Veracode APIs

The creates a report listing all fixed and unfixed flaws for the specified applications, scan types, or both. The return contains the token needed for downloading the flaw report.

Before using this API, Veracode strongly recommends that you read API Usage and Access Guidelines. Ensure you access the APIs with the domain for your region.

Resource URL


You need the Archer API role to use this call.


Name Type Description


Integer Comma-separated list of the IDs for the applications you want included in the report. This parameter does not support wildcards.
scan_type String Values include:
  • static
  • dynamic
  • manual

HTTPie Example

Examples use the HTTPie command-line tool. See Using HTTPie with the Python Authentication Library.

http --auth-type=veracode_hmac -o reporttoken.xml "" "app_id_list==<app1 id>,<app2 id>,<app3 id>" "scan_type==static"

HTTPie Results

The call initiates the process of creating the generateflawreport XML document, which references the archerreportrequest.xsd schema file. You can use the XSD schema file to validate the XML data.

The XML return contains the token string you need to retrieve the report, when it is available, using the call.
<?xml version="1.0" encoding="UTF-8"?>

<archerreport xmlns:xsi="http&#x3a;&#x2f;&#x2f;;2001&#x2f;XMLSchema-instance" 
      token="4aaa2b4e-c42a-44c3-a696-c650a82d9c78" archer_report_version="3.0">