About Veracode APIs

Veracode APIs

The Veracode REST and XML APIs mirror the main tasks for scanning applications, reviewing results, mitigating findings, and administrating your organization in the Veracode Platform. Veracode strongly recommends that you use the REST APIs. For new integrations, always use the REST APIs.

To understand how the APIs work, Veracode recommends that you familiarize yourself with the Veracode Platform workflow for scanning applications first, before beginning to use the APIs. You also should be familiar with how APIs function.

Veracode APIs are designed for members of a software development team responsible for performing security checks on software code. They enable developers who work in rapid build-and-test cycles to fully automate security verification for entire software portfolios, and to integrate with internal build and bug-tracking systems. Instead of manually using the Veracode Platform to go through the individual steps of configuring and submitting a scan request and, then, reviewing the results, you can integrate the API calls directly into your IDE and build system code to scan early and often.

Note: Veracode APIs and integrations require access to analysiscenter.veracode.com and api.veracode.com. Contact your IT team to ensure these domains are on the allowlist for your organization and that there is one-way communication on port 443 to api.veracode.com. Refer to the complete list of domains and IP addresses to add to your allowlist.

To test the security of your API specifications, see Getting Started with Veracode API Scanning.

For instructions on using Veracode APIs with Postman, see https://github.com/veracode/veracode-postman.

For the best experience when using the APIs and wrappers, Veracode strongly recommends that you review the API Best Practices.

Veracode REST APIs

The Veracode REST APIs follow the OpenAPI industry standard specification. These APIs return JSON instead of XML, and require authentication using HMAC. See Using the Veracode REST APIs. The Veracode REST APIs require Veracode API credentials.

You can access Veracode REST APIs using a tool that supports Veracode HMAC authentication, including the Java or Python authentication libraries.

Veracode XML APIs

The Veracode XML APIs are web APIs, each having a defined set of HTTP request messages that return structured response messages in XML. See Using the Veracode XML APIs.

Veracode reserves the right to apply API rate limiting to any account that exceeds the allowed number of API requests within a specific period.