> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List security reviews by vendor ID

> Returns a vendor's security reviews.



## OpenAPI

````yaml /reference/manage-vanta.json get /vendors/{vendorId}/security-reviews
openapi: 3.0.0
info:
  title: Manage Vanta
  version: 1.0.0
  description: >-
    The REST API lets customers query and mutate Vanta's data. Use this API to
    automate bulk actions, query data for custom workflows and dashboards, and
    bolster your security operations


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token URL shown below defaults to the
    commercial host — replace it with `https://api.vanta-gov.com/oauth/token`.
  termsOfService: https://www.vanta.com/terms
  license:
    name: UNLICENSED
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
servers:
  - url: https://api.vanta.com/v1
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com/v1
    description: Vanta Gov (FedRAMP)
security: []
paths:
  /vendors/{vendorId}/security-reviews:
    get:
      tags:
        - Vendors
      summary: List security reviews by vendor ID
      description: Returns a vendor's security reviews.
      operationId: GetSecurityReviewsByVendorId
      parameters:
        - in: path
          name: vendorId
          required: true
          schema:
            type: string
        - in: query
          name: pageSize
          required: false
          schema:
            $ref: '#/components/schemas/PageSize'
        - in: query
          name: pageCursor
          required: false
          schema:
            $ref: '#/components/schemas/PageCursor'
      responses:
        '200':
          description: Ok
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PaginatedResponse_SecurityReview_'
              examples:
                Example 1:
                  value:
                    results:
                      data:
                        - id: a2f7e1b9d0c3f4e5a6c7b8d8
                          vendorId: 6696e9bca247cbdf1c8e5054
                          decisionNotes: >-
                            No major concerns, limited sharing of data, low
                            security risk.
                          comments: >-
                            If we expand our deal with them we will need to
                            re-review in May.
                          completedByUserId: 6696ea0595df50d5cd6ec3b7
                          startDate: '2024-02-01T00:00:00.000Z'
                          dueDate: '2024-03-01T00:00:00.000Z'
                          overrideDueDate: '2024-03-15T00:00:00.000Z'
                          completionDate: '2024-03-10T00:00:00.000Z'
                          decision:
                            status: APPROVED
                            lastUpdatedAt: '2024-03-17T00:00:00.000Z'
                          assessmentType:
                            id: 6696ea0595df50d5cd6ec3b8
                            name: Security
                            description: null
                          owner:
                            id: 6696ea0595df50d5cd6ec3b9
                            type: USER
                            displayName: Jane Doe
                            email: jane.doe@example.com
                      pageInfo:
                        hasNextPage: false
                        hasPreviousPage: false
                        startCursor: 6696ea0595df50d5cd6ec3b7
                        endCursor: 6696ece48eb1f98ff3d927c6
      security:
        - bearerAuth: []
components:
  schemas:
    PageSize:
      type: integer
      format: int32
      default: 10
      description: >-
        Controls the maximum number of items returned in one response from the
        API.
      minimum: 1
      maximum: 100
    PageCursor:
      type: string
      description: >-
        A marker or pointer, telling the API where to start fetching items for
        the subsequent page in a paginated dataset.

        Note that the requested page will not include the item that corresponds
        to this cursor but will start from the one immediately

        after this cursor.
    PaginatedResponse_SecurityReview_:
      properties:
        results:
          properties:
            data:
              items:
                $ref: '#/components/schemas/SecurityReview'
              type: array
            pageInfo:
              $ref: '#/components/schemas/PageInfo'
          required:
            - data
            - pageInfo
          type: object
      required:
        - results
      type: object
      additionalProperties: false
    SecurityReview:
      properties:
        id:
          type: string
          description: Unique identifier for the security review.
        vendorId:
          type: string
          description: Unique identifier for the vendor.
        decisionNotes:
          type: string
          nullable: true
          description: Notes about the security review's decision status.
        comments:
          type: string
          nullable: true
          description: Comments about the security review.
        completedByUserId:
          type: string
          nullable: true
          description: The Vanta user ID of the person who completed this review.
        startDate:
          type: string
          format: date-time
          nullable: true
          description: The timestamp of the when the security review was started.
        dueDate:
          type: string
          format: date-time
          nullable: true
          description: The timestamp of the when the security review is due.
        overrideDueDate:
          type: string
          format: date-time
          nullable: true
          description: A manual override timestamp of the when the security review is due.
        completionDate:
          type: string
          format: date-time
          nullable: true
          description: >-
            The timestamp of the when the security review was marked as
            completed.
        decision:
          properties:
            lastUpdatedAt:
              type: string
              format: date-time
              description: The timestamp of when the security review decision was last set.
            status:
              $ref: '#/components/schemas/AssessmentDecision'
              description: The status of the current decision.
          required:
            - lastUpdatedAt
            - status
          type: object
          nullable: true
          description: An object containing information about the decision of the review.
        assessmentType:
          $ref: '#/components/schemas/AssessmentType'
          description: The assessment type for this security review.
        owner:
          allOf:
            - $ref: '#/components/schemas/AssessmentOwner'
          nullable: true
          description: The owner of this security review, if assigned.
      required:
        - id
        - vendorId
        - decisionNotes
        - comments
        - completedByUserId
        - startDate
        - dueDate
        - overrideDueDate
        - completionDate
        - decision
        - assessmentType
        - owner
      type: object
      additionalProperties: false
    PageInfo:
      description: Provides information about the pagination of a dataset.
      properties:
        endCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the end of the current page, or null if
            there is no such cursor.
        hasNextPage:
          type: boolean
          description: Indicates if there is another page after the current page.
        hasPreviousPage:
          type: boolean
          description: Indicates if there is a page before the current page.
        startCursor:
          type: string
          nullable: true
          description: >-
            The cursor that points to the start of the current page, or null if
            there is no such cursor.
      required:
        - endCursor
        - hasNextPage
        - hasPreviousPage
        - startCursor
      type: object
      additionalProperties: false
    AssessmentDecision:
      description: >-
        The current decision made for an assessment:

        - APPROVED: The assessment has been approved.

        - NOT_APPROVED: The assessment has been marked not approved.

        - CONDITIONALLY_APPROVED: The assessment has been conditionally
        approved.
      enum:
        - APPROVED
        - NOT_APPROVED
        - CONDITIONALLY_APPROVED
      type: string
    AssessmentType:
      properties:
        id:
          type: string
          description: Unique identifier for the assessment type.
        name:
          type: string
          description: Display name of the assessment type.
        description:
          type: string
          nullable: true
          description: Description of the assessment type, if set.
      required:
        - id
        - name
        - description
      type: object
      additionalProperties: false
    AssessmentOwner:
      properties:
        id:
          type: string
          description: Unique identifier for the owner.
        type:
          $ref: '#/components/schemas/AssessmentOwnerType'
          description: The type of actor that owns this assessment.
        displayName:
          type: string
          nullable: true
          description: Display name of the owner, if available.
        email:
          type: string
          nullable: true
          description: Email of the owner. Populated for USER owners, null for TEAM owners.
      required:
        - id
        - type
        - displayName
        - email
      type: object
      additionalProperties: false
    AssessmentOwnerType:
      type: string
      enum:
        - USER
        - TEAM
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````