> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get security review by ID

> Returns a security review.



## OpenAPI

````yaml /reference/manage-vanta.json get /vendors/{vendorId}/security-reviews/{securityReviewId}
openapi: 3.0.0
info:
  title: Manage Vanta
  version: 1.0.0
  description: >-
    The REST API lets customers query and mutate Vanta's data. Use this API to
    automate bulk actions, query data for custom workflows and dashboards, and
    bolster your security operations


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the
    commercial host — replace it with `https://api.vanta-gov.com/oauth/token`.
  termsOfService: https://www.vanta.com/terms
  license:
    name: UNLICENSED
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
servers:
  - url: https://api.vanta.com/v1
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com/v1
    description: Vanta Gov (FedRAMP)
security: []
paths:
  /vendors/{vendorId}/security-reviews/{securityReviewId}:
    get:
      tags:
        - Vendors
      summary: Get security review by ID
      description: Returns a security review.
      operationId: GetSecurityReviewsById
      parameters:
        - in: path
          name: vendorId
          required: true
          schema:
            type: string
        - in: path
          name: securityReviewId
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Ok
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SecurityReview'
              examples:
                Example 1:
                  value:
                    id: a2f7e1b9d0c3f4e5a6c7b8d8
                    vendorId: 6696e9bca247cbdf1c8e5054
                    decisionNotes: >-
                      No major concerns, limited sharing of data, low security
                      risk.
                    comments: >-
                      If we expand our deal with them we will need to re-review
                      in May.
                    completedByUserId: 6696ea0595df50d5cd6ec3b7
                    startDate: '2024-02-01T00:00:00.000Z'
                    dueDate: '2024-03-01T00:00:00.000Z'
                    overrideDueDate: '2024-03-15T00:00:00.000Z'
                    completionDate: '2024-03-10T00:00:00.000Z'
                    decision:
                      status: APPROVED
                      lastUpdatedAt: '2024-03-17T00:00:00.000Z'
                    assessmentType:
                      id: 6696ea0595df50d5cd6ec3b8
                      name: Security
                      description: null
                    owner:
                      id: 6696ea0595df50d5cd6ec3b9
                      type: USER
                      displayName: Jane Doe
                      email: jane.doe@example.com
      security:
        - bearerAuth: []
components:
  schemas:
    SecurityReview:
      properties:
        id:
          type: string
          description: Unique identifier for the security review.
        vendorId:
          type: string
          description: Unique identifier for the vendor.
        decisionNotes:
          type: string
          nullable: true
          description: Notes about the security review's decision status.
        comments:
          type: string
          nullable: true
          description: Comments about the security review.
        completedByUserId:
          type: string
          nullable: true
          description: The Vanta user ID of the person who completed this review.
        startDate:
          type: string
          format: date-time
          nullable: true
          description: The timestamp of the when the security review was started.
        dueDate:
          type: string
          format: date-time
          nullable: true
          description: The timestamp of the when the security review is due.
        overrideDueDate:
          type: string
          format: date-time
          nullable: true
          description: A manual override timestamp of the when the security review is due.
        completionDate:
          type: string
          format: date-time
          nullable: true
          description: >-
            The timestamp of the when the security review was marked as
            completed.
        decision:
          properties:
            lastUpdatedAt:
              type: string
              format: date-time
              description: The timestamp of when the security review decision was last set.
            status:
              $ref: '#/components/schemas/AssessmentDecision'
              description: The status of the current decision.
          required:
            - lastUpdatedAt
            - status
          type: object
          nullable: true
          description: An object containing information about the decision of the review.
        assessmentType:
          $ref: '#/components/schemas/AssessmentType'
          description: The assessment type for this security review.
        owner:
          allOf:
            - $ref: '#/components/schemas/AssessmentOwner'
          nullable: true
          description: The owner of this security review, if assigned.
      required:
        - id
        - vendorId
        - decisionNotes
        - comments
        - completedByUserId
        - startDate
        - dueDate
        - overrideDueDate
        - completionDate
        - decision
        - assessmentType
        - owner
      type: object
      additionalProperties: false
    AssessmentDecision:
      description: >-
        The current decision made for an assessment:

        - APPROVED: The assessment has been approved.

        - NOT_APPROVED: The assessment has been marked not approved.

        - CONDITIONALLY_APPROVED: The assessment has been conditionally
        approved.
      enum:
        - APPROVED
        - NOT_APPROVED
        - CONDITIONALLY_APPROVED
      type: string
    AssessmentType:
      properties:
        id:
          type: string
          description: Unique identifier for the assessment type.
        name:
          type: string
          description: Display name of the assessment type.
        description:
          type: string
          nullable: true
          description: Description of the assessment type, if set.
      required:
        - id
        - name
        - description
      type: object
      additionalProperties: false
    AssessmentOwner:
      properties:
        id:
          type: string
          description: Unique identifier for the owner.
        type:
          $ref: '#/components/schemas/AssessmentOwnerType'
          description: The type of actor that owns this assessment.
        displayName:
          type: string
          nullable: true
          description: Display name of the owner, if available.
        email:
          type: string
          nullable: true
          description: Email of the owner. Populated for USER owners, null for TEAM owners.
      required:
        - id
        - type
        - displayName
        - email
      type: object
      additionalProperties: false
    AssessmentOwnerType:
      type: string
      enum:
        - USER
        - TEAM
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````