Skip to main content

Create an API user in the Veracode Platform

You can configure two types of user accounts that can access the Veracode APIs: user accounts and API service accounts.

A user account with the required role permissions can access the Results XML API, Upload XML API, and the Mitigation and Comments XML API.

In addition, if you have the Administrator role, you can define users who can only access the Veracode APIs. These users are only able to sign in to the Veracode Platform to manage their account and API credentials. For all other tasks, these users must use the Veracode APIs.

To complete this task:

  1. Click the gear icon in the upper-right corner of the Veracode Platform and, then, select Admin.

  2. On the Users tab, click Add New User.

  3. Enter a descriptive first and last name.

  4. Select the Non-Human User checkbox.


    You cannot change an existing user account to an API service account. You must create a new user account and select the Non-Human User checkbox.

  5. Provide a valid email address for the API service account. Veracode uses this email address to send notifications about error messages, password expirations, and other automated success and error messages.

  6. Optionally, define the IP range restrictions for the user.

  7. In the User Roles section, select the APIs that you want the API service account to access.

  8. Click Save to create and enable the user. The user receives an activation email.

Before a user can access the APIs, they must activate their account, generate API credentials, and enable HMAC authentication.


If the IP range is set incorrectly, the API user is not able to log in. If you do not know the IP range for the API user, use the activity log to see the IP address from which the API user is attempting to log in, then grant access to that IP range.

Resetting password for an API user

The process for requesting a password reset is the same for user accounts and API service accounts.