Skip to main content
PATCH
/
controls
/
{controlId}
Update a control's metadata
curl --request PATCH \
  --url https://api.vanta.com/v1/controls/{controlId} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "externalId": "<string>",
  "description": "<string>",
  "domain": "ARTIFICIAL_&_AUTONOMOUS_TECHNOLOGY",
  "note": "<string>",
  "customFields": [
    {
      "label": "<string>",
      "value": "<string>"
    }
  ]
}
'
{
  "id": "a2f7e1b9d0c3f4e5a6c7b8d9",
  "externalId": "CRY-104",
  "name": "Data encryption utilized",
  "description": "Access reviews are performed to ensure that access is appropriate for the user's role and responsibilities.",
  "source": "Vanta",
  "domains": [
    "CRYPTOGRAPHIC_PROTECTIONS"
  ],
  "owner": {
    "id": "65e1efde08e8478f143a8ff9",
    "emailAddress": "example-person@email.com",
    "displayName": "Example Owner"
  },
  "role": "CONTROLLER",
  "customFields": [
    {
      "label": "Additional context",
      "value": "This control is critical for GDPR compliance"
    }
  ],
  "creationDate": null,
  "modificationDate": null
}

Documentation Index

Fetch the complete documentation index at: https://vanta.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

controlId
string
required

Body

application/json
name
string

A new name for the control.

externalId
string

The new external ID for the control.

description
string

The new description for the control.

domain
enum<string>

The new category for the control.

Available options:
ARTIFICIAL_&_AUTONOMOUS_TECHNOLOGY,
ASSET_MANAGEMENT,
BUSINESS_CONTINUITY_&_DISASTER_RECOVERY,
CAPACITY_&_PERFORMANCE_PLANNING,
CHANGE_MANAGEMENT,
CLOUD_SECURITY,
COMPLIANCE,
CONFIGURATION_MANAGEMENT,
CONTINUOUS_MONITORING,
CRYPTOGRAPHIC_PROTECTIONS,
DATA_CLASSIFICATION_&_HANDLING,
EMBEDDED_TECHNOLOGY,
ENDPOINT_SECURITY,
HUMAN_RESOURCES_SECURITY,
IDENTIFICATION_&_AUTHENTICATION,
INCIDENT_RESPONSE,
INFORMATION_ASSURANCE,
MAINTENANCE,
MOBILE_DEVICE_MANAGEMENT,
NETWORK SECURITY,
PHYSICAL_&_ENVIRONMENTAL_SECURITY,
PRIVACY,
PROJECT_&_RESOURCE MANAGEMENT,
RISK_MANAGEMENT,
SECURE_ENGINEERING_&_ARCHITECTURE,
SECURITY_AWARENESS_&_TRAINING,
SECURITY_OPERATIONS,
SECURITY_&_PRIVACY_GOVERNANCE,
TECHNOLOGY_DEVELOPMENT_&_ACQUISITION,
THIRD-PARTY_MANAGEMENT,
THREAT_MANAGEMENT,
VULNERABILITY_&_PATCH_MANAGEMENT,
WEB_SECURITY,
ADMINISTRATIVE,
PHYSICAL,
TECHNICAL,
BASIC,
DERIVED
note
string

The new note for the control.

customFields
object[]

The control's new values for custom fields.

Response

200 - application/json

Ok

id
string
required

The control's unique ID.

externalId
string | null
required

The control's external ID.

name
string
required

The control's name.

description
string
required

The control's description.

source
enum<string>
required

The control's source, either "VANTA" or "CUSTOM".

Available options:
Vanta,
Custom
domains
string[]
required

The security domains that the control belongs to.

owner
object
required

The control's owner.

customFields
object[]
required

The control's custom field values, if control custom fields is included in your Vanta instance.

creationDate
string<date-time> | null
required

When the control was created. Returns null for Vanta library controls.

modificationDate
string<date-time> | null
required

When the control was last modified. Returns null for Vanta library controls.

role
string | null

The control's GDPR role, if the control is a GDPR control.