> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a comment for audit evidence

> Create a comment in Vanta for a piece of evidence.

Rate limit: 10 requests / minute.



## OpenAPI

````yaml https://spec.speakeasy.com/vanta/vanta/conduct-an-audit-with-code-samples post /audits/{auditId}/evidence/{auditEvidenceId}/comments
openapi: 3.0.0
info:
  title: Conduct an audit
  version: 1.0.0
  description: >-
    The Auditor API lets audit firms conduct audits from a tool outside of
    Vanta. Unlock data syncing with Vanta through this API.


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the
    commercial host — replace it with `https://api.vanta-gov.com/oauth/token`.
  termsOfService: https://www.vanta.com/terms
  license:
    name: UNLICENSED
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
servers:
  - url: https://api.vanta.com/v1
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com/v1
    description: Vanta Gov (FedRAMP)
security: []
paths:
  /audits/{auditId}/evidence/{auditEvidenceId}/comments:
    post:
      tags:
        - Audits
      summary: Create a comment for audit evidence
      description: |-
        Create a comment in Vanta for a piece of evidence.

        Rate limit: 10 requests / minute.
      operationId: CreateCommentForAuditEvidence
      parameters:
        - in: path
          name: auditId
          required: true
          schema:
            type: string
        - in: path
          name: auditEvidenceId
          required: true
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AddCommentInput'
      responses:
        '200':
          description: Ok
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Comment'
              examples:
                Example 1:
                  value:
                    id: 65fc81a3359c8508c9af880f
                    auditEvidenceId: 65fc81a3359c8508c9af880f
                    text: Some comment
                    creationDate: '2024-03-07T21:25:56.000Z'
                    modificationDate: '2024-03-07T21:25:56.000Z'
                    deletionDate: '2024-03-07T21:25:56.000Z'
                    email: vlad@vantaroo.com
                    authorName: Vlad Vantaroo
      security:
        - bearerAuth: []
      x-codeSamples:
        - lang: typescript
          label: CreateCommentForAuditEvidence
          source: |-
            import { Vanta } from "vanta-auditor-api-sdk";

            const vanta = new Vanta({
              bearerAuth: process.env["VANTA_BEARER_AUTH"] ?? "",
            });

            async function run() {
              const result = await vanta.audits.createCommentForEvidence({
                auditId: "<id>",
                auditEvidenceId: "<id>",
                addCommentInput: {
                  text: "<value>",
                  email: "Carmen.Bogan@yahoo.com",
                  creationDate: new Date("2024-05-28T11:04:29.369Z"),
                },
              });

              console.log(result);
            }

            run();
        - lang: java
          label: CreateCommentForAuditEvidence
          source: >-
            package hello.world;


            import com.vanta.vanta_auditor_api.Vanta;

            import
            com.vanta.vanta_auditor_api.models.components.AddCommentInput;

            import
            com.vanta.vanta_auditor_api.models.operations.CreateCommentForAuditEvidenceResponse;

            import java.lang.Exception;

            import java.time.OffsetDateTime;


            public class Application {

                public static void main(String[] args) throws Exception {

                    Vanta sdk = Vanta.builder()
                            .bearerAuth(System.getenv().getOrDefault("BEARER_AUTH", ""))
                        .build();

                    CreateCommentForAuditEvidenceResponse res = sdk.audits().createCommentForEvidence()
                            .auditId("<id>")
                            .auditEvidenceId("<id>")
                            .addCommentInput(AddCommentInput.builder()
                                .text("<value>")
                                .email("Carmen.Bogan@yahoo.com")
                                .creationDate(OffsetDateTime.parse("2024-05-28T11:04:29.369Z"))
                                .build())
                            .call();

                    if (res.comment().isPresent()) {
                        System.out.println(res.comment().get());
                    }
                }
            }
components:
  schemas:
    AddCommentInput:
      properties:
        text:
          type: string
          description: Text value of the comment
        email:
          type: string
          description: >-
            Email of author. Must match an existing Vanta user and the user must
            exist under the Audit Firm who is making the API request
        creationDate:
          type: string
          format: date-time
          description: When the comment was created in the external system
      required:
        - text
        - email
        - creationDate
      type: object
      additionalProperties: false
    Comment:
      properties:
        id:
          type: string
          description: The unique identifier for the comment
        auditEvidenceId:
          type: string
          description: The unique identifier for the audit evidence related to the comment.
        text:
          type: string
          description: The comment message
        creationDate:
          type: string
          format: date-time
          description: When the comment was created
        modificationDate:
          type: string
          format: date-time
          nullable: true
          description: When the comment was updated
        deletionDate:
          type: string
          format: date-time
          nullable: true
          description: When the comment was deleted
        email:
          type: string
          nullable: true
          description: >-
            The email of the comment author. This acts as a unique identifier to
            map users between Vanta and external systems.
        authorName:
          type: string
          nullable: true
          description: >-
            Human-readable display name of the comment author.

            Null if the author's name is not available (e.g., user was deleted).

            This enables correct author attribution in integrations where users
            cannot

            be reliably matched across systems by email alone.
      required:
        - id
        - auditEvidenceId
        - text
        - creationDate
        - modificationDate
        - deletionDate
        - email
        - authorName
      type: object
      additionalProperties: false
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````