List of vendors who are in scope for this audit

GET

audits

{auditId}

vendors

curl --request GET \
  --url https://api.vanta.com/v1/audits/{auditId}/vendors \
  --header 'Authorization: Bearer <token>'

{
  "results": {
    "data": [
      {
        "id": "a2f7e1b9d0c3f4e5a6c7b8d8",
        "name": "Vanta",
        "websiteUrl": "https://www.vanta.com/",
        "accountManagerName": "John Doe",
        "accountManagerEmail": "john@doe.com",
        "servicesProvided": "SaaS",
        "additionalNotes": "Automate compliance and streamline security reviews with the leading trust management platform.",
        "authDetails": {
          "method": "O_AUTH",
          "passwordMFA": true,
          "passwordRequiresNumber": true,
          "passwordRequiresSymbol": true,
          "passwordMinimumLength": 16
        },
        "securityOwnerUserId": "6626afa6490ec920099773e7",
        "businessOwnerUserId": "6626afb14c912f0a50e85619",
        "contractStartDate": "2024-02-01T00:00:00.000Z",
        "contractRenewalDate": "2025-02-01T00:00:00.000Z",
        "contractTerminationDate": null,
        "lastSecurityReviewCompletionDate": "2024-01-01T00:00:00.000Z",
        "nextSecurityReviewDueDate": "2025-01-01T00:00:00.000Z",
        "isVisibleToAuditors": true,
        "isRiskAutoScored": true,
        "category": {
          "displayName": "cloudMonitoring"
        },
        "riskAttributeIds": [
          "6626b0298acc44f8674390da",
          "6626b02ea4cd9ba80d773c20"
        ],
        "status": "MANAGED",
        "inherentRiskLevel": "HIGH",
        "residualRiskLevel": "MEDIUM",
        "vendorHeadquarters": "USA",
        "contractAmount": {
          "amount": 1000000,
          "currency": "USD"
        },
        "customFields": null,
        "latestDecision": {
          "status": "APPROVED",
          "lastUpdatedAt": "2024-01-01T00:00:00.000Z"
        },
        "linkedTaskTrackerTaskProcurementRequest": {
          "service": "jira",
          "url": "https://random-company.atlassian.net/browse/PROJ-123"
        }
      }
    ],
    "pageInfo": {
      "hasNextPage": false,
      "hasPreviousPage": false,
      "startCursor": "6696ea0595df50d5cd6ec3b7",
      "endCursor": "6696ece48eb1f98ff3d927c6"
    }
  }
}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

auditId

string

required

Query Parameters

pageSize

integer<int32>

default:10

Controls the maximum number of items returned in one response from the API.

Required range: 1 <= x <= 100

pageCursor

string

A marker or pointer, telling the API where to start fetching items for the subsequent page in a paginated dataset. Note that the requested page will not include the item that corresponds to this cursor but will start from the one immediately after this cursor.

Response

200 - application/json

results

object

required

Show child attributes

List vulnerabilities within the scope of a given auditList all vulnerabilities based on selected filters. End of life — this endpoint works for legacy audits only; it does not support controlled audit view. It remains available for existing legacy audits but will be removed once legacy audits are fully phased out, so do not build new integrations on it.

⌘I

List of vendors who are in scope for this audit

curl --request GET \
  --url https://api.vanta.com/v1/audits/{auditId}/vendors \
  --header 'Authorization: Bearer <token>'

{
  "results": {
    "data": [
      {
        "id": "a2f7e1b9d0c3f4e5a6c7b8d8",
        "name": "Vanta",
        "websiteUrl": "https://www.vanta.com/",
        "accountManagerName": "John Doe",
        "accountManagerEmail": "john@doe.com",
        "servicesProvided": "SaaS",
        "additionalNotes": "Automate compliance and streamline security reviews with the leading trust management platform.",
        "authDetails": {
          "method": "O_AUTH",
          "passwordMFA": true,
          "passwordRequiresNumber": true,
          "passwordRequiresSymbol": true,
          "passwordMinimumLength": 16
        },
        "securityOwnerUserId": "6626afa6490ec920099773e7",
        "businessOwnerUserId": "6626afb14c912f0a50e85619",
        "contractStartDate": "2024-02-01T00:00:00.000Z",
        "contractRenewalDate": "2025-02-01T00:00:00.000Z",
        "contractTerminationDate": null,
        "lastSecurityReviewCompletionDate": "2024-01-01T00:00:00.000Z",
        "nextSecurityReviewDueDate": "2025-01-01T00:00:00.000Z",
        "isVisibleToAuditors": true,
        "isRiskAutoScored": true,
        "category": {
          "displayName": "cloudMonitoring"
        },
        "riskAttributeIds": [
          "6626b0298acc44f8674390da",
          "6626b02ea4cd9ba80d773c20"
        ],
        "status": "MANAGED",
        "inherentRiskLevel": "HIGH",
        "residualRiskLevel": "MEDIUM",
        "vendorHeadquarters": "USA",
        "contractAmount": {
          "amount": 1000000,
          "currency": "USD"
        },
        "customFields": null,
        "latestDecision": {
          "status": "APPROVED",
          "lastUpdatedAt": "2024-01-01T00:00:00.000Z"
        },
        "linkedTaskTrackerTaskProcurementRequest": {
          "service": "jira",
          "url": "https://random-company.atlassian.net/browse/PROJ-123"
        }
      }
    ],
    "pageInfo": {
      "hasNextPage": false,
      "hasPreviousPage": false,
      "startCursor": "6696ea0595df50d5cd6ec3b7",
      "endCursor": "6696ece48eb1f98ff3d927c6"
    }
  }
}