> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List audits

> Returns a paginated list of audits scoped to the audit firm.

To identify IRL (Information Request List) audits, check for the presence of the
`auditorRequestListMetadata` field. This field is only present for IRL-based audits
and will be `undefined` for standard audits.

Rate limit: 250 requests / minute.



## OpenAPI

````yaml https://spec.speakeasy.com/vanta/vanta/conduct-an-audit-with-code-samples get /audits
openapi: 3.0.0
info:
  title: Conduct an audit
  version: 1.0.0
  description: >-
    The Auditor API lets audit firms conduct audits from a tool outside of
    Vanta. Unlock data syncing with Vanta through this API.


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the
    commercial host — replace it with `https://api.vanta-gov.com/oauth/token`.
  termsOfService: https://www.vanta.com/terms
  license:
    name: UNLICENSED
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
servers:
  - url: https://api.vanta.com/v1
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com/v1
    description: Vanta Gov (FedRAMP)
security: []
paths:
  /audits:
    get:
      tags:
        - Audits
      summary: List audits
      description: >-
        Returns a paginated list of audits scoped to the audit firm.


        To identify IRL (Information Request List) audits, check for the
        presence of the

        `auditorRequestListMetadata` field. This field is only present for
        IRL-based audits

        and will be `undefined` for standard audits.


        Rate limit: 250 requests / minute.
      operationId: ListAudits
      parameters:
        - in: query
          name: pageSize
          required: false
          schema:
            $ref: '#/components/schemas/ListAuditsPageSize'
        - in: query
          name: pageCursor
          required: false
          schema:
            $ref: '#/components/schemas/PageCursor'
        - description: Includes all audits that have changed since changedSinceDate.
          in: query
          name: changedSinceDate
          required: false
          schema:
            type: string
            format: date-time
        - description: Includes only audits with no audit report uploaded
          in: query
          name: isActiveAudit
          required: false
          schema:
            type: boolean
      responses:
        '200':
          description: Ok
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PaginatedResponse_Audit_'
              examples:
                Example 1:
                  value:
                    results:
                      data:
                        - id: 65fc81a3359c8508c9af880f
                          customerOrganizationName: corporation.com
                          customerDisplayName: Corporation Company
                          customerOrganizationId: 65fc81a3359c8508c9af880f
                          auditStartDate: '2024-03-07T21:25:56.000Z'
                          auditEndDate: '2024-03-14T21:25:56.000Z'
                          earlyAccessStartsAt: '2024-03-07T21:25:56.000Z'
                          framework: SOC 2 Type II
                          displayName: Q1 2024 SOC 2 Audit
                          allowAuditorEmails:
                            - sam@auditor.com
                          allowAllAuditors: true
                          deletionDate: '2024-03-07T21:25:56.000Z'
                          creationDate: '2024-03-07T21:25:56.000Z'
                          modificationDate: '2024-03-07T21:25:56.000Z'
                          completionDate: '2024-03-07T21:25:56.000Z'
                          auditFocus: EXTERNAL
                          auditorRequestListMetadata:
                            requestsSharedWithCustomer: '2024-03-07T21:25:56.000Z'
                      pageInfo:
                        hasNextPage: false
                        hasPreviousPage: false
                        startCursor: YXJyYXljb25uZWN0aW9uOjA=
                        endCursor: YXJyYXljb25uZWN0aW9uOjE=
      security:
        - bearerAuth: []
      x-codeSamples:
        - lang: typescript
          label: ListAudits
          source: |-
            import { Vanta } from "vanta-auditor-api-sdk";

            const vanta = new Vanta({
              bearerAuth: process.env["VANTA_BEARER_AUTH"] ?? "",
            });

            async function run() {
              const result = await vanta.audits.list({});

              console.log(result);
            }

            run();
        - lang: java
          label: ListAudits
          source: >-
            package hello.world;


            import com.vanta.vanta_auditor_api.Vanta;

            import
            com.vanta.vanta_auditor_api.models.operations.ListAuditsResponse;

            import java.lang.Exception;


            public class Application {

                public static void main(String[] args) throws Exception {

                    Vanta sdk = Vanta.builder()
                            .bearerAuth(System.getenv().getOrDefault("BEARER_AUTH", ""))
                        .build();

                    ListAuditsResponse res = sdk.audits().list()
                            .pageSize(10)
                            .call();

                    if (res.paginatedResponseAudit().isPresent()) {
                        System.out.println(res.paginatedResponseAudit().get());
                    }
                }
            }
components:
  schemas:
    ListAuditsPageSize:
      type: integer
      format: int32
      default: 10
      description: >-
        Controls the maximum number of items returned in one response from the
        listAudits API.


        We have increased the pagination size for this endpoint to enable our
        upmarket audit firms to

        sync in a timely manner. The rest of the API will use a pagination size
        of 100.
      minimum: 1
      maximum: 200
    PageCursor:
      type: string
      description: >-
        A marker or pointer, telling the API where to start fetching items for
        the subsequent page in a paginated dataset.

        Note that the requested page will not include the item that corresponds
        to this cursor but will start from the one immediately

        after this cursor.
    PaginatedResponse_Audit_:
      properties:
        results:
          properties:
            data:
              items:
                $ref: '#/components/schemas/Audit'
              type: array
            pageInfo:
              $ref: '#/components/schemas/PageInfo'
          required:
            - data
            - pageInfo
          type: object
      required:
        - results
      type: object
      additionalProperties: false
    Audit:
      properties:
        id:
          type: string
          description: The unique identifier for the audit.
        customerOrganizationName:
          type: string
          description: >-
            The domain name of the customer organization being audited (e.g.
            vanta.com)
        customerDisplayName:
          type: string
          nullable: true
          description: >-
            The human readable name of the customer organization being audited
            (e.g. Vanta)
        customerOrganizationId:
          type: string
          description: The uuid of the customer organization being audited
        auditStartDate:
          type: string
          format: date-time
          description: >-
            The start of the audit window. This is also when data collection for
            audit starts.
        auditEndDate:
          type: string
          format: date-time
          description: The end of the audit window.
        earlyAccessStartsAt:
          type: string
          format: date-time
          nullable: true
          description: >-
            Timestamp at which auditors gain access to the audit. Occurs before
            the audit window begins
        framework:
          type: string
          description: The name of the framework for the audit
        displayName:
          type: string
          description: >-
            The display name for the audit. Returns the custom audit name if
            set,

            otherwise returns the framework name.
        allowAuditorEmails:
          items:
            type: string
          type: array
          description: Emails of auditors with access to audit
        allowAllAuditors:
          type: boolean
          description: Set to true if all auditors in audit firm have access
        deletionDate:
          type: string
          format: date-time
          nullable: true
          description: Timestamp when the audit was deleted
        creationDate:
          type: string
          format: date-time
          description: Timestamp when the audit was created
        modificationDate:
          type: string
          format: date-time
          nullable: true
          description: Timestamp when the audit was updated
        completionDate:
          type: string
          format: date-time
          nullable: true
          description: >-
            Timestamp when the audit was marked completed, and report was
            uploaded
        auditFocus:
          $ref: '#/components/schemas/AuditFocus'
          description: Audit focus determines if the audit is internal or external facing
        auditorRequestListMetadata:
          properties:
            requestsSharedWithCustomer:
              type: string
              format: date-time
              nullable: true
              description: >-
                Timestamp when information requests were shared with the
                customer. Null if not shared.
          required:
            - requestsSharedWithCustomer
          type: object
          description: >-
            Metadata about the auditor request list. This field is only present
            for IRL (Information

            Request List) based audits and will be undefined for standard
            audits. Use the presence

            of this field to differentiate between IRL and non-IRL audits.
      required:
        - id
        - customerOrganizationName
        - customerDisplayName
        - customerOrganizationId
        - auditStartDate
        - auditEndDate
        - earlyAccessStartsAt
        - framework
        - displayName
        - allowAuditorEmails
        - allowAllAuditors
        - deletionDate
        - creationDate
        - modificationDate
        - completionDate
        - auditFocus
      type: object
      additionalProperties: false
    PageInfo:
      description: Provides information about the pagination of a dataset.
      properties:
        endCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the end of the current page, or null if
            there is no such cursor.
        hasNextPage:
          type: boolean
          description: Indicates if there is another page after the current page.
        hasPreviousPage:
          type: boolean
          description: Indicates if there is a page before the current page.
        startCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the start of the current page, or null if
            there is no such cursor.
      required:
        - endCursor
        - hasNextPage
        - hasPreviousPage
        - startCursor
      type: object
      additionalProperties: false
    AuditFocus:
      type: string
      enum:
        - EXTERNAL
        - INTERNAL
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````