> ## Documentation Index > Fetch the complete documentation index at: https://developer.vanta.com/llms.txt > Use this file to discover all available pages before exploring further. # Update a comment for a control within an audit > Updates an existing comment on a control. Only the original author of the comment can update it. The author is identified by their email address, which must match the email of the user who created the comment. Rate limit: 10 requests / minute. ## OpenAPI ````yaml https://spec.speakeasy.com/vanta/vanta/conduct-an-audit-with-code-samples patch /audits/{auditId}/controls/{controlId}/comments/{commentId} openapi: 3.0.0 info: title: Conduct an audit version: 1.0.0 description: >- The Auditor API lets audit firms conduct audits from a tool outside of Vanta. Unlock data syncing with Vanta through this API. **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)` from the server dropdown to issue requests against `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the commercial host — replace it with `https://api.vanta-gov.com/oauth/token`. termsOfService: https://www.vanta.com/terms license: name: UNLICENSED contact: name: API Support url: https://help.vanta.com/ email: support@vanta.com servers: - url: https://api.vanta.com/v1 description: US Region API - url: https://api.vanta-gov.com/v1 description: Vanta Gov (FedRAMP) security: [] paths: /audits/{auditId}/controls/{controlId}/comments/{commentId}: patch: tags: - Audits summary: Update a comment for a control within an audit description: >- Updates an existing comment on a control. Only the original author of the comment can update it. The author is identified by their email address, which must match the email of the user who created the comment. Rate limit: 10 requests / minute. operationId: UpdateCommentForControl parameters: - in: path name: auditId required: true schema: type: string - in: path name: controlId required: true schema: type: string - in: path name: commentId required: true schema: type: string requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/UpdateAuditControlCommentInput' responses: '200': description: Ok content: application/json: schema: $ref: '#/components/schemas/AuditControlComment' examples: Example 1: value: id: 65fc81a3359c8508c9af880f text: Some comment creationDate: '2024-03-07T21:25:56.000Z' modificationDate: '2024-03-07T21:25:56.000Z' deletionDate: '2024-03-07T21:25:56.000Z' email: vlad@vantaroo.com authorName: Vlad Vantaroo security: - bearerAuth: [] x-codeSamples: - lang: typescript label: UpdateCommentForControl source: |- import { Vanta } from "vanta-auditor-api-sdk"; const vanta = new Vanta({ bearerAuth: process.env["VANTA_BEARER_AUTH"] ?? "", }); async function run() { const result = await vanta.audits.updateCommentForControl({ auditId: "", controlId: "", commentId: "", updateAuditControlCommentInput: { text: "", email: "Leonardo71@hotmail.com", }, }); console.log(result); } run(); - lang: java label: UpdateCommentForControl source: >- package hello.world; import com.vanta.vanta_auditor_api.Vanta; import com.vanta.vanta_auditor_api.models.components.UpdateAuditControlCommentInput; import com.vanta.vanta_auditor_api.models.operations.UpdateCommentForControlResponse; import java.lang.Exception; public class Application { public static void main(String[] args) throws Exception { Vanta sdk = Vanta.builder() .bearerAuth(System.getenv().getOrDefault("BEARER_AUTH", "")) .build(); UpdateCommentForControlResponse res = sdk.audits().updateCommentForControl() .auditId("") .controlId("") .commentId("") .updateAuditControlCommentInput(UpdateAuditControlCommentInput.builder() .text("") .email("Leonardo71@hotmail.com") .build()) .call(); if (res.auditControlComment().isPresent()) { System.out.println(res.auditControlComment().get()); } } } components: schemas: UpdateAuditControlCommentInput: description: |- Updates an existing comment on a control. Only the original author of the comment can update it. properties: text: type: string description: |- The text content of the comment. Must be at least 1 character. Can include questions, clarifications, or explanations related to the control. email: type: string description: >- Email address of the comment author. Must match an existing Vanta user who belongs to the audit firm making the API request. This email uniquely identifies the author across systems. required: - text - email type: object additionalProperties: false AuditControlComment: description: >- A comment on a control within an audit. These threaded discussions let auditors and customers collaborate on a specific control — asking questions, documenting reasoning, or recording follow-ups — directly against the control being assessed. Audit control comments are scoped to a single audit engagement and are distinct from any organization-internal control comments. properties: id: type: string description: |- The unique identifier for the comment within Vanta's system. Format: ObjectId as a string (e.g., "6890e473dce1da5d8406f5e7"). text: type: string description: >- The comment message content. Can include explanations, questions, or clarifications about the control. creationDate: type: string format: date-time description: |- Timestamp when the comment was created. Format: ISO 8601 UTC timestamp. modificationDate: type: string format: date-time nullable: true description: |- Timestamp when the comment was last edited. Null if the comment has never been modified. Format: ISO 8601 UTC timestamp. deletionDate: type: string format: date-time nullable: true description: >- Timestamp when the comment was soft-deleted. Null if the comment has not been deleted. Soft deletes retain the comment for audit history while hiding it from normal operations. Format: ISO 8601 UTC timestamp. email: type: string nullable: true description: >- Email address of the comment author. This email uniquely identifies users between Vanta and external audit systems. Null when the comment author can't be matched to a Vanta user. authorName: type: string nullable: true description: >- Human-readable display name of the comment author. Null if the author's name is not available (e.g., user was deleted). This enables correct author attribution in integrations where users cannot be reliably matched across systems by email alone. required: - id - text - creationDate - modificationDate - deletionDate - email - authorName type: object additionalProperties: false securitySchemes: bearerAuth: type: http scheme: bearer ````