Using Veracode APIs with Postman requires initial configuration to accommodate HMAC signing. Below are instructions for getting up and running with Veracode APIs in Postman.
If you have not does so, please follow these steps to generate the necessary API Token Credential to use with Postman. This will be required for providing the variables of api_id and api_key.
- Generate API credentials for your Veracode user.
- Store the credential information is a safe place or as a crecredential file for use with Veracode products.
These instructions will help you quickly setup the Postman example provided by Vercode. The example provides all the necessary scripts, environments, variables and collection request examples to start using Postman against Vercode APIs.
The content used for this example is located here The content consist of a Collection, Environment and pre-request script.
- Install Postman on your machine. You can download from the Postman web site.
- Create a Postman Workspace or use an existing one
- In the Postman Environments section (left nav) select the import button.
- Drag and drop or navigate to the the Veracode.postman_environment.json
- Select the new Veracode environment that is listed
- Update the following variables as type secret
- api_id : (set to your Veracode API ID)
- api_key : (set to your Veracode API Key)
- Update both the initial value and current value or update initial value and persist to current value
- Save changes to environment variables
More information about secrets and environment variables, see the Postman docs
-
In the Postman Collections section (left nav) select the import button.
-
Drag and drop or navigate to the the *Veracode Example.postman_collection.json
-
In the upper right hand corner set the environment drop down to Veracode
Now you should be able to run any of the request without any additional configuration. Enjoy!
- In the Authorization tab, select
Digest Auth
. - In the Pre-Request Scripts tab, paste in the script found in pre-request.js.
- Create an environment that contains the secret variables api_id and api_key
- Recommended: In the Variables tab, define a variable called
base_url
and enter the base URL for your API calls. The base URL depends on your region and is documented in the REST APIs section in the Region Domains for Veracode Services.
- Go to the newly created collection and choose Add Request from the …. menu.
- Give the request a name and click Save to [Collection Name].
- Click on the newly created request and enter the request information in the URL fields at the top.
- Choose the
HTTP
method. - Recommended: Enter the URL in the format
{{base_url}}/url-string
. For instance, to get information about the currently signed in user, enter{{base_url}}/api/authn/v2/users/self
. (Note that this requires you to definebase_url
in the Variables tab for your collection.)
- Choose the
- Click on the Authorization tab and verify that it is set to
Inherit auth from parent
. - Add any other information required by the request such as a body.
- Click Send.
See the LICENSE for details
This work is indebted to CTCampbell's initial example for how to authenticate with Postman.