The Build Integrations API is for applications that send data into Vanta on behalf of a customer. It powers Vanta’s marketplace integrations and any private connector you build for your own tenant. Use it to ingest user accounts, devices, vulnerabilities, training records, background checks, and arbitrary custom resources.Documentation Index
Fetch the complete documentation index at: https://vanta.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Who is this API for?
This API is the only Vanta API available to partners and is the right choice for any app that ships data into Vanta.| You are… | Use this API to… |
|---|---|
| A partner / ISV building a marketplace integration | Push your product’s data (user accounts, devices, vulnerabilities, etc.) into your customers’ Vanta tenants. This is the only API partners can use — partners cannot access the Manage Vanta API. |
| A Vanta customer building a private integration | Connect a homegrown app, on-prem system, or unsupported SaaS tool to your own Vanta tenant. |
| A Vanta customer syncing data Vanta doesn’t natively cover | Define a custom resource and feed it into Vanta to layer Custom Tests on top. |
Automating workflows inside your own Vanta tenant — assigning control owners, querying tests, managing vendors and personnel? Use the Manage Vanta API instead. (Note: the Manage Vanta API is not available to partners.)
When to use this API
Reach for Build Integrations endpoints when you want to:- Publish a public integration to the Vanta marketplace so any Vanta customer can connect your tool.
- Build a private integration for a homegrown app, on-prem system, or unsupported SaaS tool inside your own tenant.
- Sync resources Vanta doesn’t natively support via custom resources, then layer Custom Tests on top.
- Upload file-based evidence on a customer’s behalf to satisfy evidence requests.
Authentication
Build Integrations apps authenticate with OAuth 2.0. The grant type depends on the app’s distribution:| App type | Distribution | Auth flow |
|---|---|---|
| Public | Listed in the Vanta marketplace; any customer can install | Authorization code (per-customer access_token + refresh_token) |
| Private | Single-tenant; only used inside your own Vanta account | Client credentials (single access_token, no refresh token) |
Vanta Gov customers must replace
app.vanta.com with app.vanta-gov.com in the OAuth authorization URL.Scopes
| Scope | Grants |
|---|---|
connectors.self:write-resource | Push resources into customer Vanta accounts. |
connectors.self:read-resource | Read resources you previously pushed (useful for debugging). |
self:write-document | Upload file-based evidence on a customer’s behalf. |
self:read-document | Query evidence requests you previously responded to. |
Base URL
Usehttps://api.vanta.com, or https://api.vanta-gov.com if you’re on Vanta Gov. See Base URLs for details.
Resource model
Build Integrations endpoints follow aresource_type pattern:
| Method | Endpoint | Use |
|---|---|---|
PUT | /v1/resources/<type> | Idempotent upsert by uniqueId. Push the full set of resources you own on a periodic schedule (typically hourly). |
GET | /v1/resources/<type> | Read back resources you previously pushed. See Pagination for response shape. |
DELETE | /v1/resources/<type>/<uniqueId> | Remove a single resource. |
PUT is safe to retry on network errors. To sync a large dataset, batch resources into multiple PUT calls.
See the resource endpoints in the sidebar for the full list of supported types and their schemas. For anything not natively supported, use the custom resource type.
Pagination
Build IntegrationsGET /v1/resources/<type> endpoints are not paginated. Each request returns the full list of resources for the given type in a single resources array:
pageSize, pageCursor, or pageInfo fields. To sync a large dataset, use the corresponding PUT /v1/resources/<type> endpoint to push resources to Vanta in batches.
Rate limits
| Endpoint group | Limit |
|---|---|
| Build Integrations endpoints | 20 / minute per access token |
OAuth (/oauth/token) | 5 / minute |
429 Too Many Requests. Back off and retry after a short delay.
Common workflows
Build a private integration
Single-tenant integration for your own Vanta account, end to end.
Build a public integration
Partner flow: register, OAuth, push resources, list in the marketplace.
Resources
Deep dive on the resource lifecycle, idempotency model, and custom resources.
Tools
Postman Collection
Import the collection to explore endpoints quickly.
SDKs
Official client libraries for the Vanta API.