# Vanta Developer Portal Documentation ## Guides - [Authentication](https://developer.vanta.com/docs/api-access-setup.md): This guide will walk you through setting up your first application and making your first token request. - [Auditor application setup](https://developer.vanta.com/docs/auditor-application-setup.md) - [FAQ](https://developer.vanta.com/docs/faq.md) - [Partner application setup](https://developer.vanta.com/docs/partner-application-setup.md) - [Overview](https://developer.vanta.com/docs/vanta-api-overview.md) - [Your first API request!](https://developer.vanta.com/docs/vanta-first-api-request.md): Now that we've successfully generated an API token, let's perform our first request against the Vanta API. - [Postman setup](https://developer.vanta.com/docs/vanta-postman-setup.md) - [Webhooks](https://developer.vanta.com/docs/webhooks.md) - [Create and use resources](https://developer.vanta.com/docs/create-a-resource.md) - [Custom resource](https://developer.vanta.com/docs/vanta-custom-resource.md) - [User accounts resource](https://developer.vanta.com/docs/vanta-user-accounts-resource.md) - [Build integrations](https://developer.vanta.com/docs/build-integrations.md) - [Supported resource types](https://developer.vanta.com/docs/supported-resources.md) - [Add an owner to a Control](https://developer.vanta.com/docs/add-an-owner-to-a-control.md): Add an owner to a control using the Vanta API - [Manage controls](https://developer.vanta.com/docs/manage-controls.md) - [Manage documents](https://developer.vanta.com/docs/manage-documents.md): Manage Documents in Vanta through the Vanta API. - [Upload a document](https://developer.vanta.com/docs/upload-a-document.md): Upload a file for a document using Vanta API - [Manage tests](https://developer.vanta.com/docs/manage-test-data.md): Manage Tests in Vanta through the Vanta API - [Query test results and filter for failing resources](https://developer.vanta.com/docs/query-test-results-and-filter-for-failing-resources.md): Query test results and filter for failing resources with the Vanta API - [Create vendors and attach documentation](https://developer.vanta.com/docs/create-vendors-and-attach-documentation.md) - [Manage vendors](https://developer.vanta.com/docs/manage-vendors.md): Manage Vendors in Vanta through the Vanta API - [Use custom fields with vendors](https://developer.vanta.com/docs/use-custom-fields-with-vendors.md) - [Fetch vulnerabilities with approaching SLAs](https://developer.vanta.com/docs/guide-vulnerabilities-with-approaching-slas.md): How to query vulnerabilities approaching deadline - [Monitor & manage vulnerabilities](https://developer.vanta.com/docs/monitor-and-manage-vulnerabilities.md): Manage Vulnerabilities and Vulnerable Assets through the Vanta API - [Monitor & manage personnel](https://developer.vanta.com/docs/monitor-manage-personnel.md) - [List people with overdue security tasks](https://developer.vanta.com/docs/list-users-with-overdue-security-tasks.md): Query a list of current employees with overdue security tasks - [Mark people as "not a person"](https://developer.vanta.com/docs/mark-people-as-not-a-person.md): Mark Vanta users as 'not a person' using the Vanta API - [Offboard people](https://developer.vanta.com/docs/offboard-people.md): Once an employee's offboarding admin tasks are complete, you can mark unmonitored accounts deactivated, confirm the user offboarding. - [Add owners/descriptions to resources](https://developer.vanta.com/docs/add-ownersdescriptions-to-resources.md): Use Vanta's API to update the Owner and Descriptions on your Resources - [Scope & manage resources](https://developer.vanta.com/docs/scope-manage-resources.md): Control Resource Scope and Manage Resources through the Vanta API. - [Scope resources at the integration level](https://developer.vanta.com/docs/scope-resources-at-the-integration-level.md): Scope resource in or out of your Vanta instance ## API Reference - [List all API Endpoint Vulnerabilities](https://developer.vanta.com/reference/get-apiendpointvulnerabilityconnectors.md): List `ApiEndpointVulnerabilityConnectors` resources for the given application. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:read-resource ``` - [Sync all API Endpoint Vulnerabilities](https://developer.vanta.com/reference/put-apiendpointvulnerabilityconnectors.md): To send us data related to API endpoint vulnerabilities. Note that you must first sync `VulnerableComponent` resources before sending us this data, and this sync should reference the `uniqueId` field in the `VulnerableComponent` resource. This call replaces ALL existing `ApiEndpointVulnerabilityConnectors` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `ApiEndpointVulnerabilityConnectors` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and is deleted in Vanta. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:write-resource ``` ** Schema ** Expand the `resources` array below for the schema of `ApiEndpointVulnerabilityConnectors`. - [List all Background Checks](https://developer.vanta.com/reference/get-backgroundcheckconnector.md): List `BackgroundCheckConnector` resources for the given application. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:read-resource ``` - [Sync all Background Checks](https://developer.vanta.com/reference/put-backgroundcheckconnector.md): To send us data regarding employee/contractor background checks, you send us `BackgroundCheckConnector` resources. This helps us determine current background check statuses. This call replaces ALL existing `BackgroundCheckConnector` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `BackgroundCheckConnector` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and is deleted in Vanta. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:write-resource ``` ** Schema ** Expand the `resources` array below for the schema of `BackgroundCheckConnector`. - [List all Custom Resources](https://developer.vanta.com/reference/get-customresource.md): List `CustomResource` resources for the given application. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:read-resource ``` - [Sync all Custom Resources](https://developer.vanta.com/reference/put-customresource.md): To send data of custom resource that you want to build custom tests on, use `CustomResource`. This call replaces ALL existing `CustomResource` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `CustomResource` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and is deleted in Vanta. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:write-resource ``` ** Schema ** Expand the `resources` array below for the schema of `CustomResource`. - [Upload file for document](https://developer.vanta.com/reference/uploadfilefordocument-1.md): Upload a file for a document. - [List all MacOS User Computers](https://developer.vanta.com/reference/get-macosusercomputer.md): List `MacosUserComputer` resources for the given application. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:read-resource ``` - [Sync all MacOS User Computers](https://developer.vanta.com/reference/put-macosusercomputer.md): To send us data related to employee/contractor MacOS computers, you send us `MacosUserComputer` resources. This helps us determine important security properties, like whether devices have encrypted drives, have anti-virus installed or have password managers installed. This call replaces ALL existing `MacosUserComputer` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `MacosUserComputer` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and is deleted in Vanta. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:write-resource ``` ** Schema ** Expand the `resources` array below for the schema of `MacosUserComputer`. - [List all Package Vulnerabilities](https://developer.vanta.com/reference/get-packagevulnerabilityconnectors.md): List `PackageVulnerabilityConnectors` resources for the given application. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:read-resource ``` - [Sync all Package Vulnerabilities](https://developer.vanta.com/reference/put-packagevulnerabilityconnectors.md): To send us data related to package vulnerabilities. Note that you must first sync `VulnerableComponent` resources before sending us this data, and this sync should reference the `uniqueId` field in the `VulnerableComponent` resource. This call replaces ALL existing `PackageVulnerabilityConnectors` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `PackageVulnerabilityConnectors` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and is deleted in Vanta. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:write-resource ``` ** Schema ** Expand the `resources` array below for the schema of `PackageVulnerabilityConnectors`. - [List all secrets](https://developer.vanta.com/reference/get-secret.md): List `Secret` resources for the given application. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:read-resource ``` - [Sync all secrets](https://developer.vanta.com/reference/put-secret.md): To send metadata of a secret used to access applications or infrastructure, use `Secret`. This call replaces ALL existing `Secret` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `Secret` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and is deleted in Vanta. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:write-resource ``` ** Schema ** Expand the `resources` array below for the schema of `Secret`. - [List all security tasks](https://developer.vanta.com/reference/get-securitytask.md): List `SecurityTask` resources for the given application. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:read-resource ``` - [Sync all security tasks](https://developer.vanta.com/reference/put-securitytask.md): To send us data related to security relevant tasks/follow-ups your system, you send us `SecurityTask` resources. This helps us determine whether security relevant tasks are being completed in a timely manner. This call replaces ALL existing `SecurityTask` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `SecurityTask` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and is deleted in Vanta. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:write-resource ``` ** Schema ** Expand the `resources` array below for the schema of `SecurityTask`. - [List all Static Code Analysis Vulnerabilities](https://developer.vanta.com/reference/get-staticanalysiscodevulnerabilityconnectors.md): List `StaticAnalysisCodeVulnerabilityConnectors` resources for the given application. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:read-resource ``` - [Sync all Static Code Analysis Vulnerabilities](https://developer.vanta.com/reference/put-staticanalysiscodevulnerabilityconnectors.md): To send us data related to static code analysis vulnerabilities. Note that you must first sync `VulnerableComponent` resources before sending us this data, and this sync should reference the `uniqueId` field in the `VulnerableComponent` resource. This call replaces ALL existing `StaticAnalysisCodeVulnerabilityConnectors` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `StaticAnalysisCodeVulnerabilityConnectors` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and is deleted in Vanta. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:write-resource ``` ** Schema ** Expand the `resources` array below for the schema of `StaticAnalysisCodeVulnerabilityConnectors`. - [List all user accounts](https://developer.vanta.com/reference/get-useraccount.md): List `UserAccount` resources for the given application. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:read-resource ``` - [Sync all user accounts](https://developer.vanta.com/reference/put-useraccount.md): To send us data related to users in your system, you send us `UserAccount` resources. Every partner must send us `UserAccount` resources. This helps us determine whether users have appropriate levels of access and have a secure authentication mechanism. This call replaces ALL existing `UserAccount` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `UserAccount` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and it is "deletedAt" time in is set to that of the `sync_all` call. The resource will still show in the Vanta UI as a Deactivated `UserAccount`, and `list_all` calls. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:write-resource ``` ** Schema ** Expand the `resources` array below for the schema of `UserAccount`. - [List all user security training statuses](https://developer.vanta.com/reference/get-usersecuritytrainingstatus.md): List `UserSecurityTrainingStatus` resources for the given application. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:read-resource ``` - [Sync all user security training statuses](https://developer.vanta.com/reference/put-usersecuritytrainingstatus.md): To send us data related to security trainings, you send us `UserSecurityTrainingStatus` resources. This helps us determine whether users have completed their security and compliance trainings in a timely manner. This call replaces ALL existing `UserSecurityTrainingStatus` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `UserSecurityTrainingStatus` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and is deleted in Vanta. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:write-resource ``` ** Schema ** Expand the `resources` array below for the schema of `UserSecurityTrainingStatus`. - [List all Vulnerable Components](https://developer.vanta.com/reference/get-vulnerablecomponent.md): List `VulnerableComponent` resources for the given application. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:read-resource ``` - [Sync all Vulnerable Components](https://developer.vanta.com/reference/put-vulnerablecomponent.md): To send us data related to system components that have vulnerabilities. This call replaces ALL existing `VulnerableComponent` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `VulnerableComponent` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and is deleted in Vanta. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:write-resource ``` ** Schema ** Expand the `resources` array below for the schema of `VulnerableComponent`. - [List all Windows User Computers](https://developer.vanta.com/reference/get-windowsusercomputer.md): List `WindowsUserComputer` resources for the given application. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:read-resource ``` - [Sync all Windows User Computers](https://developer.vanta.com/reference/put-windowsusercomputer.md): To send us data related to employee/contractor Windows computers, you send us `WindowsUserComputer` resources. This helps us determine important security properties, like whether devices have encrypted drives, have anti-virus installed or have password managers installed. This call replaces ALL existing `WindowsUserComputer` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `WindowsUserComputer` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and is deleted in Vanta. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:write-resource ``` ** Schema ** Expand the `resources` array below for the schema of `WindowsUserComputer`. - [Create an auditor](https://developer.vanta.com/reference/createauditor.md): Create an auditor in Vanta. - [Accept evidence for an information request](https://developer.vanta.com/reference/acceptinformationrequestevidence.md): Accepts evidence for an information request, confirming that all submitted evidence meets audit requirements. This action changes the request's approvalStatus to an approved state and creates an activity log entry. Acceptance workflow: 1. Auditor reviews submitted evidence 2. If evidence is satisfactory, auditor calls this endpoint 3. Request status changes to approved state and is considered complete for this audit cycle Use this endpoint when: - All required evidence has been submitted - Evidence quality meets audit standards - Evidence addresses all specified framework codes - No additional information is needed - [Create a comment for audit evidence](https://developer.vanta.com/reference/createcommentforauditevidence.md): Create a comment in Vanta for a piece of evidence. - [Create a comment for an information request](https://developer.vanta.com/reference/createcommentforinformationrequest.md): Creates a new comment for an information request. The comment author must be an auditor in the audit firm making the request. The comment will be associated with the information request and visible to all authorized users. - [Create a custom control for an audit](https://developer.vanta.com/reference/createcustomcontrol-1.md): Create a custom control for an audit. - [Create a custom evidence request for an audit](https://developer.vanta.com/reference/createcustomevidencerequest.md): Create a custom evidence request for an audit. - [Create a new information request](https://developer.vanta.com/reference/createinformationrequest.md): Creates a new information request for an audit during audit setup or as requirements evolve. After creating all information requests, use POST /audits/{auditId}/share-information-request-list to make them visible to the customer organization. Until shared, requests remain in draft state visible only to auditors. New requests are created in an initial state indicating evidence is needed. The status progresses through the workflow: initial state → awaiting review → approved or flagged. - [Delete a comment for an information request](https://developer.vanta.com/reference/deletecommentforinformationrequest.md): Deletes an existing comment for an information request. Only the original author of the comment can delete it. The author is identified by their email address, which must match the email of the user who created the comment. - [Delete an information request for an audit](https://developer.vanta.com/reference/deleteinformationrequest.md): Deletes an information request for an audit. This performs a soft delete, marking the request as deleted (setting `deletionDate`) while preserving it in the system for audit history and compliance tracking. Soft deletion allows: - Maintaining complete audit trail of all requests ever created - Retrieving deleted requests via `changedSinceDate` for synchronization After deletion: - The request will not appear in normal list responses (without `changedSinceDate`) - The request's `deletionDate` field will be populated - [Flag evidence for an information request](https://developer.vanta.com/reference/flaginformationrequestevidence.md): Flags evidence for an information request when it doesn't meet audit requirements, marking issues that need to be addressed before approval. This action changes the request's approvalStatus to a flagged state and creates an activity log entry. Flagging workflow: 1. Auditor reviews submitted evidence 2. If issues are found, auditor calls this endpoint with detailed reason 3. Request status changes to flagged state 4. Customer is notified and can see the reason in activity logs 5. Customer addresses issues and updates evidence 6. When ready, customer changes status back to awaiting review 7. Auditor reviews again and either flags again or accepts The `reason` field should clearly explain what's missing or incorrect so the customer knows exactly what to fix. This reason is visible to the customer and appears in the activity log. - [Get audit by ID](https://developer.vanta.com/reference/getaudit.md): Returns a single audit by ID, scoped to the audit firm. To identify IRL (Information Request List) audits, check for the presence of the `auditorRequestListMetadata` field. This field is only present for IRL-based audits and will be `undefined` for standard audits. - [Get framework codes for an audit](https://developer.vanta.com/reference/getframeworkcodes.md): Retrieves all valid framework codes for the specified audit. This endpoint helps users discover which framework codes are available for creating and updating information requests for this audit. Use this endpoint to: - Discover available framework codes before creating information requests - Validate framework codes against the audit's framework - Get context about what framework codes are available for the audit type - [Get an information request by ID](https://developer.vanta.com/reference/getinformationrequest.md): Retrieves a single information request by its ID for an audit, allowing external audit management systems to fetch the latest state of a specific request without paginating through the full list. Soft-deleted records (where `deletionDate !== null`) are included in the response. Clients should check `deletionDate` to determine whether the request has been deleted. - [Get test snapshot detail for an evidence row](https://developer.vanta.com/reference/getinformationrequesttestsnapshotevidencedetail.md): Retrieves the rich detail for a single VANTA_TEST_SNAPSHOT evidence row attached to an information request. The response includes test-level metadata (description, integrations, SLA) and the raw test data captured at snapshot time, presented as a uniform array of rows regardless of whether the snapshot is structured or unstructured. For structured snapshots, the array contains one row per resource the test ran against; each row carries `resourceId`, `resourceType`, and the raw JSON for that resource. For unstructured snapshots, the array contains a single row with `resourceId` and `resourceType` set to `null` and `rawJson` containing the entire test-run JSON blob. - [List assets associated with vulnerabilities](https://developer.vanta.com/reference/getvulnerableassets.md): List assets that Vanta monitors that are associated with vulnerabilities. - [List audit comments](https://developer.vanta.com/reference/listauditcomments.md): Returns a paginated list of comments for an audit. - [List audit controls](https://developer.vanta.com/reference/listauditcontrols.md): Returns a paginated list of controls for an audit. - [List audit evidence](https://developer.vanta.com/reference/listauditevidence.md): Returns a paginated list of evidence for an audit. - [List audit evidence url](https://developer.vanta.com/reference/listauditevidenceurls.md): Returns a paginated list of evidence urls for an audit. This endpoint should be called whenever an evidence is created or has a statusUpdatedAt field that is more recent than the most recent polling event. Evidence must be in one of the following states to retrieve URLs: "Ready for audit", "Accepted", "Flagged", or "NA". - [List snapshotted issues for an audit](https://developer.vanta.com/reference/listauditissues.md): Retrieves a list of all issues that have been shared with an audit. The issues returned are immutable, point-in-time snapshots; there may be duplicates of issues that have been snapshotted at different times. The GET /audits/{auditId}/issues/snapshots endpoint can be used to retrieve metadata about the snapshots that issues belong to. Issues represent compliance findings from a variety of sources that need to be tracked and remediated. Supports filtering by: - `search`: full text search across issue title and description - `snapshotId`: filtering to a specific snapshot or snapshots, which represent point-in-time captures of issues. Use the GET /audits/{auditId}/issues/snapshots endpoint to retrieve snapshot IDs and metadata. Results are sorted by issue creation date in descending order (newest first). Uses cursor-based pagination. To paginate: 1. Make initial request with desired `pageSize` 2. Check `results.pageInfo.hasNextPage` 3. Use `results.pageInfo.endCursor` as `pageCursor` for next request - [List audits](https://developer.vanta.com/reference/listaudits.md): Returns a paginated list of audits scoped to the audit firm. To identify IRL (Information Request List) audits, check for the presence of the `auditorRequestListMetadata` field. This field is only present for IRL-based audits and will be `undefined` for standard audits. - [List snapshotted issues for an audit](https://developer.vanta.com/reference/listauditsnapshots.md): Retrieves a list of snapshots that have been shared with an audit. The snapshots returned contain metadata about point-in-time captures of issues for an audit. This data can be used to filter down the list of issues to specific snapshots when querying the GET /audits/{auditId}/issues/items endpoint. Supports filtering by: - `search`: full text search across snapshot title and description Results are sorted by snapshot creation date in descending order (newest first). Uses cursor-based pagination. To paginate: 1. Make initial request with desired `pageSize` 2. Check `results.pageInfo.hasNextPage` 3. Use `results.pageInfo.endCursor` as `pageCursor` for next request - [List comments for an information request](https://developer.vanta.com/reference/listcommentsforinformationrequest.md): Retrieves a paginated list of comments for an information request, enabling auditors to view communication history and collaborate with customers. This endpoint always includes soft-deleted records (where `deletionDate !== null`). Clients should check the `deletionDate` field to identify and handle deleted records appropriately in their systems. This endpoint supports delta synchronization via the `changedSinceDate` parameter, allowing efficient polling for changes without retrieving the entire dataset. Pagination usage: 1. Make initial request with desired `pageSize` 2. Check `results.pageInfo.hasNextPage` to see if more data exists 3. If true, use `results.pageInfo.endCursor` as `pageCursor` in next request 4. Repeat until `hasNextPage` is false Delta sync usage: 1. Store the timestamp of your last sync 2. Pass that timestamp as `changedSinceDate` 3. Only comments created, modified, or deleted since that timestamp are returned 4. Process updates, including soft-deletes (deletionDate !== null) 5. Update your last sync timestamp to the current time - [List information request activity](https://developer.vanta.com/reference/listinformationrequestactivity.md): Retrieves a paginated list of activity logs for an information request, providing a complete audit trail of all changes and actions. This endpoint supports delta synchronization via the `changedSinceDate` parameter, allowing efficient polling for changes without retrieving the entire dataset. Pagination usage: 1. Make initial request with desired `pageSize` 2. Check `results.pageInfo.hasNextPage` to see if more data exists 3. If true, use `results.pageInfo.endCursor` as `pageCursor` in next request 4. Repeat until `hasNextPage` is false Delta sync usage: 1. Store the timestamp of your last sync 2. Pass that timestamp as `changedSinceDate` 3. Only activity created since that timestamp is returned 4. Process updates to track all changes to the information request 5. Update your last sync timestamp to the current time - [List evidence for an information request](https://developer.vanta.com/reference/listinformationrequestevidence.md): Retrieves a paginated list of all evidence attached to an information request, enabling auditors to review evidence submitted by customers. This endpoint always includes soft-deleted records (where `deletionDate !== null`). Clients should check the `deletionDate` field to identify and handle deleted records appropriately in their systems. This endpoint supports delta synchronization via the `changedSinceDate` parameter, allowing efficient polling for changes without retrieving the entire dataset. Pagination usage: 1. Make initial request with desired `pageSize` 2. Check `results.pageInfo.hasNextPage` to see if more data exists 3. If true, use `results.pageInfo.endCursor` as `pageCursor` in next request 4. Repeat until `hasNextPage` is false Delta sync usage: 1. Store the timestamp of your last sync 2. Pass that timestamp as `changedSinceDate` 3. Only evidence created, modified, shared, or deleted since that timestamp is returned 4. Process updates, including soft-deletes (deletionDate !== null) 5. Update your last sync timestamp to the current time - [List information requests for an audit](https://developer.vanta.com/reference/listinformationrequests.md): Retrieves a paginated list of all information requests for an audit, enabling external audit management systems to display and track evidence requests. This endpoint always includes soft-deleted records (where `deletionDate !== null`). Clients should check the `deletionDate` field to identify and handle deleted records appropriately in their systems. This endpoint supports delta synchronization via the `changedSinceDate` parameter, allowing efficient polling for changes without retrieving the entire dataset. Pagination usage: 1. Make initial request with desired `pageSize` 2. Check `results.pageInfo.hasNextPage` to see if more data exists 3. If true, use `results.pageInfo.endCursor` as `pageCursor` in next request 4. Repeat until `hasNextPage` is false Delta sync usage: 1. Store the timestamp of your last sync 2. Pass that timestamp as `changedSinceDate` 3. Only requests created, modified, or deleted since that timestamp are returned 4. Process updates and soft-deletes by checking the `deletionDate` field 5. Update your last sync timestamp to the current time - [List information requests linked to a control within an audit](https://developer.vanta.com/reference/listinformationrequestsforcontrol.md): Returns a paginated list of active information requests linked to a specific control within an IRL audit. An information request is linked to a control either via its framework codes (`criteriaIds`) or via a direct association (`additionalControlIds`). Soft-deleted information requests are not included in the response. To synchronize deletions, use `GET /audits/{auditId}/information-requests`, which supports `changedSinceDate` and includes soft-deleted records. Returns 404 when the control is not part of the audit. Returns an empty page when the control is part of the audit but has no active IRLs linked to it. Pagination usage: 1. Make initial request with desired `pageSize` 2. Check `results.pageInfo.hasNextPage` to see if more data exists 3. If true, use `results.pageInfo.endCursor` as `pageCursor` in next request 4. Repeat until `hasNextPage` is false - [List monitored computers](https://developer.vanta.com/reference/listmonitoredcomputersinauditscope.md): Returns a list of computers monitored by an MDM (with an integration built by Vanta) or by the Vanta Agent. Currently this list does not include resources from partner or customer-built integrations. - [List of people who are in scope for this audit](https://developer.vanta.com/reference/listpeopleinauditscope.md): Returns a list of people who are in scope for this audit. - [List of vendors who are in scope for this audit](https://developer.vanta.com/reference/listvendorsinauditscope.md): Returns a list of vendors who are in scope for this audit. - [List vulnerabilities within the scope of a given audit](https://developer.vanta.com/reference/listvulnerabilities-2.md): List all vulnerabilities based on selected filters. - [List vulnerability remediations that are in scope for this audit](https://developer.vanta.com/reference/listvulnerabilityremediationsinauditscope.md): List all vulnerability remediations based on selected filters that are in scope for this audit. - [Share information request list with customer](https://developer.vanta.com/reference/shareinformationrequestlist.md): Shares the current information request list for an audit with the customer organization, making it visible in their portal. This action allows the customer to see all information requests that have been created for their audit. Only IRL audits are supported. - [Update audit evidence](https://developer.vanta.com/reference/updateauditevidence.md): Update audit evidence. - [Update a comment for an information request](https://developer.vanta.com/reference/updatecommentforinformationrequest.md): Updates an existing comment for an information request. Only the original author of the comment can update it. The author is identified by their email address, which must match the email of the user who created the comment. - [Update an information request for an audit](https://developer.vanta.com/reference/updateinformationrequest.md): Updates an existing information request for an audit, allowing modification of request details as audit requirements evolve. Supports partial updates where only specified fields are changed; omitted fields remain unchanged. Common use cases: - Updating due dates as audit timelines shift - Refining descriptions to clarify requirements - Adjusting request type Note: The `modificationDate` is automatically updated to the current timestamp when any field is changed. - [Delete contract](https://developer.vanta.com/reference/deletecontract.md): Delete a contract by ID. - [Get contract](https://developer.vanta.com/reference/getcontract.md): Get a contract by ID. - [List contracts](https://developer.vanta.com/reference/listcontracts.md): List contracts, paginated. - [Upload contract](https://developer.vanta.com/reference/uploadcontract.md): Upload a contract. - [Add control from Vanta library](https://developer.vanta.com/reference/addcontrolfromlibrary.md): Add a control from the Vanta library to your organization's controls. - [Add control to document mapping](https://developer.vanta.com/reference/adddocumenttocontrol.md): Add a document to a control. - [Add control to test mapping](https://developer.vanta.com/reference/addtesttocontrol.md): Add a control to test mapping. - [Create custom control](https://developer.vanta.com/reference/createcustomcontrol.md): Create a custom control. - [Deactivates a control](https://developer.vanta.com/reference/deletecontrol.md): Deactivates a custom or Vanta control. - [Remove control from document mapping](https://developer.vanta.com/reference/deletedocumentforcontrol.md): Remove a document by ID from a control. - [Remove control from test mapping](https://developer.vanta.com/reference/deletetestforcontrol.md): Remove a control from test mapping. - [Get control by an ID](https://developer.vanta.com/reference/getcontrol.md): Get a control by an ID. - [List controls](https://developer.vanta.com/reference/listcontrols.md): List controls. - [List a control's documents](https://developer.vanta.com/reference/listdocumentsforcontrol.md): List a control's documents. - [List Vanta controls from the library](https://developer.vanta.com/reference/listlibrarycontrols.md): List Vanta controls from the library. - [List a control's tests](https://developer.vanta.com/reference/listtestsforcontrol.md): List a control's tests. - [Set owner of a control](https://developer.vanta.com/reference/setownerforcontrol.md): Assign a control to a user or remove an owner from a control. - [Update a control's metadata](https://developer.vanta.com/reference/updatecontrolmetadata.md): Update a control's metadata. - [Approve questionnaire](https://developer.vanta.com/reference/approvequestionnaire.md): Mark a questionnaire as `APPROVED` and optionally provide a `statusChangeMessage`. - [Complete questionnaire](https://developer.vanta.com/reference/completequestionnaire.md): Complete a questionnaire and optionally sync approved answers to the answer library. Transitions the questionnaire status to COMPLETE. If `shouldSyncApprovedToAnswerLibrary` is true (the default), approved answers are added to the answer library for future use. For non-English SPREADSHEET or DOCUMENT questionnaires, answer library sync will be ignored. - [Create customer trust account](https://developer.vanta.com/reference/createcustomertrustaccount.md): Create a new customer trust account. - [Create file questionnaire](https://developer.vanta.com/reference/createfilequestionnaire.md): Create a new file-based questionnaire from an uploaded file (.xlsx, .docx, .pdf). File type is inferred as `SPREADSHEET` or `DOCUMENT` based on the uploaded file. - [Create questionnaire export](https://developer.vanta.com/reference/createquestionnaireexport.md): Creates an asynchronous export job for a questionnaire. The export processes in the background and typically completes within a few minutes depending on questionnaire size. Subscribe to the `v1.questionnaire.export-completed` and `v1.questionnaire.export-failed` webhook events to be notified when an export completes or fails. Use the returned `id` with the "getQuestionnaireExport" endpoint to retrieve the download URL once the export completes. - [Create website questionnaire](https://developer.vanta.com/reference/createwebsitequestionnaire.md): Create a new website-based questionnaire from a portal URL. The portal URL is used to fetch questionnaire content from the target website. - [Delete customer trust account](https://developer.vanta.com/reference/deletecustomertrustaccount.md): Delete a customer trust account by ID. - [Delete questionnaire](https://developer.vanta.com/reference/deletequestionnaire.md): Delete a questionnaire by ID. - [Get customer trust account](https://developer.vanta.com/reference/getcustomertrustaccount.md): Get a specific customer trust account by ID. - [Get questionnaire by ID](https://developer.vanta.com/reference/getquestionnaire.md): Retrieve a questionnaire by ID. - [Get questionnaire export status](https://developer.vanta.com/reference/getquestionnaireexport.md): Retrieves the current status and result of a questionnaire export using the id received from either the `createQuestionnaireExport` endpoint or the `v1.questionnaire.export-completed` webhook payload. This endpoint utilizes a dynamic response schema that changes based on the value of the status field: - pending: The export is currently in the queue or processing. Only base metadata is returned. - completed: The export finished successfully. The response expands to include completedAt and a downloadUrl. This pre-signed URL is valid for 24 hours; if it expires, simply call this endpoint again to retrieve a fresh, active link. - failed: The process encountered an error. The response expands to include failedAt and an errorMessage detailing the reason for failure. Developers should first check the status string before attempting to access result-specific fields like downloadUrl or errorMessage. - [Get tags for category](https://developer.vanta.com/reference/gettagsforcategory.md): Retrieve a tag category and its associated tags by category ID. - [List assignable users](https://developer.vanta.com/reference/listassignableusers.md): List users who can be assigned as owner or approver on a questionnaire. When a role is specified, results are filtered to users with that role's required permission. When omitted, users assignable to either role are returned. Results can optionally be narrowed by a search string. - [List customer trust accounts](https://developer.vanta.com/reference/listcustomertrustaccounts.md): List customer trust accounts with pagination. - [List questionnaires](https://developer.vanta.com/reference/listquestionnaires.md): List questionnaires with filtering and pagination. - [List tag categories](https://developer.vanta.com/reference/listtagcategories.md): List user-defined tag categories. Optionally filter by product context. - [Update customer trust account](https://developer.vanta.com/reference/updatecustomertrustaccount.md): Update a customer trust account by ID. - [Update questionnaire](https://developer.vanta.com/reference/updatequestionnaire.md): Update an existing questionnaire. Updates one or more fields of a questionnaire. This endpoint cannot be used to set a questionnaire's status to `APPROVED` or `COMPLETED`. To perform those specific transitions, please use the `approveQuestionnaire` and `completeQuestionnaire` endpoints, respectively. - [Adds a discovered vendor to managed vendor by ID](https://developer.vanta.com/reference/adddiscoveredvendortomanaged.md): Add a discovered vendor to managed vendor. - [List of discovered vendor accounts](https://developer.vanta.com/reference/listdiscoveredvendoraccounts.md): List of discovered vendor accounts. - [List discovered vendors](https://developer.vanta.com/reference/listdiscoveredvendors.md): List discovered vendors. - [Create a custom document](https://developer.vanta.com/reference/createdocument.md): Create a custom document. - [Create document link](https://developer.vanta.com/reference/createlinkfordocument.md): Create a link for a document. - [Delete document by ID](https://developer.vanta.com/reference/deletedocument.md): Delete a document by ID. - [Delete file for a document](https://developer.vanta.com/reference/deletefilefordocument.md): Delete a file for a document. - [Remove document link](https://developer.vanta.com/reference/deletelinkfordocument.md): Remove a link from a document. - [Get document by ID](https://developer.vanta.com/reference/getdocument.md): Get a document by ID. - [Download file for document](https://developer.vanta.com/reference/getuploadedfilemedia.md): Download a file from a document. - [List document's controls](https://developer.vanta.com/reference/listcontrolsfordocument.md): List a document's associated controls. - [List documents](https://developer.vanta.com/reference/listdocuments.md): List documents. - [List document's uploads](https://developer.vanta.com/reference/listfilesfordocument.md): List the uploaded files for a document. - [List document's links](https://developer.vanta.com/reference/listlinksfordocument.md): List the uploaded links for a document. - [Set document owner](https://developer.vanta.com/reference/setownerfordocument.md): Assign or unassign a user to the document. - [Submit document collection](https://developer.vanta.com/reference/submitdocumentcollection.md): Submit document collection. - [Upload file for document](https://developer.vanta.com/reference/uploadfilefordocument.md): Upload a file for a document. - [List event logs](https://developer.vanta.com/reference/listeventlogs.md): List event logs. See the [event log reference](/reference/event-log-reference) for the full list of valid `actor.type`, `action`, and `targets[].type` values. - [Get framework by ID](https://developer.vanta.com/reference/getframework.md): Get a framework by ID. - [List a framework's controls](https://developer.vanta.com/reference/listcontrolsforframework.md): List a framework's controls. - [List available frameworks](https://developer.vanta.com/reference/listframeworks.md): Lists available frameworks. - [Add people to group](https://developer.vanta.com/reference/addpeopletogroup.md): Add people to a group. - [Add person to a group](https://developer.vanta.com/reference/addpersontogroup.md): Add a single person, by ID, to a group. - [Get group by ID](https://developer.vanta.com/reference/getgroup.md): Get a group by ID. - [List people in a group](https://developer.vanta.com/reference/getgroupmembers.md): List people in a group. - [List groups](https://developer.vanta.com/reference/listpersongroups.md): Lists all groups by ID. - [Remove people from group](https://developer.vanta.com/reference/removepeoplefromgroup.md): Remove people from a group. - [Remove person from a group](https://developer.vanta.com/reference/removepersonfromgroup.md): Remove a single person, by ID, from a group. - [Get a connected integration](https://developer.vanta.com/reference/getconnectedintegration.md): Gets details for a specific integration by connection ID. - [Get resource by ID](https://developer.vanta.com/reference/getresource.md): Gets resource by its ID. - [Get details for resource kind](https://developer.vanta.com/reference/getresourcekinddetails.md): Gets details for a specific resource type (kind) such as S3Bucket or CloudwatchLogGroup. - [List connected integrations](https://developer.vanta.com/reference/listconnectedintegrations.md): Lists all integrations connected to a Vanta instance. - [List integration resource kinds](https://developer.vanta.com/reference/listresourcekindsummaries.md): Lists a connected integration's resource types (kinds) such as S3Bucket or CloudwatchLogGroup. - [List resources](https://developer.vanta.com/reference/listresources.md): Lists resources for a specific integration and resource type (kind) such as S3Bucket or CloudwatchLogGroup. - [Update resource metadata](https://developer.vanta.com/reference/updateresource.md): Updates metadata for a specific resource such as an S3Bucket or CloudwatchLogGroup. - [Update resource metadata](https://developer.vanta.com/reference/updateresources.md): Updates metadata for multiple resources. - [Create Answer Library entry](https://developer.vanta.com/reference/createanswerlibraryentry.md): Create an Answer Library entry. - [Create document resource](https://developer.vanta.com/reference/createdocumentresource.md): Create a document (FILE-type) resource in the Trust Knowledge Base. Accepts the document as a multipart/form-data upload. Example: send `multipart/form-data` with a required `file` (e.g. PDF) and `title`; optional fields include `description`, `customerVisibility`, `downloadPermission`, `isUsedInQuestionnaires` ("true"/"false"), `expirationDate` (ISO 8601), `tags` (JSON array string), `categoryId`, and `ownerAssignment` (JSON object string). - [Create webpage resource](https://developer.vanta.com/reference/createwebpageresource.md): Create a webpage (URL-type) resource in the Trust Knowledge Base. - [Delete Answer Library entry](https://developer.vanta.com/reference/deleteanswerlibraryentryroute.md): Delete an Answer Library entry. - [Delete Knowledge Base resource](https://developer.vanta.com/reference/deleteknowledgebaseresource.md): Hard-delete a Knowledge Base resource (FILE or URL) by id. Tears down the row plus its associated state (uploaded document for FILE rows, Trust Center references, Oso facts, chunk-store entries) via . Returns 404 when the id is unknown in the calling token's domain. - [Get Answer Library entry](https://developer.vanta.com/reference/getanswerlibraryentry.md): Get an Answer Library entry. - [Get Knowledge Base resource](https://developer.vanta.com/reference/getknowledgebaseresource.md): Fetch a single Knowledge Base resource (FILE or URL) by id. Returns the same `type`-discriminated union as the list endpoint, so callers can branch on `type` without knowing the kind ahead of time. Returns 404 when the resource does not exist in the domain or — for FILE rows — when the underlying uploaded document has been deleted. - [List Answer Library entries](https://developer.vanta.com/reference/listanswerlibraryentries.md): List Answer Library entries. Supports full-text search, tag filtering (OR across the given tags), and date-range filters on last-updated and expiration. - [List Knowledge Base resources](https://developer.vanta.com/reference/listknowledgebaseresources.md): List Knowledge Base resources (documents and webpages) in a single paginated response. Each entry is a discriminated union on `type` — "FILE" entries carry a `fileUrl` (presigned S3 URL, valid for one hour), "URL" entries carry the resource's `url` and `includeSubPages`. Supports full-text search, type filtering, tag filtering (OR within a category, AND across categories), and date-range filters on last-updated and expiration. - [Replace document resource file](https://developer.vanta.com/reference/replacedocumentresourcefile.md): Replace the underlying file on a document (FILE-type) resource with a new multipart upload. Other resource fields (title, description, visibility, tags, owner, etc.) are unchanged — use PATCH for those. Returns 404 for an unknown id or a URL-type resource. Example: send `multipart/form-data` with a single `file` field (the new document binary). - [Update Answer Library entry](https://developer.vanta.com/reference/updateanswerlibraryentryroute.md): Update an Answer Library entry. - [Update document resource](https://developer.vanta.com/reference/updatedocumentresource.md): Apply a partial update to a document (FILE-type) resource. Omitted fields are left untouched. To swap the underlying file, use `POST /v1/knowledge-base/resources/documents/{id}/upload`. Returns 404 for an unknown id or a URL-type resource. - [Update webpage resource](https://developer.vanta.com/reference/updatewebpageresource.md): Apply a partial update to a webpage (URL-type) resource. Omitted fields are left untouched. `description`, `ownerAssignment`, and `expirationDate` accept `null` to clear. The resource URL is not updatable here — recreate the resource if the URL needs to change. Returns 404 for an unknown id or a FILE-type resource. - [Verify Answer Library entry](https://developer.vanta.com/reference/verifyanswerlibraryentryroute.md): Mark an Answer Library entry as verified. Stamps `lastVerifiedAt` to the current time; the entry's question, answer, tags, owner, and expiration are left unchanged. - [Verify Knowledge Base resource](https://developer.vanta.com/reference/verifyknowledgebaseresource.md): Mark a Knowledge Base resource (FILE or URL) as verified. Stamps `lastVerifiedAt` to the current time and resets `expiresAt` forward by the domain's configured review cadence; the resource's content (title, description, file or url, tags, owner) is left unchanged. Caller does not need to know the resource type — the persisted `resourceType` is used. Returns 404 when the id is unknown in the domain or — for FILE rows — when the underlying uploaded document has been deleted. - [Get monitored computer by ID](https://developer.vanta.com/reference/getmonitoredcomputer.md): Returns a monitored computer by ID. - [List monitored computers](https://developer.vanta.com/reference/listmonitoredcomputers.md): Returns a list of computers monitored by an MDM (with an integration built by Vanta) or by the Vanta Agent. Currently this list does not include resources from partner or customer-built integrations. - [Remove leave information](https://developer.vanta.com/reference/clearleaveforperson.md): Remove leave information on a person. The person will become active in Vanta, and will be considered in certain tests related to personnel. - [Get person by ID](https://developer.vanta.com/reference/getperson.md): Returns a person by ID. - [List people](https://developer.vanta.com/reference/listpeople.md): Returns a list of all people. - [Mark as not people](https://developer.vanta.com/reference/markasnotpeople.md): Mark a set of accounts on the People Page as "not a person." As a result, these accounts will not be treated as people in Vanta, and you will not be able to assign them tasks or use them in tests related to your company's personnel. - [Mark as people](https://developer.vanta.com/reference/markaspeople.md): Mark a set of accounts on the People Page as "people." As a result, these accounts will be treated as people in Vanta, and you will be able to assign them tasks and use them in tests related to your company's personnel. - [Offboard people](https://developer.vanta.com/reference/offboardpeople.md): Offboard a list of people. A person is only eligible for offboarding completion when: 1. They are an ex-employee. 2. All of the person's monitored accounts are deactivated or manually overwritten as such. 3. All of a person's custom offboarding tasks have been completed. All of the person's unmonitored accounts will be automatically marked as deactivated when they are offboarded. If the person has unfinished offboarding tasks those will NOT automatically be completed and offboarding them will fail. - [Set leave information](https://developer.vanta.com/reference/setleaveforperson.md): Set leave information on a person. A person on leave is inactive in Vanta and will not be considered in certain personnel-related tests. If the person has existing leave information, it will be cleared and replaced. - [Update person metadata](https://developer.vanta.com/reference/updateperson.md): Update a person's basic information. - [Get policy by ID](https://developer.vanta.com/reference/getpolicy.md): Gets a policy by ID. Policy IDs can be found in Vanta in URL bar after /policies/. - [List policies](https://developer.vanta.com/reference/listpolicies.md): Lists all policies. - [Cancel risk scenario approval request](https://developer.vanta.com/reference/cancelriskscenarioapprovalrequest.md): Cancel approval request for a risk scenario. - [Create risk scenario](https://developer.vanta.com/reference/createriskscenario.md): Create a new risk scenario. - [Get risk scenario by ID](https://developer.vanta.com/reference/getriskscenario.md): Get a risk scenario by ID (can be the Risk ID or the object ID). - [Link controls to a risk scenario](https://developer.vanta.com/reference/linkcontrolstoriskscenario.md): Link one or more controls to a risk scenario. Controls already linked to the scenario are a no-op; the full set of linked controls is returned on the updated scenario. Each control link must include `linkType: "TREATMENT"`. Control identifiers may be Vanta control shorthands (e.g. `"A.12.2.1"`), custom-control shorthand names, or object IDs. Unknown identifiers cause the whole request to fail — no partial links. - [List risk scenarios](https://developer.vanta.com/reference/listriskscenario.md): List risk scenarios. - [Submit risk scenario for approval](https://developer.vanta.com/reference/submitriskforapproval.md): Submit a risk scenario for approval. - [Update risk scenario](https://developer.vanta.com/reference/updateriskscenario.md): Update a risk scenario. - [Deactivate test entity](https://developer.vanta.com/reference/deactivatetestentity.md): Deactivates a single test item (test entity). There may be a delay in the deactivation of the test entity until the next test run. Use the /vulnerabilities/deactivate endpoint for vulnerabilities. - [Get test by ID](https://developer.vanta.com/reference/gettest.md): Gets a test by ID. Test IDs can be found in Vanta in URL bar after /tests/. - [Get test entities by test ID](https://developer.vanta.com/reference/gettestentities.md): Gets a list of tested items (entities) for a test by test ID. An entity is a tested item that can have its own outcome. For example, for a test that makes sure that all S3 buckets are versioned, an individual S3 bucket would be an entity. - [List tests](https://developer.vanta.com/reference/listtests.md): Lists all tests based on applied filters. - [Reactivate test entity](https://developer.vanta.com/reference/reactivatetestentity.md): Reactivates a single tested item (test entity). There may be a delay in the reactivation of the test entity until the next test run. Use the /vulnerabilities/reactivate endpoint for vulnerabilities. - [Add Trust Center control](https://developer.vanta.com/reference/addcontroltotrustcenter.md): Adds a control to a Trust Center. - [Add Trust Center control category](https://developer.vanta.com/reference/addtrustcentercontrolcategory.md): Adds a control category to a Trust Center. - [Add Trust Center viewer](https://developer.vanta.com/reference/addtrustcenterviewer.md): Adds a viewer and grants them access to a Trust Center. - [Approve Trust Center access request](https://developer.vanta.com/reference/approvetrustcenteraccessrequest.md): Approves an access request on a Trust Center. - [Create Trust Center FAQ](https://developer.vanta.com/reference/createtrustcenterfaq.md): Adds an FAQ to a Trust Center. - [Create Trust Center document](https://developer.vanta.com/reference/createtrustcenterresource.md): Adds a document to a Trust Center. - [Create Trust Center subprocessor](https://developer.vanta.com/reference/createtrustcentersubprocessor.md): Adds a subprocessor to a Trust Center. - [Create Trust Center subscriber](https://developer.vanta.com/reference/createtrustcentersubscriber.md): Adds a subscriber to a Trust Center. - [Create Trust Center subscriber group](https://developer.vanta.com/reference/createtrustcentersubscribergroup.md): Adds a subscriber group to a Trust Center. - [Create Trust Center update](https://developer.vanta.com/reference/createtrustcenterupdate.md): Adds an update to a Trust Center. - [Delete Trust Center control](https://developer.vanta.com/reference/deletetrustcentercontrol.md): Removes a specific control from a Trust Center. This removes the control from all of the control categories that is in. - [Delete Trust Center control category](https://developer.vanta.com/reference/deletetrustcentercontrolcategory.md): Removes a control category from a Trust Center along with all of the controls in the category. - [Delete Trust Center FAQ](https://developer.vanta.com/reference/deletetrustcenterfaq.md): Remove a specific FAQ from the Trust Center by ID. - [Delete Trust Center document](https://developer.vanta.com/reference/deletetrustcenterresource.md): Removes a specific document from a Trust Center. - [Delete Trust Center subprocessor](https://developer.vanta.com/reference/deletetrustcentersubprocessor.md): Removes a subprocessor from a Trust Center. - [Delete Trust Center subscriber](https://developer.vanta.com/reference/deletetrustcentersubscriber.md): Removes a subscriber from a Trust Center. - [Delete Trust Center subscriber group](https://developer.vanta.com/reference/deletetrustcentersubscribergroup.md): Removes a subscriber group from a Trust Center. - [Delete Trust Center update](https://developer.vanta.com/reference/deletetrustcenterupdate.md): Removes an update from a Trust Center. - [Deny Trust Center access request](https://developer.vanta.com/reference/denytrustcenteraccessrequest.md): Denies an access request on a Trust Center. - [Get Trust Center](https://developer.vanta.com/reference/gettrustcenter.md): Gets a Trust Center by slug ID. - [Get Trust Center access request](https://developer.vanta.com/reference/gettrustcenteraccessrequest.md): Gets a specific access request for a Trust Center. - [Get Trust Center control](https://developer.vanta.com/reference/gettrustcentercontrol.md): Gets a specific control on a Trust Center. - [List Trust Center control categories](https://developer.vanta.com/reference/gettrustcentercontrolcategories.md): Gets a list of control categories on a Trust Center. - [Get Trust Center control category](https://developer.vanta.com/reference/gettrustcentercontrolcategory.md): Gets a specific control category on a Trust Center. - [Get Trust Center FAQ](https://developer.vanta.com/reference/gettrustcenterfaq.md): Gets a specific FAQ on the Trust Center by ID. - [Get Trust Center document](https://developer.vanta.com/reference/gettrustcenterresource.md): Gets a specific document on a Trust Center. - [Get uploaded media for Trust Center document](https://developer.vanta.com/reference/gettrustcenterresourcemedia.md): Gets the actual given uploaded document for a Trust Center. - [Get Trust Center subprocessor](https://developer.vanta.com/reference/gettrustcentersubprocessor.md): Gets a specific subprocessor on a Trust Center. - [Get Trust Center subscriber](https://developer.vanta.com/reference/gettrustcentersubscriber.md): Gets a specific subscriber on a Trust Center. - [Get Trust Center subscriber group](https://developer.vanta.com/reference/gettrustcentersubscribergroup.md): Get a subscriber group by ID. - [Get Trust Center update](https://developer.vanta.com/reference/gettrustcenterupdate.md): Gets a specific update on a Trust Center. - [Get Trust Center viewer](https://developer.vanta.com/reference/gettrustcenterviewer.md): Gets a specific viewer for a Trust Center. - [List Trust Center access requests](https://developer.vanta.com/reference/listtrustcenteraccessrequests.md): Gets a list of access requests for a Trust Center. - [List Trust Center viewer activity events](https://developer.vanta.com/reference/listtrustcenteractivityevents.md): Gets a list of viewer activity events on a Trust Center. - [List Trust Center controls](https://developer.vanta.com/reference/listtrustcentercontrols.md): Gets a list of controls on a Trust Center. - [List Trust Center FAQs](https://developer.vanta.com/reference/listtrustcenterfaqs.md): Gets a list of FAQs on a Trust Center. - [List historical Trust Center access requests](https://developer.vanta.com/reference/listtrustcenterhistoricalaccessrequests.md): Gets a list of historical (approved or denied) access requests for a Trust Center. - [List Trust Center resources](https://developer.vanta.com/reference/listtrustcenterresources.md): Gets a list of resources on a Trust Center. - [List Trust Center subprocessors](https://developer.vanta.com/reference/listtrustcentersubprocessors.md): Gets the list of subprocessors on a Trust Center. - [List Trust Center subscriber groups](https://developer.vanta.com/reference/listtrustcentersubscribergroups.md): Gets a list of subscriber groups on a Trust Center. - [List Trust Center subscribers](https://developer.vanta.com/reference/listtrustcentersubscribers.md): Gets a list of subscribers on a Trust Center. - [List Trust Center updates](https://developer.vanta.com/reference/listtrustcenterupdates.md): Gets a list of updates on a Trust Center. - [List Trust Center viewers](https://developer.vanta.com/reference/listtrustcenterviewers.md): Gets a list of viewers that have been granted access to a Trust Center. - [Remove Trust Center viewer](https://developer.vanta.com/reference/removetrustcenterviewer.md): Revokes a viewer's access to a Trust Center. - [Send Trust Center update notifications to all subscribers](https://developer.vanta.com/reference/sendnotificationstoallsubscribers.md): Sends notifications for a specific Trust Center update to all subscribers. - [Send Trust Center update notifications to specific subscribers](https://developer.vanta.com/reference/sendtrustcenterupdatenotifications.md): Sends notifications for a specific Trust Center update to specific subscribers. At least one subscriber group or email address is required. The total number of resolved, deduplicated recipient emails must not exceed 5,000. If exceeded, a 422 error is returned. Narrow your filters or split across multiple requests. - [Update Trust Center](https://developer.vanta.com/reference/updatetrustcenter.md): Updates a Trust Center by slug ID. - [Update Trust Center control category](https://developer.vanta.com/reference/updatetrustcentercontrolcategory.md): Updates a control category on a Trust Center. - [Update Trust Center FAQ](https://developer.vanta.com/reference/updatetrustcenterfaq.md): Update a specific FAQ on the Trust Center by ID. - [Update Trust Center document](https://developer.vanta.com/reference/updatetrustcenterresource.md): Updates a specific document on a Trust Center. - [Update Trust Center subprocessor](https://developer.vanta.com/reference/updatetrustcentersubprocessor.md): Updates a subprocessor on a Trust Center. - [Edit Trust Center subscriber group](https://developer.vanta.com/reference/updatetrustcentersubscribergroup.md): Edits a Trust Center subscriber group. - [Update Trust Center update](https://developer.vanta.com/reference/updatetrustcenterupdate.md): Updates an update on a Trust Center. - [Set groups for a Trust Center subscriber](https://developer.vanta.com/reference/upsertgroupsfortrustcentersubscriber.md): Sets groups on a subscriber. - [Get user by ID](https://developer.vanta.com/reference/getuser.md): Returns a user by ID. - [List active users](https://developer.vanta.com/reference/listusers.md): Returns a list of all active users. - [List vendor risk attributes](https://developer.vanta.com/reference/listvendorriskattributes.md): Returns a list of vendor risk attributes. - [Create a vendor](https://developer.vanta.com/reference/createvendor.md): Add vendor with metadata. - [Add a vendor finding](https://developer.vanta.com/reference/createvendorfinding.md): Add vendor finding. - [Delete vendor by ID](https://developer.vanta.com/reference/deletebyid.md): Deletes a vendor. - [Delete finding by ID](https://developer.vanta.com/reference/deletefindingbyid.md): Deletes a finding. - [Delete a security review document by ID](https://developer.vanta.com/reference/deletesecurityreviewdocumentbyid.md): Delete a security review document. - [List security review documents](https://developer.vanta.com/reference/getsecurityreviewdocuments.md): Lists a security review's documents. - [Get security review by ID](https://developer.vanta.com/reference/getsecurityreviewsbyid.md): Returns a security review. - [List security reviews by vendor ID](https://developer.vanta.com/reference/getsecurityreviewsbyvendorid.md): Returns a vendor's security reviews. - [Get vendor by ID](https://developer.vanta.com/reference/getvendor.md): Get a vendor. - [List vendor documents](https://developer.vanta.com/reference/listvendordocuments.md): Returns a vendor's list of documents. - [List vendor findings](https://developer.vanta.com/reference/listvendorfindings.md): Lists a vendor's findings. - [List vendors](https://developer.vanta.com/reference/listvendors.md): List of vendors. - [Set vendor status](https://developer.vanta.com/reference/setstatusforvendor.md): Sets the status of a vendor, which can be MANAGED, ARCHIVED, or IN_PROCUREMENT. - [Update vendor by ID](https://developer.vanta.com/reference/updatevendor.md): Update vendor. - [Update vendor finding](https://developer.vanta.com/reference/updatevendorfinding.md): Update vendor finding. - [Add document to security review](https://developer.vanta.com/reference/uploaddocumentforsecurityreview.md): Add document to a security review. - [Add document to a vendor](https://developer.vanta.com/reference/uploaddocumenttovendor.md): Add document to a vendor. - [Deactivate vulnerability monitoring for a vulnerability](https://developer.vanta.com/reference/deactivatevulnerabilities.md): Deactivate monitoring for select vulnerabilities. Vanta will not monitor a deactivated vulnerability until it is reactivated. - [Get vulnerability by ID](https://developer.vanta.com/reference/getvulnerability.md): Gets a vulnerability by an ID. - [Get vulnerabilities](https://developer.vanta.com/reference/listvulnerabilities.md): List all vulnerabilities based on selected filters. - [Reactivate vulnerability monitoring](https://developer.vanta.com/reference/reactivatevulnerabilities.md): Reactivate vulnerabilities and resume Vanta monitoring. - [Acknowledge SLA miss](https://developer.vanta.com/reference/acknowledgeslamissvulnerabilityremediations.md): Acknowledge an SLA miss for a vulnerability remediation. - [List vulnerability remediations](https://developer.vanta.com/reference/listvulnerabilityremediations.md): List all vulnerability remediations based on selected filters. - [Get vulnerable asset by ID](https://developer.vanta.com/reference/getvulnerableasset.md): Gets a vulnerable asset by ID. - [List assets associated with vulnerabilities](https://developer.vanta.com/reference/listvulnerableassets.md): List assets that Vanta monitors that are associated with vulnerabilities.