Skip to main content

About API roles

This section describes the non-API user roles that your user account must have before you can use the APIs to automate specific tasks.

If you are a member of a team, the access of the team to specific accounts also determines your permissions.

To use the Upload, Results, and Mitigation and Comments APIs, you must select one of these checkboxes:

  • API Service Account checkbox and the respective API user role
  • The respective non-API user roles (user account), such as Reviewer or Security Lead

Archer Report API

API roleUser account roleTasks
Archer ReportSubmitter
  • Run Archer reports
  • View reports

Admin API

If you intend to use the Admin API to create a new user account, you must pass the role parameters and the scan type permissions.


The role parameters for the user account are case-sensitive.

The user role parameters are:

  • Administrator
  • Creator
  • Executive
  • Mitigation Approver
  • Policy Administrator
  • Reviewer
  • Security Lead
  • Submitter
  • Security Insights
  • eLearning

The scan permission types are:

  • Static Scan
  • Dynamic Scan
  • Manual Scan
  • All Scan Types

When the visibility for an application is set to Teams & Security Leads, before a user account can access the application using the Veracode APIs, that account must have the Reviewer, Creator, or Submitter user roles and be a member of the specified team.

API roleUser account roleTasks
AdminSecurity Lead, Creator, or Submitter, depending on the task you want to perform.
  • Create login account
  • Access Admin API
  • Delete team
  • Create a curriculum
  • View application portfolio
  • Edit organization
  • Create business unit
  • Delete business unit
  • Edit business unit
  • Manage account level eLearning
  • Assign application to any team
  • Assign application to team
  • Edit team
  • Create team
  • Edit login account
  • Delete login account

Greenlight API

The Greenlight API User role is only available to organizations with active Veracode Greenlight subscriptions.

API roleUser account roleTasks
Greenlight API UserGreenlight IDE User
  • Submit code for Greenlight scans
  • Review Greenlight scan results

Mitigation and Comments API

API roleUser account roleTasks
MitigationReviewer or Security Lead
  • View results
  • Update results
  • Approve or reject proposed mitigations

Results API

API roleUser account roleTasks
ResultsReviewer or Security Lead
  • View reports
  • View results
  • Export custom data
  • View the list of sandboxes
  • Access Results API
  • Download build and application results data, and summary and detailed reports

Reporting API

API roleUser account roleTasks
ReportingSecurity Lead, Executive, or Security Insights
  • View reports
  • Generate reports

Upload and Scan API

API roleUser account roleTasks
Upload and ScanSecurity Lead, Creator, or Submitter, depending on the task you want to perform.

A user with the Creator role can only create application profiles for teams in which the Creator is a member. The Submitter role can submit a scan request. The Security Lead role can perform all tasks. API users need the Upload and Scan API role to create a new application using Veracode Static for Visual Studio and to create sandboxes using the Veracode Jenkins Plugin.
  • Ability to enable applications for next day consultations for Creation and Update
  • Change business criticality of the application
  • Delete a sandbox scan
  • Create a sandbox scan for an application
  • Change the Archer name of an application
  • Manage policies
  • Create a sandbox in an application
  • Delete a sandbox
  • View the list of sandboxes in an application
  • Create a policy scan for an application
  • Create a new application
  • Delete an application
  • Delete a policy scan
  • Submit a pipeline scan
  • Use the Dynamic Analysis REST API

Upload API - Submit Only

This role can also create and delete scan requests, and has the ability to edit builds before rescanning the application. However, this role does not allow users to create new applications, including users of the Veracode integrations.

API roleUser account roleTasks
Upload - Submit onlySubmitter
  • Create a new build for an existing application profile
  • Upload files to a build
  • Begin prescan
  • Check prescan status
  • Submit a scan
  • Delete a policy scan
  • Delete a sandbox scan
  • Create a policy scan
  • Create a sandbox scan
  • Submit a pipeline scan
  • View the list of sandboxes