An API ID and Secret Key (HMAC credentials) are required in order to make signed requests to Veracode's REST APIs. This guide walks you through creating a Veracode Application Security integration.
Before you begin, ensure you have:
- Access to the Veracode Platform
- Administrator privileges
Log in to Veracode as an Administrator.
Click the Settings gear in the top right corner and click on Admin.
On the Users tab, click on the Add New User on the right.
Provide the required user fields with the following scope permissions:
Role Purpose Creator or Security Lead Required to access the applications data. Results API Required to access the findings data. Reviewer or Security Lead Required to access the findings data. Save the new user and an email will be sent to the entered email.
Log out of the administrator account, then log in using the newly created API User account.
- Find the Welcome to Veracode email and click on the Activate Account button.
- Set up a new password and MFA devices.
- Once you have completed the setup proccess, you will be taken to the API Credentials view.
- Click on the Create API Credentials button.
- You will be provided with two options: HMAC Credentials and OAuth Client. Go ahead and pick HMAC Credentials and click on Generate.
- Two values will now be shown:
- ID
- Secret Key
- Copy and store these values in a secure vault for later user.
- Note: that these values will only be shown once.
- Veracode credentials expire after a fixed period (rotation is required); record the expiration date so you can rotate before it lapses.
Create your integration by supplying all configuration values.
| Integration Parameter | Description |
|---|---|
| Client ID | The ID from Step 1. |
| Client Secret | The Secret Key from Step 1. |
| Veracode URL | https://api.veracode.com |