Creating an API Service Account with the Identity API

Veracode APIs

This use case scenario provides the Identity REST API command and payload for creating an API service account.

Use this command to create an API service account:

http --auth-type=veracode_hmac POST "https://api.veracode.com/api/authn/v2/users" < input.json

The API passes the JSON file that you populate with the necessary values as shown in this example payload:

{
   "user_name":"vitunicornidentityapi",
   "first_name":"VITUnicorn",
   "last_name":"IdentityAPI",
   "email_address":"[email protected]",
   "ip_restricted":false,
   "active":true,
   "roles":[
      {
         "role_name":"noteamrestrictionapi"
      },
      {
         "role_name":"apisubmitanyscan"
      },
      {
         "role_name":"uploadapi"
      },
      {
         "role_name":"resultsapi"
      }
   ],
   "permissions":[
      {
         "permission_name":"apiUser"
      }
   ],
   "teams":[
      {
         "team_id":"teamId"
      }
   ]
}

If you want an API service account to have access to all applications, regardless of which team the user is a member, use noteamrestrictionapi.

To restrict scan types for a user with the uploadapi role, use one or more of these additional roles:

  • apisubmitanyscan
  • apisubmitstaticscan
  • apisubmitdynamicscan
  • apisubmitmanualscan
Role Short Name Role Name Additional Roles Required
submitterapi Upload API - Submit Only Users must have the additional role that matches the type of scan they want to submit: apisubmitstaticscan, apisubmitdynamicscan, apisubmitmanualscan, noteamrestrictionapi, apisubmitanyscan
uploadapi Upload and Scan API Users must have the additional role that matches the type of scan they want to run: apisubmitstaticscan, apisubmitdynamicscan, apisubmitmanualscan, noteamrestrictionapi, apisubmitanyscan
resultsapi Results API
mitigationapi Mitigation API
archerreports Archer Reports API
greenlightapiuser Greenlight API User
adminapi Admin API