> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List all API Endpoint Vulnerabilities

> 
List `ApiEndpointVulnerabilityConnectors` resources for the given application.

** Headers **
```
Authorization: Bearer <access_token>
```

** Scopes **
```
connectors.self:read-resource
```




## OpenAPI

````yaml /reference/build-integrations.json get /v1/resources/api_endpoint_vulnerability_connectors
openapi: 3.0.1
info:
  title: Build integrations
  description: >-
    The API that enables syncing and viewing resources


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token and authorization URLs shown
    below default to the commercial hosts — Gov customers should replace
    `api.vanta.com` with `api.vanta-gov.com` and `app.vanta.com` with
    `app.vanta-gov.com`.
  termsOfService: https://www.vanta.com/terms
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
  license:
    name: Vanta Terms of Service
    url: https://www.vanta.com/terms
  version: 0.0.1
servers:
  - url: https://api.vanta.com
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com
    description: Vanta Gov (FedRAMP)
security:
  - oauth:
      - connectors.self:read-resource
      - connectors.self:write-resource
tags:
  - name: API Endpoint Vulnerabilities
  - name: Background Checks
  - name: Custom Resources
  - name: Documents
  - name: MacOS User Computers
  - name: Package Vulnerabilities
  - name: Secrets
  - name: Security Tasks
  - name: Static Code Analysis Vulnerabilities
  - name: User Accounts
  - name: User Security Training Statuses
  - name: Vulnerable Components
  - name: Windows User Computers
paths:
  /v1/resources/api_endpoint_vulnerability_connectors:
    get:
      tags:
        - API Endpoint Vulnerabilities
      summary: List all API Endpoint Vulnerabilities
      description: >

        List `ApiEndpointVulnerabilityConnectors` resources for the given
        application.


        ** Headers **

        ```

        Authorization: Bearer <access_token>

        ```


        ** Scopes **

        ```

        connectors.self:read-resource

        ```
      operationId: get-ApiEndpointVulnerabilityConnectors
      parameters:
        - name: resourceId
          in: query
          schema:
            type: string
          required: true
          description: >-
            Vanta generated identifier for the given resource, and can be found
            on the developer console page. See the list of registered resources
            and their IDs on
            https://app.vanta.com/settings/developer-console/<app_id>?tab=resources
      responses:
        '200':
          description: List of resources.
          content:
            application/json:
              schema:
                type: object
                properties:
                  resources:
                    type: array
                    items:
                      properties:
                        displayName:
                          type: string
                          description: >-
                            A human readable label for this resource - will be
                            shown as-is in inventory page.
                        uniqueId:
                          type: string
                          description: A stable global identifier for this resource.
                        externalUrl:
                          type: string
                          description: >-
                            A link to this resource on the partner site. This
                            must be a HTTPS URL.
                        occurrences:
                          items:
                            properties:
                              description:
                                type: string
                                description: >-
                                  Markdown description of this API endpoint
                                  vulnerability occurrence.
                              fromUrl:
                                type: string
                                description: >-
                                  The API endpoint URL associated with this
                                  vulnerability occurrence.
                              queryParams:
                                items:
                                  properties:
                                    key:
                                      type: string
                                      description: >-
                                        The API query param key associated with
                                        this vulnerability occurrence.
                                    value:
                                      type: string
                                      description: >-
                                        The API query param value associated
                                        with this vulnerability occurrence.
                                  required:
                                    - key
                                    - value
                                type: array
                                description: >-
                                  The API params associated with this
                                  vulnerability.
                              headers:
                                items:
                                  properties:
                                    key:
                                      type: string
                                      description: >-
                                        The API header key associated with this
                                        vulnerability occurrence.
                                    value:
                                      type: string
                                      description: >-
                                        The API header value associated with
                                        this vulnerability occurrence.
                                  required:
                                    - key
                                    - value
                                type: array
                                description: >-
                                  The API headers associated with this
                                  vulnerability.
                              body:
                                type: string
                                description: >-
                                  The body of the request passed to the API,
                                  with sensitive information redacted.
                            required:
                              - description
                          type: array
                          description: A list of occurrences of vulnerable API endpoints.
                        severity:
                          type: number
                          format: float
                          description: >-
                            The severity of the vulnerability, on a scale of 0
                            to 10. This will be rounded to the nearest tenth.
                        vulnerableComponentUniqueId:
                          type: string
                          description: >-
                            A unique identifier for the vulnerable component
                            associated with the vulnerability. This must
                            reference the `uniqueId` field in the a previously
                            supplied `VulnerableComponent`.
                        description:
                          type: string
                          description: A description of the vulnerability.
                        remediationInstructions:
                          type: string
                          description: Instructions for remediating the vulnerability.
                        url:
                          type: string
                          description: The vulnerable URL.
                        httpMethod:
                          type: string
                          description: >-
                            The HTTP method (eg: GET, POST) associated with this
                            vulnerability.
                        cveId:
                          type: string
                          description: >-
                            The Common Vulnerabilities and Exposures (CVE)
                            identifier for the vulnerability. This field is
                            optional.
                        cvss3Vector:
                          type: string
                          description: >-
                            The Common Vulnerability Scoring System (CVSS)
                            version 3 vector for the vulnerability. This field
                            is optional.
                        cvss3Score:
                          type: number
                          format: float
                          description: >-
                            The Common Vulnerability Scoring System (CVSS)
                            version 3 score for the vulnerability. This field is
                            optional.
                      required:
                        - displayName
                        - uniqueId
                        - externalUrl
                        - occurrences
                        - severity
                        - vulnerableComponentUniqueId
                        - description
                        - remediationInstructions
                        - url
                        - httpMethod
components:
  securitySchemes:
    oauth:
      type: oauth2
      x-default: vat_llamainapajama
      flows:
        authorizationCode:
          authorizationUrl: https://app.vanta.com/oauth/authorize
          tokenUrl: https://api.vanta.com/oauth/token
          scopes:
            connectors.self:write-resource: Send data to your account.
            connectors.self:read-resource: Read data from your account.

````