FAQ

When creating my application, I am presented with a choice between "Manage Vanta" and "Build Integrations" - what is the difference between these two options?

The "Manage Vanta" application type is for managing all the data in your Vanta environment that was not created through a custom private or public integration. Applications of this type use the endpoints in the "Manage Vanta" section on the API Reference page.

The "Build Integrations" application type is for when you want to build a custom public or private integration with the Vanta API. Applications of this type use the endpoints in the "Build Integrations" section on the API Reference page. If you're building an integration, be sure to follow this guide: Build Integrations

You can learn more about the different use cases each application type supports here.

What is the difference between Vanta built integrations and custom built public or private integrations via the API?

Vanta has pre-built integrations that you can connect in the app on the integrations page. Vanta also allows you to build your own private or public integration with our API. These custom integrations enable partners to publish their integration into the Vanta ecosystem or let you build private integrations that can connect to external or on-premise environments you manage (see this guide for more details).

What are the current API rate limits?

Rate limits vary between different sets of endpoints. For the latest details, visit here: API Overview: Rate Limits

What should I do if I hit the rate limit?

If you do end up hitting the rate limit, you will receive a 429 - Too many requests error. In this scenario, it's best for you to implement an exponential backoff, gradually increasing the time between retry attempts (e.g., wait for 1 second, then 2 seconds, and so on) to avoid hitting the rate limit repeatedly. We are always looking to enhance the API, so if you are running into this situation using a specific workflow or endpoint, please reach out to your Vanta point of contact and our team is happy to consult on best practices.

Where can I find information about which scopes my application should use?

Check out the Permission Scopes section on the Authentication page!

What is the endpoint I use to authenticate using my application client id and client secret?

The authentication endpoint is: https://api.vanta.com/oauth/token. Follow this guide here for more details.

How does Vanta plan to handle breaking changes?

Vanta is committed to maintaining a stable API for the foreseeable future with no breaking changes. If and when Vanta does launch any API versioning, we will proactively reach out to all of our API users and communicate our plan for doing so ahead of time.

What do I do if my application client secret was compromised?

Navigate to the "Developer Console", select your application, and regenerate the client secret.

How long do API tokens last before they expire?

Tokens last for one hour once generated. An application can only have one active token at any given time. If you generate a new token, the previous one gets invalidated.

When using the Trust Center endpoints, where do I get my Trust Center "slugId"?

Navigate to the Trust Center > Overview section.
In the top right of the page, you'll see a unique URL for your Trust Center. It will look something like this "https://app.vanta.com/your-domain.com/trust/tz7gh0fvb2ymzbl34hca2w". The "slugId" is the last part of the URL, which is a string of characters. In this example, it would be "tz7gh0fvb2ymzbl34hca2w".
If you have a customer domain, you'll have to go to the public Trust Center and inspect the element and look for the data-slug id in the element.

I'm trying to ingest Vulnerability data into Vanta but I'm not sure which endpoints to use. How would I go about this?

First, make sure you created an application using the "Build Integrations" type (see this guide for more information: Build Integrations.
Use this endpoint to create vulnerable components, and then correlate them to the vulnerability itself of which Vanta supports the following types today: