Skip to main content

Documentation Index

Fetch the complete documentation index at: https://vanta.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Before you begin

This guide is for Vanta admins managing data inside their own Vanta account. You’ll need:
  • A Manage Vanta API token.
  • The token must have scopes vanta-api.all:read and vanta-api.all:write.
  • At least one connected integration whose resources need owners or descriptions.
Inventory resources need an active owner and a text description to pass the Inventory items have active owners and Inventory items have descriptions tests. Owners must be CURRENT employees — Vanta will reject FORMER users.
Onboarding a new owner across many integrations? Run Step 3 once per (integrationId, resourceKind) pair. The bulk-update endpoint accepts up to 50 resources per call.
1

Find the resources missing an owner

Your terminal — pick the integrationId and resourceKind you want to update. If you don’t already know them, list connected integrations first with GET /v1/integrations, then list resources filtered to hasOwner=false.
Terminal
curl 'https://api.vanta.com/v1/integrations/snowflake/resource-kinds/SnowflakeDatabase/resources?hasOwner=false&isInScope=true&pageSize=50' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer YOUR_TOKEN'
Response
{
  "results": {
    "data": [
      {
        "responseType": "Database",
        "resourceKind": "SnowflakeDatabase",
        "resourceId": "64dc848b6491f66d23c64df6",
        "connectionId": "64dbda1a6491f66d234bfd41",
        "displayName": "SNOWFLAKE",
        "owner": null,
        "inScope": true,
        "description": "Snowflake Database"
      }
    ],
    "pageInfo": { "hasNextPage": true, "endCursor": "..." }
  }
}
Copy each resourceId you want to update — you’ll send them in Step 3.
Token is expired (one-hour lifetime), missing, or lacks vanta-api.all:read. Mint a fresh one — see Authentication → Tokens expire after one hour.
Call GET /v1/integrations to list connected integrations, their connectionIds, and the resourceKinds they expose (e.g. aws, gcp, snowflake, okta).
Add hasDescription=false to find resources missing a description. Some resource kinds (e.g. SnowflakeDatabase) auto-populate a description and won’t show up in that filter.
2

Get a user to assign as owner

Your terminal — call GET /v1/people and filter to CURRENT employees so you don’t pick someone who’s offboarded.
Terminal
curl 'https://api.vanta.com/v1/people?pageSize=100&employmentStatusMatchesAny=CURRENT' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer YOUR_TOKEN'
Response
{
  "results": {
    "data": [
      {
        "id": "5fc82421a228f6b6f713547d",
        "emailAddress": "developers@vanta.com",
        "name": { "display": "Alejandro Ocampo" },
        "employment": { "status": "CURRENT", "jobTitle": "Security Engineer" }
      }
    ]
  }
}
Copy the id. You’ll send it as ownerId in the next step.
Filter client-side by emailAddress (most reliable), or paginate with pageCursor if hasNextPage is true. You can also copy a user’s ID directly from their profile URL on the People page.
They’ve been offboarded and aren’t eligible to own resources. Pick a CURRENT user instead.
3

Update owner and description in bulk

Your terminalPATCH /v1/integrations/{integrationId}/resource-kinds/{resourceKind}/resources with an updates array. Each entry is keyed by the resource id and may set ownerId, description, and/or inScope.
const INTEGRATION_ID = "snowflake";
const RESOURCE_KIND = "SnowflakeDatabase";
const OWNER_ID = "5fc82421a228f6b6f713547d";

const res = await fetch(
  `https://api.vanta.com/v1/integrations/${INTEGRATION_ID}/resource-kinds/${RESOURCE_KIND}/resources`,
  {
    method: "PATCH",
    headers: {
      "Content-Type": "application/json",
      Authorization: "Bearer YOUR_TOKEN",
    },
    body: JSON.stringify({
      updates: [
        {
          id: "64dc848b6491f66d23c64df6",
          ownerId: OWNER_ID,
          description: "Primary Snowflake warehouse for analytics",
        },
        {
          id: "64dc848b6491f66d23c64e26",
          ownerId: OWNER_ID,
          description: "Sample dataset – read-only",
        },
      ],
    }),
  },
);
console.log(await res.json());
Expected response (200) — a per-resource result, so you can tell which updates failed:
{
  "results": [
    { "id": "64dc848b6491f66d23c64df6", "status": "SUCCESS" },
    { "id": "64dc848b6491f66d23c64e26", "status": "SUCCESS" }
  ]
}
The bulk endpoint accepts up to 50 resources per call. Page through Step 1 and call this endpoint in batches if you have more.
The message field tells you which update failed and why — typically because ownerId is FORMER, the id doesn’t belong to that (integrationId, resourceKind), or the resource kind doesn’t support description. Successful entries are still applied; only fix and retry the failures.
The integrationId or resourceKind is wrong. They’re case-sensitive — snowflake and SnowflakeDatabase are different fields. Re-run Step 1 to confirm the exact spellings.
Your token has vanta-api.all:read but not vanta-api.all:write. Mint a token with both scopes.
Single-resource update? Use PATCH /v1/integrations/{integrationId}/resource-kinds/{resourceKind}/resources/{resourceId} with { "ownerId": "...", "description": "..." } instead. It returns 204 No Content on success.

Congratulations

You’ve assigned active owners and descriptions to your inventory resources. Those resources will now pass the Inventory items have active owners and Inventory items have descriptions tests, and the changes are captured in your audit log.

Next steps

Scope resources in or out

Mark resources inScope: false to exclude them from tests entirely.

Assign a control owner

Make a specific user accountable for the controls these resources support.

Try it in Postman

Import the collection and run the bulk PATCH against a sandbox in seconds.

Manage Vanta API reference

Browse every Manage Vanta endpoint — controls, tests, documents, people, integrations.