Skip to main content

Annotations REST API

You can use the Veracode Annotations API to annotate findings, including adding comments and proposing, accepting, and rejecting mitigations.

Permissions and Authentication

Before you can use this API, you must have one of these account types:

  • An API service account with the Results API role
  • A user account with the Reviewer, Security Lead, or Mitigation Approver role

This API uses API ID/key credentials and HMAC authentication to provide improved security. Before you can send requests, you must complete these configurations:

Ensure you access the APIs with the domain for your region.

Annotations API Specification

The Annotations API specification is available from SwaggerHub.