The Veracode API is new to me, so to get to grips with it I decided to fire up Postman and make a few requests. I was initially unsure where to enter my API ID and secret key, and despite trying a few things I kept getting authorisation errors, because the API uses HMAC authentication which is not directly supported by Postman.
The solution I eventually stumbled across was thankfully simple. You just need to grab the pre-request script from here (thanks to Veracode’s Chris Campbell!) and paste it into the Pre-request Script section of your request tab. Finally, add two variables to the Globals tab: veracodeApiKeyId and veracodeApiKeySecret, paste in your Veracode API ID and secret key respectively, and you should now be able to make a successful API request.
Note that you don’t need to select anything in the Authorization section for this to work (just leave it as No Auth).