API Basics
Manage Vanta
- Manage Vanta API
- GETList controls
- POSTCreate custom control
- POSTAdd control from Vanta library
- GETList Vanta controls from the library
- GETGet control by an ID
- DELDeactivates a control
- PATCHUpdate a control's metadata
- POSTAdd control to document mapping
- POSTAdd control to test mapping
- GETList a control's documents
- DELRemove control from document mapping
- POSTSet owner of a control
- GETList a control's tests
- DELRemove control from test mapping
Build Integrations
Conduct an Audit
Add control to test mapping
curl --request POST \
--url https://api.vanta.com/v1/controls/{controlId}/add-test-to-control \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"testId": "<string>"
}
'{
"control": {
"id": "a2f7e1b9d0c3f4e5a6c7b8d9",
"externalId": "CRY-104",
"name": "Data encryption utilized",
"description": "Access reviews are performed to ensure that access is appropriate for the user's role and responsibilities.",
"source": "Vanta",
"domains": [
"CRYPTOGRAPHIC_PROTECTIONS"
],
"owner": {
"id": "65e1efde08e8478f143a8ff9",
"emailAddress": "example-person@email.com",
"displayName": "Example Owner"
},
"role": "CONTROLLER",
"customFields": [
{
"label": "Additional context",
"value": "This control is critical for GDPR compliance"
}
],
"creationDate": null,
"modificationDate": null
},
"test": {
"id": "aws-account-access-removed-on-termination",
"name": "AWS accounts deprovisioned when personnel leave",
"lastTestRunDate": "2024-06-18T20:17:38.463Z",
"latestFlipDate": null,
"description": "Verifies that AWS accounts linked to removed users are removed.\n",
"failureDescription": "Some AWS accounts associated with terminated personnel have not been deactivated.",
"remediationDescription": "Remove all accounts listed from AWS.\n",
"version": {
"major": 0,
"minor": 0
},
"category": "Account security",
"integrations": [
"aws"
],
"status": "OK",
"deactivatedStatusInfo": {
"isDeactivated": false,
"deactivatedReason": null,
"lastUpdatedDate": null
},
"remediationStatusInfo": {
"status": "PASS",
"soonestRemediateByDate": null,
"itemCount": 0
},
"owner": null
}
}Controls
Add control to test mapping
Add a control to test mapping.
POST
/
controls
/
{controlId}
/
add-test-to-control
Add control to test mapping
curl --request POST \
--url https://api.vanta.com/v1/controls/{controlId}/add-test-to-control \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"testId": "<string>"
}
'{
"control": {
"id": "a2f7e1b9d0c3f4e5a6c7b8d9",
"externalId": "CRY-104",
"name": "Data encryption utilized",
"description": "Access reviews are performed to ensure that access is appropriate for the user's role and responsibilities.",
"source": "Vanta",
"domains": [
"CRYPTOGRAPHIC_PROTECTIONS"
],
"owner": {
"id": "65e1efde08e8478f143a8ff9",
"emailAddress": "example-person@email.com",
"displayName": "Example Owner"
},
"role": "CONTROLLER",
"customFields": [
{
"label": "Additional context",
"value": "This control is critical for GDPR compliance"
}
],
"creationDate": null,
"modificationDate": null
},
"test": {
"id": "aws-account-access-removed-on-termination",
"name": "AWS accounts deprovisioned when personnel leave",
"lastTestRunDate": "2024-06-18T20:17:38.463Z",
"latestFlipDate": null,
"description": "Verifies that AWS accounts linked to removed users are removed.\n",
"failureDescription": "Some AWS accounts associated with terminated personnel have not been deactivated.",
"remediationDescription": "Remove all accounts listed from AWS.\n",
"version": {
"major": 0,
"minor": 0
},
"category": "Account security",
"integrations": [
"aws"
],
"status": "OK",
"deactivatedStatusInfo": {
"isDeactivated": false,
"deactivatedReason": null,
"lastUpdatedDate": null
},
"remediationStatusInfo": {
"status": "PASS",
"soonestRemediateByDate": null,
"itemCount": 0
},
"owner": null
}
}Documentation Index
Fetch the complete documentation index at: https://vanta.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Path Parameters
Body
application/json
The ID of the test to add to the control.
Was this page helpful?
⌘I