Skip to main content
POST
/
vendors
Create a vendor
curl --request POST \
  --url https://api.vanta.com/v1/vendors \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "websiteUrl": "<string>",
  "accountManagerName": "<string>",
  "accountManagerEmail": "<string>",
  "securityOwnerUserId": "<string>",
  "servicesProvided": "<string>",
  "additionalNotes": "<string>",
  "businessOwnerUserId": "<string>",
  "contractStartDate": "2023-11-07T05:31:56Z",
  "contractRenewalDate": "2023-11-07T05:31:56Z",
  "contractTerminationDate": "2023-11-07T05:31:56Z",
  "isVisibleToAuditors": true,
  "authDetails": {
    "passwordMinimumLength": 123,
    "passwordRequiresSymbol": true,
    "passwordRequiresNumber": true,
    "passwordMFA": true,
    "method": "AUTH_0"
  },
  "status": "MANAGED",
  "category": "<string>",
  "inherentRiskLevel": "CRITICAL",
  "residualRiskLevel": "CRITICAL",
  "vendorHeadquarters": "EUE",
  "customFields": [
    {
      "label": "<string>",
      "value": "<string>"
    }
  ]
}
'
{
  "id": "a2f7e1b9d0c3f4e5a6c7b8d8",
  "name": "Vanta",
  "websiteUrl": "https://www.vanta.com/",
  "accountManagerName": "John Doe",
  "accountManagerEmail": "john@doe.com",
  "servicesProvided": "SaaS",
  "additionalNotes": "Automate compliance and streamline security reviews with the leading trust management platform.",
  "authDetails": {
    "method": "O_AUTH",
    "passwordMFA": true,
    "passwordRequiresNumber": true,
    "passwordRequiresSymbol": true,
    "passwordMinimumLength": 16
  },
  "securityOwnerUserId": "6626afa6490ec920099773e7",
  "businessOwnerUserId": "6626afb14c912f0a50e85619",
  "contractStartDate": "2024-02-01T00:00:00.000Z",
  "contractRenewalDate": "2025-02-01T00:00:00.000Z",
  "contractTerminationDate": null,
  "lastSecurityReviewCompletionDate": "2024-01-01T00:00:00.000Z",
  "nextSecurityReviewDueDate": "2025-01-01T00:00:00.000Z",
  "isVisibleToAuditors": true,
  "isRiskAutoScored": true,
  "category": {
    "displayName": "cloudMonitoring"
  },
  "riskAttributeIds": [
    "6626b0298acc44f8674390da",
    "6626b02ea4cd9ba80d773c20"
  ],
  "status": "MANAGED",
  "inherentRiskLevel": "HIGH",
  "residualRiskLevel": "MEDIUM",
  "vendorHeadquarters": "USA",
  "contractAmount": {
    "amount": 1000000,
    "currency": "USD"
  },
  "customFields": null,
  "latestDecision": {
    "status": "APPROVED",
    "lastUpdatedAt": "2024-01-01T00:00:00.000Z"
  },
  "linkedTaskTrackerTaskProcurementRequest": {
    "service": "jira",
    "url": "https://random-company.atlassian.net/browse/PROJ-123"
  }
}

Documentation Index

Fetch the complete documentation index at: https://vanta.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json
name
string
required

Display name of the vendor.

Maximum string length: 2000
websiteUrl
string

The url of the vendor's website.

Maximum string length: 2000
accountManagerName
string

Name of the external account manager for this vendor.

Maximum string length: 2000
accountManagerEmail
string

Email of the external account manager for this vendor.

Maximum string length: 2000
securityOwnerUserId
string

The Vanta user ID of the security owner of this vendor.

servicesProvided
string

Services provided by the vendor.

additionalNotes
string

Miscellaneous notes about the vendor

Maximum string length: 2000
businessOwnerUserId
string

The Vanta user ID of the business owner of this vendor.

contractStartDate
string<date-time>

When the contract with the vendor is up for renewal.

contractRenewalDate
string<date-time>

When the contract with the vendor is up for renewal.

contractTerminationDate
string<date-time>

When the contract with the vendor was terminated.

isVisibleToAuditors
boolean

Whether or not auditors can view this vendor.

authDetails
object

The authentication details about the vendor.

status
enum<string>

The current status of the vendor.

Available options:
MANAGED,
ARCHIVED,
IN_PROCUREMENT
category
string

The vendor's category.

inherentRiskLevel
enum<string>

The inherent risk level of the vendor.

Available options:
CRITICAL,
HIGH,
LOW,
MEDIUM,
UNSCORED
residualRiskLevel
enum<string>

The residual risk level of the vendor.

Available options:
CRITICAL,
HIGH,
LOW,
MEDIUM,
UNSCORED
vendorHeadquarters
enum<string>

The vendor's headquarters.

Available options:
EUE,
AND,
ARE,
AFG,
ATG,
AIA,
ALB,
ARM,
AGO,
ATA,
ARG,
ASM,
AUT,
AUS,
ABW,
ALA,
AZE,
BIH,
BRB,
BGD,
BEL,
BFA,
BGR,
BHR,
BDI,
BEN,
BLM,
BMU,
BRN,
BOL,
BES,
BRA,
BHS,
BTN,
BVT,
BWA,
BLR,
BLZ,
CAN,
CCK,
COD,
CAF,
COG,
CHE,
CIV,
COK,
CHL,
CMR,
CHN,
COL,
CRI,
CUB,
CPV,
CUW,
CXR,
CYP,
CZE,
DEU,
DJI,
DNK,
DMA,
DOM,
DZA,
ECU,
EST,
EGY,
ESH,
ERI,
ESP,
ETH,
FIN,
FJI,
FLK,
FSM,
FRO,
FRA,
GAB,
ENG,
SCT,
GBR,
WAL,
NIR,
GRD,
GEO,
GUF,
GGY,
GHA,
GIB,
GRL,
GMB,
GIN,
GLP,
GNQ,
GRC,
SGS,
GTM,
GUM,
GNB,
GUY,
HKG,
HMD,
HND,
HRV,
HTI,
HUN,
IDN,
IRL,
ISR,
IMN,
IND,
IOT,
IRQ,
IRN,
ISL,
ITA,
JEY,
JAM,
JOR,
JPN,
KEN,
KGZ,
KHM,
KIR,
COM,
KNA,
PRK,
KOR,
KWT,
CYM,
KAZ,
LAO,
LBN,
LCA,
LIE,
LKA,
LBR,
LSO,
LTU,
LUX,
LVA,
LBY,
MAR,
MCO,
MDA,
MNE,
MAF,
MDG,
MHL,
MKD,
MLI,
MMR,
MNG,
MAC,
MNP,
MTQ,
MRT,
MSR,
MLT,
MUS,
MDV,
MWI,
MEX,
MYS,
MOZ,
NAM,
NCL,
NER,
NFK,
NGA,
NIC,
NLD,
NOR,
NPL,
NRU,
NIU,
NZL,
OMN,
PAN,
PER,
PYF,
PNG,
PHL,
PAK,
POL,
SPM,
PCN,
PRI,
PSE,
PRT,
PLW,
PRY,
QAT,
REU,
ROU,
SRB,
RUS,
RWA,
SAU,
SLB,
SYC,
SDN,
SWE,
SGP,
SHN,
SVN,
SJM,
SVK,
SLE,
SMR,
SEN,
SOM,
SUR,
SSD,
STP,
SLV,
SXM,
SYR,
SWZ,
TCA,
TCD,
ATF,
TGO,
THA,
TJK,
TKL,
TLS,
TKM,
TUN,
TON,
TUR,
TTO,
TUV,
TWN,
TZA,
UKR,
UGA,
UMI,
USA,
URY,
UZB,
VAT,
VCT,
VEN,
VGB,
VIR,
VNM,
VUT,
WLF,
WSM,
YEM,
MYT,
ZAF,
ZMB,
ZWE
contractAmount
object

The contract amount for the vendor.

customFields
object[]

The custom fields for the vendor. For more information on how to set custom fields via the API, visit https://developer.vanta.com/docs/use-custom-fields-with-vendors

frameworkScope
object

Framework scoping configuration for this vendor. Determines which compliance frameworks the vendor applies to.

Response

200 - application/json

Ok

id
string
required

The vendor's unique ID.

name
string
required

The vendor's display name.

websiteUrl
string | null
required

The vendor's website URL.

accountManagerName
string | null
required

The vendor's external account manager name.

accountManagerEmail
string | null
required

The vendor's external account manager email.

servicesProvided
string | null
required

Services provided by the vendor.

additionalNotes
string | null
required

Any additional notes about the vendor

securityOwnerUserId
string | null
required

The vendor's security owner's Vanta user ID.

businessOwnerUserId
string | null
required

The vendor's business owner's Vanta user ID.

contractStartDate
string<date-time> | null
required

The date the contract with the vendor began.

contractRenewalDate
string<date-time> | null
required

The date the contract with the vendor is up for renewal.

contractTerminationDate
string<date-time> | null
required

The date the contract with the vendor was terminated.

nextSecurityReviewDueDate
string<date-time> | null
required

The next due date for a security review.

lastSecurityReviewCompletionDate
string<date-time> | null
required

The most recent date a security review was completed.

isVisibleToAuditors
boolean | null
required

Whether or not auditors can view this vendor.

isRiskAutoScored
boolean | null
required

Whether or not the vendor's risk is automatically scored.

riskAttributeIds
string[]
required

The list of risk attribute IDs the vendor has been assigned to.

category
object
required

The vendor's category.

authDetails
object
required

The vendor's authentication details.

status
enum<string>
required

The vendor's current status.

Available options:
MANAGED,
ARCHIVED,
IN_PROCUREMENT
inherentRiskLevel
enum<string>
required

The vendor's risk level.

Available options:
CRITICAL,
HIGH,
LOW,
MEDIUM,
UNSCORED
residualRiskLevel
enum<string>
required

The vendor's residual risk level.

Available options:
CRITICAL,
HIGH,
LOW,
MEDIUM,
UNSCORED
vendorHeadquarters
enum<string>
required

The vendor's headquarters.

Available options:
EUE,
AND,
ARE,
AFG,
ATG,
AIA,
ALB,
ARM,
AGO,
ATA,
ARG,
ASM,
AUT,
AUS,
ABW,
ALA,
AZE,
BIH,
BRB,
BGD,
BEL,
BFA,
BGR,
BHR,
BDI,
BEN,
BLM,
BMU,
BRN,
BOL,
BES,
BRA,
BHS,
BTN,
BVT,
BWA,
BLR,
BLZ,
CAN,
CCK,
COD,
CAF,
COG,
CHE,
CIV,
COK,
CHL,
CMR,
CHN,
COL,
CRI,
CUB,
CPV,
CUW,
CXR,
CYP,
CZE,
DEU,
DJI,
DNK,
DMA,
DOM,
DZA,
ECU,
EST,
EGY,
ESH,
ERI,
ESP,
ETH,
FIN,
FJI,
FLK,
FSM,
FRO,
FRA,
GAB,
ENG,
SCT,
GBR,
WAL,
NIR,
GRD,
GEO,
GUF,
GGY,
GHA,
GIB,
GRL,
GMB,
GIN,
GLP,
GNQ,
GRC,
SGS,
GTM,
GUM,
GNB,
GUY,
HKG,
HMD,
HND,
HRV,
HTI,
HUN,
IDN,
IRL,
ISR,
IMN,
IND,
IOT,
IRQ,
IRN,
ISL,
ITA,
JEY,
JAM,
JOR,
JPN,
KEN,
KGZ,
KHM,
KIR,
COM,
KNA,
PRK,
KOR,
KWT,
CYM,
KAZ,
LAO,
LBN,
LCA,
LIE,
LKA,
LBR,
LSO,
LTU,
LUX,
LVA,
LBY,
MAR,
MCO,
MDA,
MNE,
MAF,
MDG,
MHL,
MKD,
MLI,
MMR,
MNG,
MAC,
MNP,
MTQ,
MRT,
MSR,
MLT,
MUS,
MDV,
MWI,
MEX,
MYS,
MOZ,
NAM,
NCL,
NER,
NFK,
NGA,
NIC,
NLD,
NOR,
NPL,
NRU,
NIU,
NZL,
OMN,
PAN,
PER,
PYF,
PNG,
PHL,
PAK,
POL,
SPM,
PCN,
PRI,
PSE,
PRT,
PLW,
PRY,
QAT,
REU,
ROU,
SRB,
RUS,
RWA,
SAU,
SLB,
SYC,
SDN,
SWE,
SGP,
SHN,
SVN,
SJM,
SVK,
SLE,
SMR,
SEN,
SOM,
SUR,
SSD,
STP,
SLV,
SXM,
SYR,
SWZ,
TCA,
TCD,
ATF,
TGO,
THA,
TJK,
TKL,
TLS,
TKM,
TUN,
TON,
TUR,
TTO,
TUV,
TWN,
TZA,
UKR,
UGA,
UMI,
USA,
URY,
UZB,
VAT,
VCT,
VEN,
VGB,
VIR,
VNM,
VUT,
WLF,
WSM,
YEM,
MYT,
ZAF,
ZMB,
ZWE
contractAmount
object
required

The contract amount for the vendor.

customFields
object[] | null
required

The vendor's custom fields.

latestDecision
object
required

The vendor's latest decision status. Null means no decision has been made.

linkedTaskTrackerTaskProcurementRequest
object
required

The task tracker procurement request associated with this vendor (if linked).