Welcome to Vanta's Developer Hub! πŸŽ‰

Welcome to Vanta's Developer Hub, the official hub for all the resources you need to integrate and build with our public API. Our hub provides information about the Vanta API's capabilities, how to get started using the API, comprehensive endpoint documentation, and easy-to-follow guides to help you harness the full potential of our services. Whether you're just getting started or scaling up, our hub is designed to streamline your development process and enhance your applications.

Start creating with Vanta today and unlock new possibilities for your projects!


Vanta API Capabilities

The Vanta API is RESTful and offers a versatile range of functions tailored to enhance the operational efficiency of your organization through automation and streamlined workflows.

Programmatically manage your Vanta account and automate workflows

Automate processes or conduct actions in bulk, query data for reporting, and monitor resources and assets to improve your security and compliance posture while saving time.

Example use cases:

Build integrations

Create both private and public integrations enabling you to send data into Vanta from non-integrated environments. You can even leverage Vanta provided tests and/or custom tests against the resource data you send. (Refer to our Plans and Pricing page to determine if you have the Custom Tests feature). If you are interested in creating a public integration, please follow our Partner Application Setup guide to become an official Vanta partner!

Vanta provides out of the box resource types for your team to leverage, as well as custom resources where you can define the entire schema! To understand what types of data you can send into Vanta, please reference this guide. [link to app resources/send resources guide]

Example use cases:

  • Push user account data into our Access product feature. This will enable you to monitor account metadata (status, MFA, role, etc.), tie these accounts to your users for onboarding and off-boarding workflows, and even funnel this data into our Access Reviews feature!
  • Push vulnerability data into our Vulnerabilities product feature. Vanta can help monitor outstanding vulnerabilities and tie them to your SLAs to ensure your team is remediating them on time!
  • Push employee device data into our Computers product page. You can demonstrate employee device compliance (hard drive encryption, password manager & anti-virus, screen lock, & more!)

Streamline audits

If you’re one of Vanta’s Audit Partners, use the Vanta API to query audit data and perform the audit in the preferred tool of your choice!


Vanta API Details

API Structure

Our API is a RESTful service that accepts JSON-formatted requests and returns JSON-formatted responses. The base URL for the API is https://api.vanta.com.

The authentication endpoint is https://api.vanta.com/oauth/token.

API Authentication

Vanta leverages OAuth API authentication to successfully perform requests. Click here for our full walkthrough on how to authenticate to the Vanta API.

Rate Limiting

The Vanta API has the following rate limits enforced:

  • OAuth Authentication endpoints: 5 requests per minute
  • Private and Public Integration endpoints: 20 requests per minute (includes endpoints in this section)
  • Management endpoints: 50 requests per minute (includes endpoints in this section)
  • Auditor endpoints: 250 requests per minute (includes endpoints in this section)

API Versioning

Over time, the Vanta API will continue to evolve and new versions will be released. More on how to receive these updates coming soon.

Making Requests

You can interact with the API through standard HTTP methods:

  • GET to retrieve data
  • POST to create data
  • PATCH & PUT to update data
  • DELETE to remove data.

Response and Error Handling

Successful responses will return a 200 OK status code along with the requested data in JSON format. In the case of errors, our API uses conventional HTTP response codes to indicate what went wrong:

ErrorDescription
400 - Bad requestIncorrectly formatted requests (e.g. malformed path params, wrong types for request params)
401 - UnauthorizedMissing authorization header
Invalid authorization header value
403 - ForbiddenValid authorization header and value, but the authenticated user is unauthorized to access the resource
404 - Not foundRequested resource is not found
Endpoint does not exist
409 - ConflictRequest has conflicting state with the underlying resource
422 - Unprocessable entityThe request is semantically correct (e.g. specifically not a 400), but is unable to be processed for some semantic reason, like trying to add an owner to a resource where the owner does not exist
429 - Too many requestsRate limit exceeded
500 - Internal Server errorUnexpected error
Non-graceful termination
503 - TimeoutRequest timeout from api-external
504 - Gateway timeoutGateway has timed out, independent of whether the request has been fulfilled or not by api-external

Query Parameters

Each endpoint will support various query parameters:

  1. Pagination: You can leverage the pageSize and pageCursor query parameters to adjust the number of results you want returned or to query starting from a specific object.
  2. Filters: Various endpoints support a variety of filters to help you retrieve the data most important to your use case.

πŸ“˜

The API spec is hosted on the API Reference page!


What’s Next