> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get an information request by ID

> Retrieves a single information request by its ID for an audit, allowing external
audit management systems to fetch the latest state of a specific request without
paginating through the full list.

Soft-deleted records (where `deletionDate !== null`) are included in the response.
Clients should check `deletionDate` to determine whether the request has been deleted.

Rate limit: 50 requests / minute.



## OpenAPI

````yaml https://spec.speakeasy.com/vanta/vanta/conduct-an-audit-with-code-samples get /audits/{auditId}/information-requests/{requestId}
openapi: 3.0.0
info:
  title: Conduct an audit
  version: 1.0.0
  description: >-
    The Auditor API lets audit firms conduct audits from a tool outside of
    Vanta. Unlock data syncing with Vanta through this API.


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the
    commercial host — replace it with `https://api.vanta-gov.com/oauth/token`.
  termsOfService: https://www.vanta.com/terms
  license:
    name: UNLICENSED
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
servers:
  - url: https://api.vanta.com/v1
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com/v1
    description: Vanta Gov (FedRAMP)
security: []
paths:
  /audits/{auditId}/information-requests/{requestId}:
    get:
      tags:
        - Audits
      summary: Get an information request by ID
      description: >-
        Retrieves a single information request by its ID for an audit, allowing
        external

        audit management systems to fetch the latest state of a specific request
        without

        paginating through the full list.


        Soft-deleted records (where `deletionDate !== null`) are included in the
        response.

        Clients should check `deletionDate` to determine whether the request has
        been deleted.


        Rate limit: 50 requests / minute.
      operationId: GetInformationRequest
      parameters:
        - in: path
          name: auditId
          required: true
          schema:
            type: string
        - in: path
          name: requestId
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Ok
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InformationRequest'
              examples:
                Example 1:
                  value:
                    id: 6890e473dce1da5d8406f5e7
                    uniqueId: '1466132'
                    additionalControlIds: []
                    approvalStatus: NEEDS_EVIDENCE
                    cadence: ANNUALLY
                    frameworkCodes:
                      - SOC2_CC6.1
                    description: >-
                      Provide the data deletion evidence for a sample of
                      terminated customers
                    dueDate: '2025-10-28T00:00:00.000Z'
                    evidenceCaptureDate: '2025-10-28T00:00:00.000Z'
                    requestId: null
                    requestType: SAMPLE
                    title: Terminated Customer Deletion Evidence
                    creationDate: '2025-08-01T12:34:56.000Z'
                    modificationDate: '2025-08-02T08:00:00.000Z'
                    deletionDate: null
                    ownerAssignment:
                      type: user
                      id: 507f1f77bcf86cd799439011
                      displayName: John Doe
      security:
        - bearerAuth: []
      x-codeSamples:
        - lang: typescript
          label: GetInformationRequest
          source: |-
            import { Vanta } from "vanta-auditor-api-sdk";

            const vanta = new Vanta({
              bearerAuth: process.env["VANTA_BEARER_AUTH"] ?? "",
            });

            async function run() {
              const result = await vanta.audits.getInformationRequest({
                auditId: "<id>",
                requestId: "<id>",
              });

              console.log(result);
            }

            run();
        - lang: java
          label: GetInformationRequest
          source: >-
            package hello.world;


            import com.vanta.vanta_auditor_api.Vanta;

            import
            com.vanta.vanta_auditor_api.models.operations.GetInformationRequestResponse;

            import java.lang.Exception;


            public class Application {

                public static void main(String[] args) throws Exception {

                    Vanta sdk = Vanta.builder()
                            .bearerAuth(System.getenv().getOrDefault("BEARER_AUTH", ""))
                        .build();

                    GetInformationRequestResponse res = sdk.audits().getInformationRequest()
                            .auditId("<id>")
                            .requestId("<id>")
                            .call();

                    if (res.informationRequest().isPresent()) {
                        System.out.println(res.informationRequest().get());
                    }
                }
            }
components:
  schemas:
    InformationRequest:
      description: >-
        Information Request resource representing a single request for audit
        evidence from a customer.


        An information request is created by an auditor and shared with the
        customer organization.

        The customer then uploads evidence, which the auditor reviews and either
        approves or flags

        for issues.
      properties:
        id:
          type: string
          description: >-
            The unique identifier for the information request within Vanta's
            system.

            This is the primary identifier used in all API endpoints.

            Format: ObjectId as a string (e.g., "6890e473dce1da5d8406f5e7")
        uniqueId:
          type: string
          description: >-
            External unique ID to prevent duplicates across different audit
            systems.

            Used for idempotency when syncing data between external audit
            management

            systems and Vanta. Unlike `id`, this value is provided by the
            external system.
        additionalControlIds:
          items:
            type: string
          type: array
          description: >-
            Additional control IDs beyond those automatically mapped from
            framework codes.

            Allows manual association with specific controls when automatic
            mapping

            is insufficient. Each ID should reference a valid control in your
            audit framework.
        approvalStatus:
          $ref: '#/components/schemas/InformationRequestApprovalStatus'
          description: >-
            Current approval status tracking the request's lifecycle through
            evidence

            submission and auditor review.
        cadence:
          allOf:
            - $ref: '#/components/schemas/InformationRequestCadence'
          nullable: true
          description: >-
            How frequently this information request recurs (e.g., annual
            password

            policy reviews). Null for one-time requests.
        frameworkCodes:
          items:
            type: string
          type: array
          description: >-
            The framework codes this request addresses.

            Links the request to specific compliance requirements. Can be an
            empty array

            if no framework codes are associated. These codes correspond to
            standards like SOC 2, ISO 27001, etc.
        description:
          type: string
          nullable: true
          description: >-
            Detailed description explaining what evidence is needed and why.

            Should provide clear instructions to help the customer understand
            what

            to submit.
        dueDate:
          type: string
          format: date-time
          nullable: true
          description: |-
            The deadline by which the customer must fulfill this request.
            Null if no specific deadline is set. Format: ISO 8601 UTC timestamp.
        evidenceCaptureDate:
          type: string
          format: date-time
          nullable: true
          description: |-
            The earliest date for which evidence should be captured.
            Evidence dated before this date may not be accepted.
            Null if not restricted. Format: ISO 8601 UTC timestamp.
        requestId:
          type: string
          nullable: true
          description: >-
            Non-unique external reference ID for this request.

            Unlike `uniqueId` which must be unique, `requestId` is for
            display/reference

            purposes only (e.g., "REQ-123"). Null if not provided.
        requestType:
          $ref: '#/components/schemas/InformationRequestType'
          description: Defines the scope of evidence required.
        title:
          type: string
          description: Short, descriptive title summarizing what is being requested.
        creationDate:
          type: string
          format: date-time
          description: |-
            Timestamp when the request was created in the system.
            Format: ISO 8601 UTC timestamp.
        modificationDate:
          type: string
          format: date-time
          description: |-
            Timestamp when the request was last modified.
            Format: ISO 8601 UTC timestamp.
        deletionDate:
          type: string
          format: date-time
          nullable: true
          description: >-
            Timestamp when the request was soft-deleted. Null if the request has
            not

            been deleted. Soft deletes allow retaining history while hiding the
            request

            from normal operations.

            Format: ISO 8601 UTC timestamp.
        ownerAssignment:
          allOf:
            - $ref: '#/components/schemas/ResourceOwner'
          nullable: true
          description: |-
            Resource owner (user or team) assigned to this information request.
            Returns null if no resource owner is assigned.
      required:
        - id
        - uniqueId
        - additionalControlIds
        - approvalStatus
        - cadence
        - frameworkCodes
        - description
        - dueDate
        - evidenceCaptureDate
        - requestId
        - requestType
        - title
        - creationDate
        - modificationDate
        - deletionDate
        - ownerAssignment
      type: object
      additionalProperties: false
    InformationRequestApprovalStatus:
      type: string
      enum:
        - NEEDS_EVIDENCE
        - READY_FOR_AUDIT
        - AUDITOR_APPROVED
        - AUDITOR_FLAGGED
      description: >-
        Current approval status of the information request, tracking its
        lifecycle through the audit process.


        The status progresses through the workflow: initial state → awaiting
        review → approved or flagged.

        Status can move between awaiting review and flagged states as evidence
        is reviewed and resubmitted.
    InformationRequestCadence:
      type: string
      enum:
        - ANNUALLY
        - BIANNUALLY
        - MONTHLY
        - QUARTERLY
      description: >-
        Frequency cadence for the information request, indicating how often it
        recurs.
    InformationRequestType:
      type: string
      enum:
        - POINT_IN_TIME
        - POPULATION
        - SAMPLE
      description: >-
        Type of information request, defining what scope of evidence is needed.


        - POINT_IN_TIME: Evidence for a specific moment (e.g., current state of
        a policy)

        - POPULATION: Evidence covering all items in a category (e.g., all
        employees)

        - SAMPLE: Evidence for a representative sample (e.g., 10 random customer
        records)
    ResourceOwner:
      anyOf:
        - properties:
            displayName:
              type: string
            id:
              type: string
            type:
              type: string
              enum:
                - user
              nullable: false
          required:
            - displayName
            - id
            - type
          type: object
        - properties:
            displayName:
              type: string
            id:
              type: string
            type:
              type: string
              enum:
                - team
              nullable: false
          required:
            - displayName
            - id
            - type
          type: object
      description: Represents either a user or a team owning a resource.
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````