Audits

List information requests linked to a control within an audit

Returns a paginated list of active information requests linked to a specific control within an IRL audit. An information request is linked to a control either via its framework codes (criteriaIds) or via a direct association (additionalControlIds).

Soft-deleted information requests are not included in the response. To synchronize deletions, use GET /audits/{auditId}/information-requests, which supports changedSinceDate and includes soft-deleted records.

Returns 404 when the control is not part of the audit. Returns an empty page when the control is part of the audit but has no active IRLs linked to it.

Pagination usage:

Make initial request with desired pageSize
Check results.pageInfo.hasNextPage to see if more data exists
If true, use results.pageInfo.endCursor as pageCursor in next request
Repeat until hasNextPage is false

GET

audits

{auditId}

controls

{controlId}

information-requests

TypeScript

import { Vanta } from "vanta-auditor-api-sdk";

const vanta = new Vanta({
  bearerAuth: process.env["VANTA_BEARER_AUTH"] ?? "",
});

async function run() {
  const result = await vanta.audits.listInformationRequestsForControl({
    auditId: "<id>",
    controlId: "<id>",
  });

  console.log(result);
}

run();

{
  "results": {
    "data": [
      {
        "id": "6890e473dce1da5d8406f5e7",
        "uniqueId": "1466132",
        "additionalControlIds": [],
        "approvalStatus": "NEEDS_EVIDENCE",
        "cadence": "ANNUALLY",
        "frameworkCodes": [
          "SOC2_CC6.1"
        ],
        "description": "Provide the data deletion evidence for a sample of terminated customers",
        "dueDate": "2025-10-28T00:00:00.000Z",
        "evidenceCaptureDate": "2025-10-28T00:00:00.000Z",
        "requestId": null,
        "requestType": "SAMPLE",
        "title": "Terminated Customer Deletion Evidence",
        "creationDate": "2025-08-01T12:34:56.000Z",
        "modificationDate": "2025-08-02T08:00:00.000Z",
        "deletionDate": null,
        "ownerAssignment": {
          "type": "user",
          "id": "507f1f77bcf86cd799439011",
          "displayName": "John Doe"
        }
      }
    ],
    "pageInfo": {
      "hasNextPage": false,
      "hasPreviousPage": false,
      "startCursor": "Njg5MGU0NzNkY2UxZGE1Z",
      "endCursor": "Njg5MGU0NzNkY2UxZGE1Z"
    }
  }
}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

auditId

string

required

controlId

string

required

Query Parameters

pageSize

integer<int32>

default:10

Maximum number of information requests to return per page. Controls the maximum number of items returned in one response from the API.

Required range: 1 <= x <= 100

pageCursor

string

Pagination cursor from a previous response. Provide to fetch the next page of results. A marker or pointer, telling the API where to start fetching items for the subsequent page in a paginated dataset. Note that the requested page will not include the item that corresponds to this cursor but will start from the one immediately after this cursor.

Response

200 - application/json

results

object

required

Show child attributes

List audit evidenceReturns a paginated list of evidence for an audit.

⌘I

TypeScript

import { Vanta } from "vanta-auditor-api-sdk";

const vanta = new Vanta({
  bearerAuth: process.env["VANTA_BEARER_AUTH"] ?? "",
});

async function run() {
  const result = await vanta.audits.listInformationRequestsForControl({
    auditId: "<id>",
    controlId: "<id>",
  });

  console.log(result);
}

run();

{
  "results": {
    "data": [
      {
        "id": "6890e473dce1da5d8406f5e7",
        "uniqueId": "1466132",
        "additionalControlIds": [],
        "approvalStatus": "NEEDS_EVIDENCE",
        "cadence": "ANNUALLY",
        "frameworkCodes": [
          "SOC2_CC6.1"
        ],
        "description": "Provide the data deletion evidence for a sample of terminated customers",
        "dueDate": "2025-10-28T00:00:00.000Z",
        "evidenceCaptureDate": "2025-10-28T00:00:00.000Z",
        "requestId": null,
        "requestType": "SAMPLE",
        "title": "Terminated Customer Deletion Evidence",
        "creationDate": "2025-08-01T12:34:56.000Z",
        "modificationDate": "2025-08-02T08:00:00.000Z",
        "deletionDate": null,
        "ownerAssignment": {
          "type": "user",
          "id": "507f1f77bcf86cd799439011",
          "displayName": "John Doe"
        }
      }
    ],
    "pageInfo": {
      "hasNextPage": false,
      "hasPreviousPage": false,
      "startCursor": "Njg5MGU0NzNkY2UxZGE1Z",
      "endCursor": "Njg5MGU0NzNkY2UxZGE1Z"
    }
  }
}