Using HMAC Signatures

Veracode Integrations Security and Troubleshooting

Veracode uses HMAC as a security measure for accessing some API resources. You can make requests to the Veracode service by sending an HMAC signature in the HTTP authorization header.

Veracode uses the Veracode API credentials with HMAC signing because this method provides maximum protection against man-in-the-middle and session replay attacks.