Skip to main content
GET
/
issues
List issues
curl --request GET \
  --url https://api.vanta.com/v1/issues \
  --header 'Authorization: Bearer <token>'
{
  "results": {
    "pageInfo": {
      "endCursor": "NjgzZTlhZjFiMTIzNDU2Nzg5MGFiY2Rl",
      "hasNextPage": true,
      "hasPreviousPage": false,
      "startCursor": "NjgzZTlhZjFiMTIzNDU2Nzg5MGFiY2Rl"
    },
    "data": [
      {
        "id": "683e9af1b1234567890abcde",
        "readableIssueId": "ISS-001",
        "createdDate": "2026-01-15T10:00:00.000Z",
        "createdBy": {
          "actorType": "USER",
          "actorId": "user-123"
        },
        "lastModifiedBy": {
          "actorType": "USER",
          "actorId": "user-123"
        },
        "lastModifiedDate": "2026-01-20T14:30:00.000Z",
        "title": "Access review process needs documentation",
        "description": "The access review process lacks formal documentation.",
        "owners": [
          {
            "ownerType": "USER",
            "ownerId": "user-456"
          }
        ],
        "severity": "MEDIUM",
        "status": "IN_PROGRESS",
        "rootCause": "Process was informally defined and not documented.",
        "correctiveAction": "Document the access review process and train relevant staff.",
        "dueDate": "2026-03-01T00:00:00.000Z",
        "source": {
          "sourceType": "SELF_ASSESSMENT"
        },
        "controlDomain": "Identity and Access Management",
        "closedMetadata": null,
        "detectedDate": "2026-01-10T00:00:00.000Z",
        "mappedControlIds": [],
        "mappedRiskScenarioIds": [],
        "mappedPolicyIds": [],
        "customFields": [],
        "template": "STANDARD_ISSUE",
        "type": null
      }
    ]
  }
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Query Parameters

pageSize
integer<int32>
default:10

Controls the maximum number of items returned in one response from the API.

Required range: 1 <= x <= 100
pageCursor
string

A marker or pointer, telling the API where to start fetching items for the subsequent page in a paginated dataset. Note that the requested page will not include the item that corresponds to this cursor but will start from the one immediately after this cursor.

Full-text search across issue title and description.

readableIssueIdMatchesAny
string[]

Filter to issues matching any of the provided readable issue IDs.

statusMatchesAny
enum<string>[]

Filter to issues matching any of the provided statuses.

Available options:
NOT_STARTED,
IN_PROGRESS,
CLOSED
severityMatchesAny
enum<string>[]

Filter to issues matching any of the provided severities.

Available options:
CRITICAL,
HIGH,
MEDIUM,
LOW,
NO_SEVERITY
sourceMatchesAny
enum<string>[]

Filter to issues matching any of the provided sources.

Available options:
AUDIT,
AUDIT_EXTERNAL,
INCIDENT,
EXTERNAL_PARTY,
SELF_ASSESSMENT,
OTHER
typeMatchesAny
enum<string>[]

Filter to issues matching any of the provided types.

Available options:
AREA_OF_CONCERN,
MAJOR_NONCONFORMITY,
MINOR_NONCONFORMITY,
OPP_FOR_IMPROVEMENT,
EXCEPTION,
PROCESS_FOR_IMPROVEMENT
ownerIdMatchesAny
string[]

Filter to issues owned by any of the provided owner IDs.

templateMatchesAny
enum<string>[]

Filter to issues matching any of the provided templates.

Available options:
STANDARD_ISSUE,
STANDARD_POAM
closeReasonMatchesAny
enum<string>[]

Filter to issues closed for any of the provided reasons. Only applies to issues with a CLOSED status.

Available options:
RESOLVED,
DUPLICATE,
ACCEPTED,
OTHER
closedAfterDate
string<date-time>

Filter to issues closed on or after this date.

closedBeforeDate
string<date-time>

Filter to issues closed on or before this date.

includeIssuesWithoutDueDate
boolean

Include issues without a due date. This is functionally a no-op if dueBeforeDate or dueAfterDate are not provided.

includeOnlyIssuesWithoutDueDate
boolean

Only include issues without a due date. This filter cannot be used in conjunction with dueBeforeDate or dueAfterDate.

dueAfterDate
string<date-time>

Filter to issues with a due date on or after this date.

dueBeforeDate
string<date-time>

Filter to issues with a due date on or before this date.

detectedAfterDate
string<date-time>

Filter to issues detected on or after this date.

detectedBeforeDate
string<date-time>

Filter to issues detected on or before this date.

createdAfterDate
string<date-time>

Filter to issues created on or after this date.

createdBeforeDate
string<date-time>

Filter to issues created on or before this date.

auditIdMatchesAny
string[]

Filter to issues sourced from any of the provided audit IDs.

controlIdMatchesAny
string[]

Filter to issues mapped to any of the provided control IDs.

orderBy
enum<string>

Field to sort the results by.

Available options:
dueDate,
createdDate,
detectedDate,
lastModifiedDate,
status,
severity
orderDirection
enum<string>

Direction to sort the results in. One of asc or desc. Defaults to asc. Sort direction shared across the external REST API surface.

"asc" for ascending, "desc" for descending. Endpoints expose this as the orderDirection / sortDirection query parameter and map it onto whatever internal direction representation the underlying service expects.

Available options:
asc,
desc

Response

200 - application/json

Ok

results
object
required