> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List vendor risk attributes

> Returns a list of vendor risk attributes.



## OpenAPI

````yaml /reference/manage-vanta.json get /vendor-risk-attributes
openapi: 3.0.0
info:
  title: Manage Vanta
  version: 1.0.0
  description: >-
    The REST API lets customers query and mutate Vanta's data. Use this API to
    automate bulk actions, query data for custom workflows and dashboards, and
    bolster your security operations


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the
    commercial host — replace it with `https://api.vanta-gov.com/oauth/token`.
  termsOfService: https://www.vanta.com/terms
  license:
    name: UNLICENSED
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
servers:
  - url: https://api.vanta.com/v1
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com/v1
    description: Vanta Gov (FedRAMP)
security: []
paths:
  /vendor-risk-attributes:
    get:
      tags:
        - Vendor Risk Attributes
      summary: List vendor risk attributes
      description: Returns a list of vendor risk attributes.
      operationId: ListVendorRiskAttributes
      parameters:
        - in: query
          name: pageSize
          required: false
          schema:
            $ref: '#/components/schemas/PageSize'
        - in: query
          name: pageCursor
          required: false
          schema:
            $ref: '#/components/schemas/PageCursor'
      responses:
        '200':
          description: Ok
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PaginatedResponse_VendorRiskAttribute_'
              examples:
                Example 1:
                  value:
                    results:
                      data:
                        - id: a2f7e1b9d0c3f4e5a6c7b8d8
                          name: Read internal systems
                          description: >-
                            The vendor can view or read data from internal
                            systems, such as task trackers or sales tools.
                          vendorCategories:
                            - Marketing
                            - Office operation
                            - Recruiting
                            - Other
                          enabled: true
                          riskLevel: LOW
                      pageInfo:
                        hasNextPage: false
                        hasPreviousPage: false
                        startCursor: 6696ea0595df50d5cd6ec3b7
                        endCursor: 6696ece48eb1f98ff3d927c6
      security:
        - bearerAuth: []
components:
  schemas:
    PageSize:
      type: integer
      format: int32
      default: 10
      description: >-
        Controls the maximum number of items returned in one response from the
        API.
      minimum: 1
      maximum: 100
    PageCursor:
      type: string
      description: >-
        A marker or pointer, telling the API where to start fetching items for
        the subsequent page in a paginated dataset.

        Note that the requested page will not include the item that corresponds
        to this cursor but will start from the one immediately

        after this cursor.
    PaginatedResponse_VendorRiskAttribute_:
      properties:
        results:
          properties:
            data:
              items:
                $ref: '#/components/schemas/VendorRiskAttribute'
              type: array
            pageInfo:
              $ref: '#/components/schemas/PageInfo'
          required:
            - data
            - pageInfo
          type: object
      required:
        - results
      type: object
      additionalProperties: false
    VendorRiskAttribute:
      properties:
        id:
          type: string
          description: Unique identifier for the risk attribute.
        name:
          type: string
          description: Display name of the risk attribute.
        description:
          type: string
          description: Description of the risk attribute.
        vendorCategories:
          items:
            type: string
          type: array
          description: Vendor categories this risk attribute applies to.
        enabled:
          type: boolean
          description: Whether or not this risk attribute is enabled.
        riskLevel:
          $ref: '#/components/schemas/VendorRiskLevel'
          description: Risk level of this attribute.
      required:
        - id
        - name
        - description
        - vendorCategories
        - enabled
        - riskLevel
      type: object
      additionalProperties: false
    PageInfo:
      description: Provides information about the pagination of a dataset.
      properties:
        endCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the end of the current page, or null if
            there is no such cursor.
        hasNextPage:
          type: boolean
          description: Indicates if there is another page after the current page.
        hasPreviousPage:
          type: boolean
          description: Indicates if there is a page before the current page.
        startCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the start of the current page, or null if
            there is no such cursor.
      required:
        - endCursor
        - hasNextPage
        - hasPreviousPage
        - startCursor
      type: object
      additionalProperties: false
    VendorRiskLevel:
      description: |-
        The risk level of a vendor:
        - CRITICAL: The vendor has a critical security risk
        - HIGH: The vendor has a high security risk
        - MEDIUM: The vendor has a medium security risk
        - LOW: The vendor has a low security risk
        - UNSCORED: The vendor has not been given a risk level
      enum:
        - CRITICAL
        - HIGH
        - LOW
        - MEDIUM
        - UNSCORED
      type: string
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````