This use case scenario provides the Identity REST API command and payload for creating an API service account.
Use this command to create an API service account:
http --auth-type=veracode_hmac POST "https://api.veracode.com/api/authn/v2/users" < input.json
The API passes the JSON file that you populate with the necessary
values as shown in this example payload:
{
"user_name":"vitunicornidentityapi",
"first_name":"VITUnicorn",
"last_name":"IdentityAPI",
"email_address":"[email protected]",
"ip_restricted":false,
"active":true,
"roles":[
{
"role_name":"noteamrestrictionapi"
},
{
"role_name":"apisubmitanyscan"
},
{
"role_name":"uploadapi"
},
{
"role_name":"resultsapi"
}
],
"permissions":[
{
"permission_name":"apiUser"
}
],
"teams":[
{
"team_id":"teamId"
}
]
}
If you want an API service account to have access to all applications, regardless of which team the user is a member, use noteamrestrictionapi.
To restrict scan types for a user with the uploadapi role, use one or more of these additional roles:
- apisubmitanyscan
- apisubmitstaticscan
- apisubmitdynamicscan
- apisubmitmanualscan
| Role Short Name | Role Name | Additional Roles Required |
|---|---|---|
| submitterapi | Upload API - Submit Only | Users must have the additional role that matches the type of scan they want to
submit:
|
| uploadapi | Upload and Scan API |
Users must have the additional role that matches the type of scan they want to run:
|
| resultsapi | Results API | |
| mitigationapi | Mitigation API | |
| archerreports | Archer Reports API | |
| greenlightapiuser | Greenlight API User | |
| adminapi | Admin API |