Skip to main content


You can use the Veracode SCA Agent REST API to programmatically extract high-level workspace information on specific Agent-Based Scanning workspaces or all workspaces to which you have access. You can also filter your workspaces on library, vulnerability, and license.

Permissions and Authentication

Before you can use this API, you must have a user account.

This API uses API ID/key credentials and HMAC authentication to provide improved security. Before you can send requests, you must complete these configurations:

Ensure you access the APIs with the domain for your region.


There are two host URLs for the Veracode SCA Agent API. If you use SourceClear API credentials, the host URL is If you use Veracode API credentials, the host URL is

Required HTTP Headers

The Veracode SCA Agent API requires that you set these HTTP headers in the REST requests:

  • accept-encoding: gzip
  • user-agent: a value of your choice. Veracode recommends a company name, email domain, or application name.

Veracode SCA Agent API Specification

The API specification is available on SwaggerHub.