> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List issues

> List issues on a domain (paginated).
Returns a paginated list of issues that the authenticated app has
permission to view, optionally filtered and sorted.



## OpenAPI

````yaml /reference/manage-vanta.json get /issues
openapi: 3.0.0
info:
  title: Manage Vanta
  version: 1.0.0
  description: >-
    The REST API lets customers query and mutate Vanta's data. Use this API to
    automate bulk actions, query data for custom workflows and dashboards, and
    bolster your security operations


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the
    commercial host — replace it with `https://api.vanta-gov.com/oauth/token`.
  termsOfService: https://www.vanta.com/terms
  license:
    name: UNLICENSED
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
servers:
  - url: https://api.vanta.com/v1
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com/v1
    description: Vanta Gov (FedRAMP)
security: []
paths:
  /issues:
    get:
      tags:
        - Issues
      summary: List issues
      description: |-
        List issues on a domain (paginated).
        Returns a paginated list of issues that the authenticated app has
        permission to view, optionally filtered and sorted.
      operationId: List
      parameters:
        - in: query
          name: pageSize
          required: false
          schema:
            $ref: '#/components/schemas/PageSize'
        - in: query
          name: pageCursor
          required: false
          schema:
            $ref: '#/components/schemas/PageCursor'
        - description: Full-text search across issue title and description.
          in: query
          name: search
          required: false
          schema:
            type: string
          example: weak password
        - description: Filter to issues matching any of the provided readable issue IDs.
          in: query
          name: readableIssueIdMatchesAny
          required: false
          schema:
            items:
              type: string
            type: array
        - description: Filter to issues matching any of the provided statuses.
          in: query
          name: statusMatchesAny
          required: false
          schema:
            type: array
            items:
              $ref: '#/components/schemas/IssueStatus'
          example:
            - IN_PROGRESS
            - CLOSED
        - description: Filter to issues matching any of the provided severities.
          in: query
          name: severityMatchesAny
          required: false
          schema:
            type: array
            items:
              $ref: '#/components/schemas/IssueSeverity'
          example:
            - HIGH
            - CRITICAL
        - description: Filter to issues matching any of the provided sources.
          in: query
          name: sourceMatchesAny
          required: false
          schema:
            type: array
            items:
              $ref: '#/components/schemas/SourceType'
          example:
            - AUDIT
            - SELF_ASSESSMENT
        - description: Filter to issues matching any of the provided types.
          in: query
          name: typeMatchesAny
          required: false
          schema:
            type: array
            items:
              $ref: '#/components/schemas/StandardIssueType'
          example:
            - AREA_OF_CONCERN
            - PROCESS_FOR_IMPROVEMENT
        - description: Filter to issues owned by any of the provided owner IDs.
          in: query
          name: ownerIdMatchesAny
          required: false
          schema:
            items:
              type: string
            type: array
          example:
            - user-123
            - user-456
        - description: Filter to issues matching any of the provided templates.
          in: query
          name: templateMatchesAny
          required: false
          schema:
            type: array
            items:
              $ref: '#/components/schemas/IssueTemplate'
          example:
            - STANDARD_ISSUE
            - STANDARD_POAM
        - description: >-
            Filter to issues closed for any of the provided reasons. Only
            applies

            to issues with a CLOSED status.
          in: query
          name: closeReasonMatchesAny
          required: false
          schema:
            type: array
            items:
              $ref: '#/components/schemas/ClosedReason'
          example:
            - RESOLVED
            - OTHER
        - description: Filter to issues closed on or after this date.
          in: query
          name: closedAfterDate
          required: false
          schema:
            type: string
            format: date-time
          example: '2023-01-01T00:00:00Z'
        - description: Filter to issues closed on or before this date.
          in: query
          name: closedBeforeDate
          required: false
          schema:
            type: string
            format: date-time
          example: '2023-12-31T23:59:59Z'
        - description: >-
            Include issues without a due date. This is functionally a no-op if
            dueBeforeDate or dueAfterDate are not provided.
          in: query
          name: includeIssuesWithoutDueDate
          required: false
          schema:
            type: boolean
          example: true
        - description: >-
            Only include issues without a due date. This filter cannot be used
            in conjunction with dueBeforeDate or dueAfterDate.
          in: query
          name: includeOnlyIssuesWithoutDueDate
          required: false
          schema:
            type: boolean
          example: false
        - description: Filter to issues with a due date on or after this date.
          in: query
          name: dueAfterDate
          required: false
          schema:
            type: string
            format: date-time
          example: '2023-01-01T00:00:00Z'
        - description: Filter to issues with a due date on or before this date.
          in: query
          name: dueBeforeDate
          required: false
          schema:
            type: string
            format: date-time
          example: '2023-12-31T23:59:59Z'
        - description: Filter to issues detected on or after this date.
          in: query
          name: detectedAfterDate
          required: false
          schema:
            type: string
            format: date-time
          example: '2023-01-01T00:00:00Z'
        - description: Filter to issues detected on or before this date.
          in: query
          name: detectedBeforeDate
          required: false
          schema:
            type: string
            format: date-time
          example: '2023-12-31T23:59:59Z'
        - description: Filter to issues created on or after this date.
          in: query
          name: createdAfterDate
          required: false
          schema:
            type: string
            format: date-time
          example: '2023-01-01T00:00:00Z'
        - description: Filter to issues created on or before this date.
          in: query
          name: createdBeforeDate
          required: false
          schema:
            type: string
            format: date-time
          example: '2023-12-31T23:59:59Z'
        - description: Filter to issues sourced from any of the provided audit IDs.
          in: query
          name: auditIdMatchesAny
          required: false
          schema:
            items:
              type: string
            type: array
          example:
            - audit-123
            - audit-456
        - description: Filter to issues mapped to any of the provided control IDs.
          in: query
          name: controlIdMatchesAny
          required: false
          schema:
            items:
              type: string
            type: array
          example:
            - control-123
            - control-456
        - description: Field to sort the results by.
          in: query
          name: orderBy
          required: false
          schema:
            $ref: '#/components/schemas/IssueSortField'
        - description: >-
            Direction to sort the results in. One of `asc` or `desc`. Defaults
            to `asc`.
          in: query
          name: orderDirection
          required: false
          schema:
            $ref: '#/components/schemas/OrderDirection'
      responses:
        '200':
          description: Ok
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PaginatedResponse_Issue_'
              examples:
                Example 1:
                  value:
                    results:
                      pageInfo:
                        endCursor: NjgzZTlhZjFiMTIzNDU2Nzg5MGFiY2Rl
                        hasNextPage: true
                        hasPreviousPage: false
                        startCursor: NjgzZTlhZjFiMTIzNDU2Nzg5MGFiY2Rl
                      data:
                        - id: 683e9af1b1234567890abcde
                          readableIssueId: ISS-001
                          createdDate: '2026-01-15T10:00:00.000Z'
                          createdBy:
                            actorType: USER
                            actorId: user-123
                          lastModifiedBy:
                            actorType: USER
                            actorId: user-123
                          lastModifiedDate: '2026-01-20T14:30:00.000Z'
                          title: Access review process needs documentation
                          description: >-
                            The access review process lacks formal
                            documentation.
                          owners:
                            - ownerType: USER
                              ownerId: user-456
                          severity: MEDIUM
                          status: IN_PROGRESS
                          rootCause: Process was informally defined and not documented.
                          correctiveAction: >-
                            Document the access review process and train
                            relevant staff.
                          dueDate: '2026-03-01T00:00:00.000Z'
                          source:
                            sourceType: SELF_ASSESSMENT
                          controlDomain: Identity and Access Management
                          closedMetadata: null
                          detectedDate: '2026-01-10T00:00:00.000Z'
                          mappedControlIds: []
                          mappedRiskScenarioIds: []
                          mappedPolicyIds: []
                          customFields: []
                          template: STANDARD_ISSUE
                          type: null
      security:
        - bearerAuth: []
components:
  schemas:
    PageSize:
      type: integer
      format: int32
      default: 10
      description: >-
        Controls the maximum number of items returned in one response from the
        API.
      minimum: 1
      maximum: 100
    PageCursor:
      type: string
      description: >-
        A marker or pointer, telling the API where to start fetching items for
        the subsequent page in a paginated dataset.

        Note that the requested page will not include the item that corresponds
        to this cursor but will start from the one immediately

        after this cursor.
    IssueStatus:
      type: string
      enum:
        - NOT_STARTED
        - IN_PROGRESS
        - CLOSED
    IssueSeverity:
      type: string
      enum:
        - CRITICAL
        - HIGH
        - MEDIUM
        - LOW
        - NO_SEVERITY
    SourceType:
      type: string
      enum:
        - AUDIT
        - AUDIT_EXTERNAL
        - INCIDENT
        - EXTERNAL_PARTY
        - SELF_ASSESSMENT
        - OTHER
    StandardIssueType:
      type: string
      enum:
        - AREA_OF_CONCERN
        - MAJOR_NONCONFORMITY
        - MINOR_NONCONFORMITY
        - OPP_FOR_IMPROVEMENT
        - EXCEPTION
        - PROCESS_FOR_IMPROVEMENT
    IssueTemplate:
      type: string
      enum:
        - STANDARD_ISSUE
        - STANDARD_POAM
    ClosedReason:
      type: string
      enum:
        - RESOLVED
        - DUPLICATE
        - ACCEPTED
        - OTHER
    IssueSortField:
      type: string
      enum:
        - dueDate
        - createdDate
        - detectedDate
        - lastModifiedDate
        - status
        - severity
    OrderDirection:
      type: string
      enum:
        - asc
        - desc
      description: >-
        Sort direction shared across the external REST API surface.


        `"asc"` for ascending, `"desc"` for descending. Endpoints expose this as
        the

        `orderDirection` / `sortDirection` query parameter and map it onto
        whatever

        internal direction representation the underlying service expects.
    PaginatedResponse_Issue_:
      properties:
        results:
          properties:
            data:
              items:
                $ref: '#/components/schemas/Issue'
              type: array
            pageInfo:
              $ref: '#/components/schemas/PageInfo'
          required:
            - data
            - pageInfo
          type: object
      required:
        - results
      type: object
      additionalProperties: false
    Issue:
      anyOf:
        - $ref: '#/components/schemas/StandardIssue'
        - $ref: '#/components/schemas/StandardPOAM'
    PageInfo:
      description: Provides information about the pagination of a dataset.
      properties:
        endCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the end of the current page, or null if
            there is no such cursor.
        hasNextPage:
          type: boolean
          description: Indicates if there is another page after the current page.
        hasPreviousPage:
          type: boolean
          description: Indicates if there is a page before the current page.
        startCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the start of the current page, or null if
            there is no such cursor.
      required:
        - endCursor
        - hasNextPage
        - hasPreviousPage
        - startCursor
      type: object
      additionalProperties: false
    StandardIssue:
      properties:
        id:
          type: string
        readableIssueId:
          type: string
        createdDate:
          type: string
          format: date-time
        createdBy:
          $ref: '#/components/schemas/Actor'
        lastModifiedBy:
          $ref: '#/components/schemas/Actor'
        lastModifiedDate:
          type: string
          format: date-time
        title:
          type: string
        description:
          type: string
        owners:
          items:
            $ref: '#/components/schemas/IssueOwner'
          type: array
        severity:
          $ref: '#/components/schemas/IssueSeverity'
        status:
          $ref: '#/components/schemas/IssueStatus'
        rootCause:
          type: string
          nullable: true
        correctiveAction:
          type: string
          nullable: true
        dueDate:
          type: string
          format: date-time
          nullable: true
        source:
          allOf:
            - $ref: '#/components/schemas/Source'
          nullable: true
        controlDomain:
          type: string
          nullable: true
        closedMetadata:
          allOf:
            - $ref: '#/components/schemas/ClosedMetadata'
          nullable: true
        detectedDate:
          type: string
          format: date-time
        mappedControlIds:
          items:
            type: string
          type: array
        mappedRiskScenarioIds:
          items:
            type: string
          type: array
        mappedPolicyIds:
          items:
            type: string
          type: array
        customFields:
          items:
            $ref: '#/components/schemas/IssueCustomField'
          type: array
        template:
          $ref: '#/components/schemas/Extract_IssueTemplate.STANDARD_ISSUE_'
        type:
          allOf:
            - $ref: '#/components/schemas/StandardIssueType'
          nullable: true
      required:
        - id
        - readableIssueId
        - createdDate
        - createdBy
        - lastModifiedBy
        - lastModifiedDate
        - title
        - description
        - owners
        - severity
        - status
        - rootCause
        - correctiveAction
        - dueDate
        - source
        - controlDomain
        - closedMetadata
        - detectedDate
        - mappedControlIds
        - mappedRiskScenarioIds
        - mappedPolicyIds
        - customFields
        - template
        - type
      type: object
      additionalProperties: false
    StandardPOAM:
      properties:
        id:
          type: string
        readableIssueId:
          type: string
        createdDate:
          type: string
          format: date-time
        createdBy:
          $ref: '#/components/schemas/Actor'
        lastModifiedBy:
          $ref: '#/components/schemas/Actor'
        lastModifiedDate:
          type: string
          format: date-time
        title:
          type: string
        description:
          type: string
        owners:
          items:
            $ref: '#/components/schemas/IssueOwner'
          type: array
        severity:
          $ref: '#/components/schemas/IssueSeverity'
        status:
          $ref: '#/components/schemas/IssueStatus'
        rootCause:
          type: string
          nullable: true
        correctiveAction:
          type: string
          nullable: true
        dueDate:
          type: string
          format: date-time
          nullable: true
        source:
          allOf:
            - $ref: '#/components/schemas/Source'
          nullable: true
        controlDomain:
          type: string
          nullable: true
        closedMetadata:
          allOf:
            - $ref: '#/components/schemas/ClosedMetadata'
          nullable: true
        detectedDate:
          type: string
          format: date-time
        mappedControlIds:
          items:
            type: string
          type: array
        mappedRiskScenarioIds:
          items:
            type: string
          type: array
        mappedPolicyIds:
          items:
            type: string
          type: array
        customFields:
          items:
            $ref: '#/components/schemas/IssueCustomField'
          type: array
        template:
          $ref: '#/components/schemas/Extract_IssueTemplate.STANDARD_POAM_'
        requiredResources:
          type: string
          nullable: true
        systemsDescription:
          type: string
          nullable: true
      required:
        - id
        - readableIssueId
        - createdDate
        - createdBy
        - lastModifiedBy
        - lastModifiedDate
        - title
        - description
        - owners
        - severity
        - status
        - rootCause
        - correctiveAction
        - dueDate
        - source
        - controlDomain
        - closedMetadata
        - detectedDate
        - mappedControlIds
        - mappedRiskScenarioIds
        - mappedPolicyIds
        - customFields
        - template
        - requiredResources
        - systemsDescription
      type: object
      additionalProperties: false
    Actor:
      properties:
        actorType:
          $ref: '#/components/schemas/ActorType'
        actorId:
          type: string
      required:
        - actorType
        - actorId
      type: object
      additionalProperties: false
    IssueOwner:
      properties:
        ownerType:
          $ref: '#/components/schemas/OwnerType'
        ownerId:
          type: string
      required:
        - ownerType
        - ownerId
      type: object
      additionalProperties: false
    Source:
      properties:
        sourceType:
          $ref: '#/components/schemas/SourceType'
        sourceId:
          type: string
      required:
        - sourceType
      type: object
      additionalProperties: false
    ClosedMetadata:
      properties:
        reason:
          $ref: '#/components/schemas/ClosedReason'
        comment:
          type: string
        closedAt:
          type: string
          format: date-time
      required:
        - reason
        - comment
        - closedAt
      type: object
      additionalProperties: false
    IssueCustomField:
      properties:
        label:
          type: string
        value:
          anyOf:
            - type: string
            - items:
                type: string
              type: array
      required:
        - label
        - value
      type: object
      additionalProperties: false
    Extract_IssueTemplate.STANDARD_ISSUE_:
      type: string
      enum:
        - STANDARD_ISSUE
      nullable: false
      description: Extract from T those types that are assignable to U
    Extract_IssueTemplate.STANDARD_POAM_:
      type: string
      enum:
        - STANDARD_POAM
      nullable: false
      description: Extract from T those types that are assignable to U
    ActorType:
      type: string
      enum:
        - USER
        - WORKFLOW_GENERATED
    OwnerType:
      type: string
      enum:
        - USER
        - TEAM
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````