Creating an API Service Account with the Identity API

Veracode APIs

This use case scenario provides the Identity REST API command and payload for creating an API service account.

Use this command to create an API service account:
http --auth-type=veracode_hmac POST "https://api.veracode.com/api/authn/v2/users" < input.json
The API passes the JSON file that you populate with the necessary values as shown in this example payload:
{
   "user_name":"vitunicornidentityapi",
   "first_name":"VITUnicorn",
   "last_name":"IdentityAPI",
   "email_address":"[email protected]",
   "ip_restricted":false,
   "active":true,
   "roles":[
      {
         "role_name":"noteamrestrictionapi"
      },
      {
         "role_name":"apisubmitanyscan"
      },
      {
         "role_name":"uploadapi"
      },
      {
         "role_name":"resultsapi"
      }
   ],
   "permissions":[
      {
         "permission_name":"apiUser"
      }
   ],
   "teams":[
      {
         "team_id":"teamId"
      }
   ]
}

If you want an API service account to have access to all applications, regardless of which team the user is a member, use noteamrestrictionapi.

To restrict scan types for a user with the uploadapi role, use one or more of these additional roles:

  • apisubmitanyscan
  • apisubmitstaticscan
  • apisubmitdynamicscan
  • apisubmitmanualscan
Table. API User Roles
Role Short Name Role Name Additional Roles Required
submitterapi Upload API - Submit Only Users must have the additional role that matches the type of scan they want to submit:
  • apisubmitstaticscan
  • apisubmitdynamicscan
  • apisubmitmanualscan
  • noteamrestrictionapi
  • apisubmitanyscan
uploadapi Upload and Scan API

Users must have the additional role that matches the type of scan they want to run:

  • apisubmitstaticscan
  • apisubmitdynamicscan
  • apisubmitmanualscan
  • noteamrestrictionapi
  • apisubmitanyscan
resultsapi Results API  
mitigationapi Mitigation API  
archerreports Archer Reports API  
greenlightapiuser Greenlight API User  
adminapi Admin API