XML APIs
Veracode provides both XML and REST APIs for automating application security testing tasks. The XML APIs are also available as wrappers. We recommend using the REST APIs. For new integrations, always use the REST APIs.
Veracode APIs and integrations require access to specific region domains, depending on the region for your Veracode account. Contact your IT team to ensure the correct domains for your region are on the allowlist for your organization. Also, ensure that there is one-way communication on port 443 to the domain for the REST APIs. Refer to the complete list of domains and IP addresses to add to your allowlist.
Permissions
To use the XML APIs, you must have a user account. The supported user account type (UI user or API user) and the required roles depend on the API you use.
Authentication
To ensure secure access to Veracode, the XML APIs require Veracode API credentials (ID and secret key) using Hash-based Message Authentication Code (HMAC) signing.
OAuth authentication isn't supported.
To configure HMAC authentication, create HMAC credentials. For additional options, see API authentication.
Ensure you access the APIs with the domain for your region.