Annotations REST API

You can use the Veracode Annotations API to annotate findings, including adding comments and proposing, accepting, and rejecting mitigations.

Permissions and Authentication

Before you can use this API, you must have one of these account types:

An API service account with the Results API role
A user account with the Reviewer, Security Lead, or Mitigation Approver role

This API uses API ID/key credentials and HMAC authentication to provide improved security. Before you can send requests, you must complete these configurations:

Veracode API credentials
HMAC authentication

Ensure you access the APIs with the domain for your region.

Annotations API Specification

The Annotations API specification is available from SwaggerHub.

Permissions and Authentication​

Annotations API Specification​

Permissions and Authentication

Annotations API Specification