You can use the Veracode Policy API to create, update, delete, and read policies. You can also use this API to evaluate an application or a development sandbox against any policy.
This API allows you to assess an application or sandbox against any policy, even one not currently assigned to the application. The response from the policy evaluation shows you why the application is passing or failing policy, including scan frequency requirements and findings that are past their grace period due date.
Permissions and Authentication
Before you can use this API to create or update a policy, you must have one of these account types:
- An API service account with the Policy Administrator role
- A user account with the Policy Administrator role
This API uses API ID/key credentials and HMAC authentication to provide improved security. Before you can send requests, you must complete these configurations:
Ensure you access the APIs with the domain for your region.
Policy API Specification
The Policy API specification is available from SwaggerHub.