This section describes the non-API user roles that your user account must
have before you can use the APIs to automate specific tasks.
If you are a member of a team, the team's access to specific accounts also determines your
permissions.
To use the Upload, Results, and Mitigation and Comments APIs, you must select one of these
checkboxes:
- API Service Account checkbox and the respective API user roles,
or
- The respective non-API user roles (user account), such as Reviewer or Security Lead.
Archer Report API
API Role |
User Account Role |
Tasks |
Archer Report |
Submitter |
- Run Archer reports
- View reports
|
Admin API
If you intend to use the
Admin API to create
a new
user account, you must pass the role parameters and the scan type
permissions.
Note: The role parameters for the user account are
case-sensitive.
The user role parameters are:
- Administrator
- Creator
- Executive
- Mitigation Approver
- Policy Administrator
- Reviewer
- Security Lead
- Submitter
- Security Insights
- eLearning
The scan permission types are:
- Static Scan
- Dynamic Scan
- Manual Scan
- All Scan Types
Note: When the visibility for an application is set to
Teams & Security
Leads, before a user account can access the application
using the Veracode APIs, that account must have the Reviewer, Creator, or
Submitter user roles and be a member of the specified team.
API Role |
User Account Role |
Tasks |
Admin |
Security Lead, Creator, or Submitter, depending on the task you want to
perform. |
- Create login account
- Access Admin API
- Delete team
- Create a curriculum
- Application portfolio
- Manage account level Elearning
- Assign application to any team
- Assign application to team
- Edit team
- Create team
- Edit login account
-
Delete login account
|
Greenlight API
The Greenlight API User role is only available to organizations with active
Veracode Greenlight subscriptions.
API Role |
User Account Role |
Tasks |
Greenlight API User |
Greenlight IDE User |
- Submit code for Greenlight scans
- Review Greenlight scan results
|
Mitigation and Comments API
API Role |
User Account Role |
Tasks |
Mitigation and Comments |
Mitigation Approver and either Reviewer or Security Lead |
Approve or reject proposed mitigations |
Mitigation |
Reviewer or Security Lead |
- View results
- Update results
- Approve or reject proposed mitigations
|
Results API
API Role |
User Account Role |
Tasks |
Results |
Reviewer or Security Lead |
- View reports
- View results
- Export custom data
- View the list of sandboxes
- Access Results API
- Download build and application results data, and summary and detailed reports
|
Upload and Scan API
API Role |
User Account Role |
Tasks |
Upload and Scan |
Security Lead, Creator, or Submitter, depending on the task you want to perform.
A user with the Creator role can only create application profiles for teams in which the
Creator is a member. The Submitter role can submit a scan request. The Security Lead role
can perform all tasks. API users need the Upload and Scan API role to create a new
application using Veracode Static for Visual Studio and to create sandboxes
using the Veracode Jenkins Plugin.
|
- Ability to enable applications for next day consultations for Creation and Update
- Change business criticality of the application
- Delete a sandbox scan
- Create a sandbox scan for an application
- Change the Archer name of an application
- Manage policies
- Create a sandbox in an application
- View the list of sandboxes in an application
- Create a policy scan for an application
- Create a new application
- Delete an application
- Delete a policy scan
- Submit a pipeline scan
- Use the Dynamic Analysis REST API
|
Upload API - Submit Only
This role can also create and delete scan
requests, and has the ability to edit builds before rescanning the application. However, this
role does not allow users to create new applications, including users of the Veracode
integrations.
API Role |
User Account Role |
Tasks |
Upload - Submit only |
Submitter |
- Create a new build for an existing application profile
- Upload files to a build
- Begin prescan
- Check prescan status
- Submit a scan
-
Delete a policy scan
- Delete a sandbox scan
- Create a policy scan
- Create a sandbox scan
- Submit a pipeline scan
- View the list of sandboxes
|