This use case scenario provides the Identity REST API command and payload for creating an API service account.
Use this command to create an API service account:
http --auth-type=veracode_hmac POST "https://api.veracode.com/api/authn/v2/users" < input.json
The API passes the JSON file that you populate with the necessary values as shown in this example payload:
{
"user_name":"vitunicornidentityapi",
"first_name":"VITUnicorn",
"last_name":"IdentityAPI",
"email_address":"[email protected]",
"ip_restricted":false,
"active":true,
"roles":[
{
"role_name":"noteamrestrictionapi"
},
{
"role_name":"apisubmitanyscan"
},
{
"role_name":"uploadapi"
},
{
"role_name":"resultsapi"
}
],
"permissions":[
{
"permission_name":"apiUser"
}
],
"teams":[
{
"team_id":"teamId"
}
]
}
If you want an API service account to have access to all applications, regardless of which team the user is a member, use noteamrestrictionapi.
To restrict scan types for a user with the uploadapi role, use one or more of these additional roles:
apisubmitanyscanapisubmitstaticscanapisubmitdynamicscanapisubmitmanualscan
| Role Short Name | Role Name | Additional Roles Required |
|---|---|---|
submitterapi |
Upload API - Submit Only | Users must have the additional role that matches the type of scan they want to submit: apisubmitstaticscan, apisubmitdynamicscan, apisubmitmanualscan, noteamrestrictionapi, apisubmitanyscan |
uploadapi |
Upload and Scan API | Users must have the additional role that matches the type of scan they want to run: apisubmitstaticscan, apisubmitdynamicscan, apisubmitmanualscan, noteamrestrictionapi, apisubmitanyscan |
resultsapi |
Results API | |
mitigationapi |
Mitigation API | |
archerreports |
Archer Reports API | |
greenlightapiuser |
Greenlight API User | |
adminapi |
Admin API |