Using the Veracode SCA Agent REST API

Veracode APIs

You can use the Veracode SCA Agent REST API to programmatically extract high-level workspace information on specific Agent-Based Scanning workspaces or all workspaces to which you have access. You can also filter your workspaces on library, vulnerability, and license.

Permissions and Authentication

Before you can use this API, you must have a user account.

The API provides improved security through HMAC authentication. Therefore, before using this API, you must configure your authentication.

Ensure you access the APIs with the domain for your region.

Note: To prevent your API requests being blocked, provide your company, application name, or email domain in your User-Agent header so that Veracode Technical Support can address any issues.

Veracode SCA Agent API Specification

The Veracode SCA Agent API specification is available from SwaggerHub.

Note: There are two host URLs for the Veracode SCA Agent API. If you use SourceClear API credentials, the host URL is If you use Veracode API credentials, the host URL is