Sending Resources

Before starting this part, make sure you've decided which resources to send.

Register the resource

To start sending resources, first register the resource type with Vanta. Do this by clicking the “Resources” tab at the top of the application page, and click “Create Resource”.

For each resource, define:

  • Resource type: The name of your resource. We recommend the format <MyCompany><ResourceName>, e.g. ExampleCompanySecurityTask.
  • Base resource type: The “category” of resource you’re registering. Each resource type has a set of required fields that you must send, and a few optional fields that can unlock additional functionality.
  • Custom properties: Optionally define additional fields to send. Vanta doesn't do anything with this data, but in the future, we may allow you or your users to define additional functionality on them.


We're continually adding support for new resource types over time. If you don't see a supported type, but want us to consider adding one, please reach out!

As you make each change, you can see the generated JSON schema for the resource, which specifies the exact shape of data you'll need to send.

Click “Create” to save the new resource type. Make note of the created Resource ID - this is used as the identifier in the following section.

Send and view the resource

(Ensure you've completed OAuth before starting this part.)

Use the JSON schema generated in the previous section in combination with the API reference to start syncing over resources.

Once you've sent resources using one of the sync_all calls, they should appear in Vanta and start powering product functionality, which you can verify in your developer instance. To know what product functionality to look for, consult the table here.


Resources must be sent on an hourly basis

You must send a new snapshot of resources on an hourly cadence. This ensures that each customer has a fresh data snapshot, and Vanta can perform up-to-date security monitoring and evidence gathering. To do this, we recommend setting up your sync_all calls to run on a cron.


The total payload size must be less than 10MB

We recommend scoping down the list of resources being sent (eg: syncing only security-relevant applications in computers) if the payload size is larger than this. Allowing syncs in batches is coming soon.


A note on timestamps

Some resources make use of timestamps. Note that for these cases:

  • date-time strings must conform to the RFC3339 format (e.g. “2022-06-15T12:32:44Z”).
  • Vanta does not retain fractional seconds in timestamps.

What’s Next