Skip to main content

Create an API service account with the REST API

This use case scenario provides the Identity REST API request and payload for creating an API service account.

Send the following request to create an API service account:

http --auth-type=veracode_hmac POST "https://api.veracode.com/api/authn/v2/users" < input.json

The API passes the JSON file that you populate with the necessary values as shown in this example payload:

{
"user_name":"vitunicornidentityapi",
"first_name":"VITUnicorn",
"last_name":"IdentityAPI",
"email_address":"[email protected]",
"ip_restricted":false,
"active":true,
"roles":[
{
"role_name":"noteamrestrictionapi"
},
{
"role_name":"apisubmitanyscan"
},
{
"role_name":"uploadapi"
},
{
"role_name":"resultsapi"
}
],
"permissions":[
{
"permission_name":"apiUser"
}
],
"teams":[
{
"team_id":"teamId"
}
]
}

If you want an API service account to have access to all applications, regardless of which team the user is a member, use noteamrestrictionapi.

To restrict scan types for a user with the uploadapi role, use one or more of these additional roles:

  • apisubmitanyscan
  • apisubmitstaticscan
  • apisubmitdynamicscan
  • apisubmitmanualscan

User Roles

Role Short NameRole NameAdditional Roles Required
submitterapiUpload API - Submit OnlyUsers must have the additional role that matches the type of scan they want to submit: apisubmitstaticscan, apisubmitdynamicscan, apisubmitmanualscan, noteamrestrictionapi, apisubmitanyscan
uploadapiUpload and Scan APIUsers must have the additional role that matches the type of scan they want to run: apisubmitstaticscan, apisubmitdynamicscan, apisubmitmanualscan, noteamrestrictionapi, apisubmitanyscan
resultsapiResults API
mitigationapiMitigation API
archerreportsArcher Reports API
greenlightapiuserGreenlight API User
adminapiAdmin API