Skip to main content

Documentation Index

Fetch the complete documentation index at: https://vanta.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

The Manage Vanta API is the operational surface for your own Vanta tenant. Use it to automate the work your team would otherwise click through in the Vanta dashboard — assigning control owners, uploading evidence, syncing personnel, querying test results, and managing vendors.

Who is this API for?

This API is for Vanta customers automating their own tenant. It is not available to partners building marketplace integrations — partners must use the Build Integrations API.
You are…Use this API to…
A Vanta customer’s security or GRC teamAutomate compliance workflows in your own tenant: assign control owners, surface overdue tasks, manage vendors.
A Vanta customer’s engineering teamPull tests, manage frameworks and automate your compliance program.
Building an integration that syncs data into Vanta from an external tool? Use the Build Integrations API instead.

When to use this API

Reach for Manage Vanta endpoints when you want to:
  • Automate compliance workflows — assign control owners, mark people as not-a-person, surface overdue tasks.
  • Report on your security posture — query controls, tests, vulnerabilities, and resources to feed dashboards or downstream systems.
  • Manage your vendor inventory — create vendors, attach documentation, and apply custom fields.
If you’re new to the API, start with the Manage Vanta quickstart to authenticate and make your first call.

Authentication

All requests require an Authorization: Bearer <access_token> header obtained via the client credentials OAuth flow. Create a Manage Vanta application in the Developer Console, then exchange your client_id and client_secret for a token. See the API overview for the full flow and token lifecycle.

Scopes

ScopeGrants
vanta-api.all:readGET access to all Manage Vanta endpoints.
vanta-api.all:writePUT, PATCH, POST, DELETE access to all Manage Vanta endpoints.
vanta-api.documents:uploadUpload files via the document upload endpoint.
vanta-api.vendors:readGET access to vendor endpoints.
vanta-api.vendors:writeWrite access to vendor endpoints.
Request only the scopes your application needs. Requesting a scope that doesn’t match your application type returns invalid_scope.

Base URL

Use https://api.vanta.com, or https://api.vanta-gov.com if you’re on Vanta Gov. See Base URLs for details.

Pagination

List endpoints use cursor-based pagination via the pageSize and pageCursor query parameters. To page through results:
  1. Make the initial request, optionally setting pageSize (defaults vary by endpoint).
  2. Check results.pageInfo.hasNextPage in the response.
  3. If true, pass results.pageInfo.endCursor as the pageCursor in your next request.
  4. Repeat until hasNextPage is false.
Responses are wrapped as: 
{
  "results": {
    "data": [ /* ... */ ],
    "pageInfo": {
      "endCursor": "...",
      "hasNextPage": true,
      "hasPreviousPage": false,
      "startCursor": "..."
    }
  }
}
Many list endpoints also support filters — see the per-endpoint reference for available options.

Trust Center

Trust Center endpoints (/trust-centers/{slugId}/...) require your Trust Center’s slugId as a path parameter. To find it:
  1. In Vanta, navigate to Trust Center > Overview.
  2. In the top right, copy the unique URL for your Trust Center — it looks like https://app.vanta.com/your-domain.com/trust/tz7gh0fvb2ymzbl34hca2w. The slugId is the final segment (in this example, tz7gh0fvb2ymzbl34hca2w).
  3. If you’ve configured a custom domain, visit your public Trust Center, view source, and look for the data-slug attribute on the <head> element.
Trust Center slugId location

Rate limits

Endpoint groupLimit
Manage Vanta endpoints50 / minute
OAuth (/oauth/token)5 / minute
Exceeding a limit returns 429 Too Many Requests. Back off and retry after a short delay.

Common workflows

Add an owner to a control

Programmatically assign control ownership across your framework.

Upload a document

Attach evidence to controls, vendors, or tests.

Manage personnel

Surface overdue tasks, offboard people, and mark non-personnel.

Query test results

Build dashboards from failing tests and resources.

Tools

Postman Collection

Import the collection to explore endpoints quickly.

MCP Server

Connect AI assistants to the Vanta API.

SDKs

Official client libraries for the Vanta API.

Webhooks

Subscribe to events and receive real-time updates.