Skip to main content

The call uploads a single file as a set of parts to an existing build or creates a build. Uploading the file in parts avoids timeout errors, which can occur when uploading a large file using the call.

Veracode recommends using this call as an alternative to the call. Before using this API, Veracode strongly recommends that you read API usage and access guidelines. Ensure you access the APIs with the domain for your region.

Before uploading additional files, ensure that:

  • An upload or prescan is not in progress.
  • The call is not in progress.
  • If you recently ran the call, you did not set auto_scan to true.

Because the call creates a build, if one does not already exist or if the most recent build has a published static scan, you do not need to call If the call creates a build, the build name is the date of the build with the scan type. For example, 03 Mar 2019 Static.

If you want to upload a file that does not have the same name as a previous file, you can use the filename parameter to change the name, enabling flaw-matching with previously scanned files.

Resource URL

Header requirements

  • Set Content-Length: <number of bytes in the file>
  • Set Content-Type: binary/octet-stream


IntegerApplication ID.
StringFile to upload. The maximum file size is 2GB.
You must enter the @ symbol before the entire pathname, including the specific filename.
filenameStringEnter a new, unique filename for the uploaded file. The filename cannot begin or end with slashes or periods.
sandbox_idIntegerEnter the ID of the target sandbox for the upload file.

Java example

This call supports the HTTP POST method. Because HTTPie does not support streaming uploads, you can use this Java example as an alternative to HTTPie.

java -jar vosp-api-wrappers-java-<version>.jar -vid <Veracode API ID> -vkey <Veracode API key> -action uploadfile -app_id <Veracode application ID> -filepath c:\Users\<username>\<filename>

Java results

The call returns the filelist XML document, which references the filelist.xsd schema file. You can use the XSD schema file to validate the XML data.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<filelist xmlns=""
account_id=<account ID> app_id=<application ID> build_id=<build ID> filelist_version="1.1"
<file file_id=<file ID> file_name="<filename>" file_status="Uploaded"/>

Python example

This call supports the HTTP POST method. Because HTTPie does not support streaming uploads, you can use this Python script example as an alternative to HTTPie.

import requests
import sys
from veracode_api_signing.plugin_requests import RequestsAuthPluginVeracodeHMAC

app_id = 123456 #insert <Veracode application id> here
filename = 'verademo.war' #insert <filename> here
vid = 123456 #insert veracode api key id here
vkey = 1234567890 #insert veracode api key secret here

with open(filename, 'rb') as file:
resp ='',
headers={'Content-Type': 'binary/octet-stream'},params={'app_id': app_id, 'filename': filename},
except Exception as err:
print(f'Error occurred: {err}')
print(f'Req Headers: {resp.request.headers}')
print(f'Resp Code: {resp.status_code}\nResp Text: {resp.text}')