Vanta Developer Console
Docs

FAQ

Suggest Edits

When creating my application, I am presented with a choice between "Manage Vanta" and "Build Integrations" - what is the difference between these two options?

The "Manage Vanta" application type is for managing all the data in your Vanta environment that was not created through a custom private or public integration. Applications of this type use the endpoints in the "Manage Vanta" section on the API Reference page.

The "Build Integrations" application type is for when you want to build a custom public or private integration with the Vanta API. Applications of this type use the endpoints in the "Build Integrations" section on the API Reference page. If you're building an integration, be sure to follow this guide: Build Integrations

You can learn more about the different use cases each application type supports here.


What is the difference between Vanta built integrations and custom built public or private integrations via the API?

Vanta has pre-built integrations that you can connect in the app on the integrations page. Vanta also allows you to build your own private or public integration with our API. These custom integrations enable partners to publish their integration into the Vanta ecosystem or let you build private integrations that can connect to external or on-premise environments you manage (see this guide for more details).


What are the current API rate limits?

Rate limits vary between different sets of endpoints. For the latest details, visit here: API Overview: Rate Limits



Where can I find information about which scopes my application should use?

Check out the Permission Scopes section on the Authentication page!


What is the endpoint I use to authenticate using my application client id and client secret?

The authentication endpoint is: https://api.vanta.com/oauth/token. Follow this guide here for more details.


What do I do if my application client secret was compromised?

Navigate to the "Developer Console", select your application, and regenerate the client secret.


How long do API tokens last before they expire?

Tokens last for one hour once generated. An application can only have one active token at any given time. If you generate a new token, the previous one gets invalidated.


When using the Trust Center endpoints, where do I get my Trust Center "slugId"?

  1. Navigate to the Trust Center > Overview section.
  2. In the top right of the page, you'll see a unique URL for your Trust Center. It will look something like this "https://app.vanta.com/your-domain.com/trust/tz7gh0fvb2ymzbl34hca2w". The "slugId" is the last part of the URL, which is a string of characters. In this example, it would be "tz7gh0fvb2ymzbl34hca2w".

I'm trying to ingest Vulnerability data into Vanta but I'm not sure which endpoints to use. How would I go about this?

  1. First, make sure you created an application using the "Build Integrations" type (see this guide for more information: Build Integrations.
  2. Use this endpoint to create vulnerable components, and then correlate them to the vulnerability itself of which Vanta supports the following types today:
    1. Package Vulnerabilities
    2. Static Code Analysis Vulnerabilities
    3. API Endpoint Vulnerabilities

Updated about 1 month ago