> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Sync all API Endpoint Vulnerabilities

> To send us data related to API endpoint vulnerabilities. Note that you must first sync `VulnerableComponent` resources before sending us this data, and this sync should reference the `uniqueId` field in the `VulnerableComponent` resource.

This call replaces ALL existing `ApiEndpointVulnerabilityConnectors` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `ApiEndpointVulnerabilityConnectors` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and is deleted in Vanta.

** Headers **
```
Authorization: Bearer <access_token>
```

** Scopes **
```
connectors.self:write-resource
```

** Schema **

Expand the `resources` array below for the schema of `ApiEndpointVulnerabilityConnectors`.



## OpenAPI

````yaml /reference/build-integrations.json put /v1/resources/api_endpoint_vulnerability_connectors
openapi: 3.0.1
info:
  title: Build integrations
  description: >-
    The API that enables syncing and viewing resources


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token and authorization URLs shown
    below default to the commercial hosts — Gov customers should replace
    `api.vanta.com` with `api.vanta-gov.com` and `app.vanta.com` with
    `app.vanta-gov.com`.
  termsOfService: https://www.vanta.com/terms
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
  license:
    name: Vanta Terms of Service
    url: https://www.vanta.com/terms
  version: 0.0.1
servers:
  - url: https://api.vanta.com
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com
    description: Vanta Gov (FedRAMP)
security:
  - oauth:
      - connectors.self:read-resource
      - connectors.self:write-resource
tags:
  - name: API Endpoint Vulnerabilities
  - name: Background Checks
  - name: Custom Resources
  - name: Documents
  - name: MacOS User Computers
  - name: Package Vulnerabilities
  - name: Secrets
  - name: Security Tasks
  - name: Static Code Analysis Vulnerabilities
  - name: User Accounts
  - name: User Security Training Statuses
  - name: Vulnerable Components
  - name: Windows User Computers
paths:
  /v1/resources/api_endpoint_vulnerability_connectors:
    put:
      tags:
        - API Endpoint Vulnerabilities
      summary: Sync all API Endpoint Vulnerabilities
      description: >-
        To send us data related to API endpoint vulnerabilities. Note that you
        must first sync `VulnerableComponent` resources before sending us this
        data, and this sync should reference the `uniqueId` field in the
        `VulnerableComponent` resource.


        This call replaces ALL existing `ApiEndpointVulnerabilityConnectors`
        resources for the given app and `source_id` - this is a "state of the
        world" sync. In other words, if a `ApiEndpointVulnerabilityConnectors`
        resource is sent for a user in a previous `sync_all` call, but is not
        included in a later `sync_all` call for that customer, it is assumed to
        no longer exist and is deleted in Vanta.


        ** Headers **

        ```

        Authorization: Bearer <access_token>

        ```


        ** Scopes **

        ```

        connectors.self:write-resource

        ```


        ** Schema **


        Expand the `resources` array below for the schema of
        `ApiEndpointVulnerabilityConnectors`.
      operationId: put-ApiEndpointVulnerabilityConnectors
      requestBody:
        description: List of resources to sync
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - resourceId
                - resources
              properties:
                resourceId:
                  type: string
                  description: >-
                    Vanta generated identifier for the given resource, and can
                    be found on the developer console page. See the list of
                    registered resources and their IDs on
                    https://app.vanta.com/settings/developer-console/<app_id>?tab=resources
                resources:
                  type: array
                  items:
                    properties:
                      displayName:
                        type: string
                        description: >-
                          A human readable label for this resource - will be
                          shown as-is in inventory page.
                      uniqueId:
                        type: string
                        description: A stable global identifier for this resource.
                      externalUrl:
                        type: string
                        description: >-
                          A link to this resource on the partner site. This must
                          be a HTTPS URL.
                      occurrences:
                        items:
                          properties:
                            description:
                              type: string
                              description: >-
                                Markdown description of this API endpoint
                                vulnerability occurrence.
                            fromUrl:
                              type: string
                              description: >-
                                The API endpoint URL associated with this
                                vulnerability occurrence.
                            queryParams:
                              items:
                                properties:
                                  key:
                                    type: string
                                    description: >-
                                      The API query param key associated with
                                      this vulnerability occurrence.
                                  value:
                                    type: string
                                    description: >-
                                      The API query param value associated with
                                      this vulnerability occurrence.
                                required:
                                  - key
                                  - value
                              type: array
                              description: >-
                                The API params associated with this
                                vulnerability.
                            headers:
                              items:
                                properties:
                                  key:
                                    type: string
                                    description: >-
                                      The API header key associated with this
                                      vulnerability occurrence.
                                  value:
                                    type: string
                                    description: >-
                                      The API header value associated with this
                                      vulnerability occurrence.
                                required:
                                  - key
                                  - value
                              type: array
                              description: >-
                                The API headers associated with this
                                vulnerability.
                            body:
                              type: string
                              description: >-
                                The body of the request passed to the API, with
                                sensitive information redacted.
                          required:
                            - description
                        type: array
                        description: A list of occurrences of vulnerable API endpoints.
                      severity:
                        type: number
                        format: float
                        description: >-
                          The severity of the vulnerability, on a scale of 0 to
                          10. This will be rounded to the nearest tenth.
                      vulnerableComponentUniqueId:
                        type: string
                        description: >-
                          A unique identifier for the vulnerable component
                          associated with the vulnerability. This must reference
                          the `uniqueId` field in the a previously supplied
                          `VulnerableComponent`.
                      description:
                        type: string
                        description: A description of the vulnerability.
                      remediationInstructions:
                        type: string
                        description: Instructions for remediating the vulnerability.
                      url:
                        type: string
                        description: The vulnerable URL.
                      httpMethod:
                        type: string
                        description: >-
                          The HTTP method (eg: GET, POST) associated with this
                          vulnerability.
                      cveId:
                        type: string
                        description: >-
                          The Common Vulnerabilities and Exposures (CVE)
                          identifier for the vulnerability. This field is
                          optional.
                      cvss3Vector:
                        type: string
                        description: >-
                          The Common Vulnerability Scoring System (CVSS) version
                          3 vector for the vulnerability. This field is
                          optional.
                      cvss3Score:
                        type: number
                        format: float
                        description: >-
                          The Common Vulnerability Scoring System (CVSS) version
                          3 score for the vulnerability. This field is optional.
                    required:
                      - displayName
                      - uniqueId
                      - externalUrl
                      - occurrences
                      - severity
                      - vulnerableComponentUniqueId
                      - description
                      - remediationInstructions
                      - url
                      - httpMethod
      responses:
        '200':
          description: The current resources synced.
          content:
            application/json:
              schema:
                type: object
                required:
                  - success
                properties:
                  success:
                    type: boolean
components:
  securitySchemes:
    oauth:
      type: oauth2
      x-default: vat_llamainapajama
      flows:
        authorizationCode:
          authorizationUrl: https://app.vanta.com/oauth/authorize
          tokenUrl: https://api.vanta.com/oauth/token
          scopes:
            connectors.self:write-resource: Send data to your account.
            connectors.self:read-resource: Read data from your account.

````