address to send notifications about error messages, password expirations, and other automated success and error messages.
- Optionally, define the IP range restrictions for the user.
- In the User Roles section, select the APIs that you want the API service account to access.
- Click Save to create and enable the user.
After saving the account, the user receives an activation email. After activating the account, before the user can use the Veracode APIs, they must generate Veracode API credentials and enable HMAC authentication.
If the IP range is set incorrectly, the API user is not able to log in. If you do not know the IP range for the API user, use the Activity Log to see the IP address from which the API user is attempting to log in, then grant access to that IP range.
Resetting Password for an API User
The process for requesting a password reset is the same for user accounts and API service accounts.