Understanding API Roles

This section describes the non-API user roles that your user account must have before you can use the APIs to automate specific tasks.

If you are a member of a team, the access of the team to specific accounts also determines your permissions.

To use the Upload, Results, and Mitigation and Comments APIs, you must select one of these checkboxes:

• API Service Account checkbox and the respective API user role
• The respective non-API user roles (user account), such as Reviewer or Security Lead

Archer Report API

API Role	User Account Role	Tasks
Archer Report	Submitter	Run Archer reports View reports

Admin API

If you intend to use the Admin API to create a new user account, you must pass the role parameters and the scan type permissions.

note

The role parameters for the user account are case-sensitive.

The user role parameters are:

• Administrator
• Creator
• Executive
• Mitigation Approver
• Policy Administrator
• Reviewer
• Security Lead
• Submitter
• Security Insights
• eLearning

The scan permission types are:

• Static Scan
• Dynamic Scan
• Manual Scan
• All Scan Types

note

When the visibility for an application is set to Teams & Security Leads, before a user account can access the application using the Veracode APIs, that account must have the Reviewer, Creator, or Submitter user roles and be a member of the specified team.

API Role	User Account Role	Tasks
Admin	Security Lead, Creator, or Submitter, depending on the task you want to perform.	Create login account Access Admin API Delete team Create a curriculum Application portfolio Manage account level eLearning Assign application to any team Assign application to team Edit team Create team Edit login account Delete login account

Greenlight API

The Greenlight API User role is only available to organizations with active Veracode Greenlight subscriptions.

API Role	User Account Role	Tasks
Greenlight API User	Greenlight IDE User	Submit code for Greenlight scans Review Greenlight scan results

Mitigation and Comments API

API Role	User Account Role	Tasks
Mitigation	Reviewer or Security Lead	View results Update results Approve or reject proposed mitigations

Results API

API Role	User Account Role	Tasks
Results	Reviewer or Security Lead	View reports View results Export custom data View the list of sandboxes Access Results API Download build and application results data, and summary and detailed reports

Upload and Scan API

API Role	User Account Role	Tasks
Upload and Scan	Security Lead, Creator, or Submitter, depending on the task you want to perform. A user with the Creator role can only create application profiles for teams in which the Creator is a member. The Submitter role can submit a scan request. The Security Lead role can perform all tasks. API users need the Upload and Scan API role to create a new application using Veracode Static for Visual Studio and to create sandboxes using the Veracode Jenkins Plugin.	Ability to enable applications for next day consultations for Creation and Update Change business criticality of the application Delete a sandbox scan Create a sandbox scan for an application Change the Archer name of an application Manage policies Create a sandbox in an application View the list of sandboxes in an application Create a policy scan for an application Create a new application Delete an application Delete a policy scan Submit a pipeline scan Use the Dynamic Analysis REST API

Upload API - Submit Only

This role can also create and delete scan requests, and has the ability to edit builds before rescanning the application. However, this role does not allow users to create new applications, including users of the Veracode integrations.

API Role	User Account Role	Tasks
Upload - Submit only	Submitter	Create a new build for an existing application profile Upload files to a build Begin prescan Check prescan status Submit a scan Delete a policy scan Delete a sandbox scan Create a policy scan Create a sandbox scan Submit a pipeline scan View the list of sandboxes