Skip to main content

API wrapper parameters

Most actions in the Veracode Java and C# API wrappers expose required or optional parameters. Some parameters apply to every action that the wrapper supports.


The Veracode XML APIs and the wrappers use a different syntax. For the wrappers, the parameter names omit the underscores, the parameter values omit spaces, and some parameters use different names. For example, the parameter app_id in the API is appid in the wrapper and the parameter value Very High in the API is VeryHigh in the wrapper. The parameter business_criticality in the API is criticality in the wrapper. The syntax is not interchangeable and using the wrong syntax causes your command to fail. To ensure you are using the correct syntax, see the documentation provided in the Help directory for each wrapper.

The following table lists the parameters that apply to all actions.

StringName of the action.
vidStringVeracode API ID.
vkeyStringVeracode API key.
credprofileStringName of the profile in the API credentials file to use for authentication.

Your command must not include both the credprofile parameter and the vid/vkey parameters or you see an error.
debugStringInclude to show detailed diagnostic information, which you can use for debugging, in the output. Exclude to not show the diagnostic information.
inputfilepathStringPath to a CSV file that contains the parameters to use for the command.You can use inputfilepath to make multiple calls to the API specified by the action. In the CSV file, use one row to specify the parameters for each call. For an example, see
logfilepathStringFilepath of the log file where commands save informational and error messages.
maxretrycountIntegerNumber of times to retry the last request during certain error conditions or when a request times out. Value range is 1 to 5.
phostStringProxy hostname. Do not include the web protocol, such as HTTP or HTTPS, in the proxy hostname. Including the protocol can cause an error. You can also provide a proxy in an environment variable.
ppasswordStringProxy password. Required if you include phost.
pportStringProxy port. Required if you include phost.
puserStringProxy username. Required if you include phost.

Proxy environment variable

To provide a proxy host, port, and its credentials in an environment variable:

  1. Create an environment variable with the name https_proxy.
  2. For the value, enter the username, password, hostname or IP address, and port. For example: user1:[email protected]:1234
  3. Remove all proxy parameters from your command: phost, ppassword, pport, and puser. The parameters take precedence over the environment variable.

Java wrapper example

To return a list of applications in the application portfolio of an account, run getapplist with these parameters:

java -jar vosp-api-wrapper-java{version}.jar -action getapplist -vid <Veracode API ID> -vkey <Veracode API key> -phost -pport 8080 -puser <proxy username> -ppassword <proxy password>

C# wrapper example

To return a list of applications in the application portfolio of an account, run getapplist with these parameters:

VeracodeC#API.exe -action getapplist -vid <Veracode API ID> -vkey <Veracode API key> -phost -pport 8080 -puser <proxy username> -ppassword <proxy password>

Veracode recommends that you use an external API credentials file to provide your credentials to the Veracode API wrapper. When you use an API credentials file, you can omit the -vid and -vkey parameters for specifying your Veracode API credentials.

To see the required and optional parameters for an action, you can run -action and review the returned text. After reading the returned text, you know which parameters to include in your command.

For example, to return a list of required and optional parameters for, run -action createapp.

You replace the parameter values with your Veracode API ID, Veracode API key, application name, and the level of business criticality of the application. See the call for more information on the parameters.


All parameters require an argument or value. For example, the -criticality parameter requires an argument of VeryHigh, High, Medium, Low, or VeryLow. When you run -action, to see the parameters for an action, you also see the list of arguments under Usage.