Add a new vendor to the account

Create a new vendor resource in the account

Securitybearer

Request

Request Body schema: application/json
required

name required	string <= 191 characters The name of the vendor
category	string or null The type of vendor Enum: "ENGINEERING" "PRODUCT" "MARKETING" "CS" "SALES" "FINANCE" "HR" "ADMINISTRATIVE" "SECURITY" "LEGAL" "INFORMATION_TECHNOLOGY" "NONE"
risk	string The level of risk associated with customer data Enum: "NONE" "LOW" "MODERATE" "HIGH"
status	string or null The status of vendor Enum: "POTENTIAL" "ACTIVE" "ARCHIVED" "APPROVED" "REJECTED" "FLAGGED" "ON_HOLD" "OFFBOARDED" "UNDER_REVIEW" "NONE"
critical	boolean or null Does this vendor is considered as critical
isSubProcessor required	boolean Indicates whether this vendor is considered a sub-processor
isSubProcessorActive required	boolean Indicates whether this subprocessor is active
userId	number or null <= 1000000000 The user ID of the person responsible for vendor compliance
url	string or null <= 191 characters Vendor URL
privacyUrl	string <= 191 characters Vendor Privacy Policy URL
termsUrl	string <= 191 characters Vendor Terms of Use URL
servicesProvided	string or null <= 30000 characters Description of the services provided by the vendor
dataStored	string or null <= 30000 characters Description of the type of data the vendor stores
location	string <= 30000 characters Location where the vendor services are provided
hasPii required	boolean Indicates whether this vendor stores any type of Personally Identifiable Information (PII)
passwordPolicy	string or null The vendor password policy Enum: "USERNAME_PASSWORD" "SSO" "LDAP" "NONE"
passwordRequiresMinLength required	boolean Indicates whether there is a minimum length requirement for password
passwordMinLength	number or null [ 6 .. 12 ] Minimum character length required for a password
passwordRequiresNumber required	boolean Indicates whether a password requires numbers
passwordRequiresSymbol required	boolean Indicates whether a password requires non-alpha-numeric characters
passwordMfaEnabled required	boolean Indicates whether multi-factor authentication is enabled for this vendor
contactAtVendor	string or null <= 191 characters Name of the corresponding account manager for this vendor
contactsEmail	string or null <= 191 characters Email of the corresponding account manager for this vendor
notes	string <= 30000 characters Additional notes for vendor
renewalDate	string or null Vendor renewal date
renewalScheduleType	string or null Vendor renewal schedule type Enum: "ONE_MONTH" "TWO_MONTHS" "THREE_MONTHS" "SIX_MONTHS" "ONE_YEAR" "CUSTOM" "NONE"
confirmed	boolean or null Is all vendor data confirmed?
type	string or null Vendor type identifier Enum: "VENDOR" "SUPPLIER" "CONTRACTOR" "PARTNER" "OTHER" "NONE"
accountId	string <= 36 characters Account Id
operationalImpact	string or null Vendor level of operational impact Enum: "NONE" "LOW" "NORMAL" "IMPORTANT" "CRITICAL"
environmentAccess	string or null Vendor environment access privileges Enum: "NO" "READ_ONLY" "READ_WRITE"
impactLevel	string or null Vendor overall impact level Enum: "INSIGNIFICANT" "MINOR" "MODERATE" "MAJOR" "CRITICAL" "UNSCORED"
dataAccessedOrProcessedList	Array of strings or null List of data accessed or processed enum type Enum: "GENERAL" "PUBLIC" "CONTROLLED_UNCLASSIFIED" "FINANCIAL" "PROPRIETARY" "EMPLOYEE_PERSONNEL" "PERSONAL_IDENTIFIABLE_INFORMATION" "PROTECTED_HEALTH_INFORMATION" "OTHER_PERSONAL_OR_SENSITIVE" "CARDHOLDER_DATA"
integrations	Array of numbers List of vendor IDs
cost	string or null Annual Contract Value for the vendor in Cents unit
excludeIds	Array of numbers or null Excluded vendor ids.

Responses

201

Record created!

400

Malformed data and/or validation errors

401

Invalid Authorization

403

You are not allowed to perform this action

500

Internal server error

default

Response Code: 412

You must accept the Drata terms and conditions to use the API

post/vendors

Request samples

application/json

{"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"status": "UNDER_REVIEW",
"critical": false,
"isSubProcessor": false,
"isSubProcessorActive": false,
"userId": 1,
"url": "https://acme.com",
"privacyUrl": "https://acme.com/privacy",
"termsUrl": "https://acme.com/terms",
"servicesProvided": "Perform security scans once a month",
"dataStored": "resulting reports of security scans",
"location": "San Diego",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"renewalDate": "2024-11-22",
"renewalScheduleType": "ONE_YEAR",
"confirmed": true,
"type": "VENDOR",
"accountId": 36,
"operationalImpact": "IMPORTANT",
"environmentAccess": "READ_ONLY",
"impactLevel": "INSIGNIFICANT",
"dataAccessedOrProcessedList": ["FINANCIAL",
"GENERAL"
],
"integrations": [1,
2,
3
],
"cost": "1088",
"excludeIds": [1,
2
]
}

Response samples

application/json

{"id": 1,
"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"type": "CONTRACTOR",
"critical": false,
"location": "USA",
"url": "https://acme.com",
"privacyUrl": "https://acme.com",
"termsUrl": "https://acme.com",
"servicesProvided": "Perform security scans once a month",
"dataStored": "Resulting reports of security scans",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"logoUrl": "https://cdn-prod.imgpilot.com/logo.png",
"createdAt": "2020-07-06 12:00:00.000000",
"updatedAt": "2020-07-06 12:00:00.000000",
"user": { },
"documents": [{"id": 1,
"name": "AWS SOC 2 2018",
"fileUrl": "http://localhost:5000/download/vendors/1",
"createdAt": "2020-07-06 12:00:00.000000",
"updatedAt": "2020-07-06 12:00:00.000000"
}
],
"lastQuestionnaire": { },
"isSubProcessor": false,
"isSubProcessorActive": false,
"archivedAt": "2020-07-06 12:00:00.000000",
"status": "ACTIVE",
"renewalDate": "2020-07-06",
"renewalScheduleType": "ONE_YEAR",
"renewalDateStatus": "COMPLETED",
"confirmedAt": "2020-07-06 12:00:00.000000",
"reviews": [{"id": 1,
"updatedAt": "2024-11-22",
"reviewer": "John Doe",
"reviewDate": "2024-11-22",
"reportIssueDate": "2024-11-22",
"socReport": "SOC_1",
"socReportType1": true,
"socReportType2": true,
"socType1StartDate": "2024-11-22",
"socType1EndDate": "2024-11-22",
"socType2StartDate": "2024-11-22",
"socType2EndDate": "2024-11-22",
"reportOpinion": "UNQUALIFIED",
"encompassBusinessNeeds": true,
"followUpActivity": "User must proceed to...",
"hasMaterialImpact": true,
"cpaFirm": "CPA firm name",
"cpaProcedurePerformed": "The following procedures were performed...",
"subserviceOrganization": "Subservice Inc.",
"subserviceOrganizationUsingInclusiveMethod": true,
"subserviceOrganizationProcedurePerformed": "The following procedures were performed...",
"trustServiceCategories": [{"id": 1,
"category": "AVAILABILITY"
}
],
"userControls": [{"id": 1,
"name": "End User Control 1",
"inPlace": true
}
],
"services": [{"id": 1,
"name": "Service 1"
}
],
"locations": [{"id": 1,
"city": "San Diego",
"stateCountry": "CA"
}
],
"findings": [{"id": 1,
"description": "Finding 1"
}
]
}
],
"sharedAccountId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"isDrataUser": false,
"events": 4,
"integrations": [{ }
],
"cost": "1088",
"operationalImpact": "CRITICAL",
"environmentAccess": "READ_ONLY",
"impactLevel": "INSIGNIFICANT",
"dataAccessedOrProcessedList": [{ }
],
"latestSecurityReviews": [{"id": 1,
"requestedAt": "2019-08-24T14:15:22Z",
"reviewDeadlineAt": "2019-08-24T14:15:22Z",
"decision": "APPROVED",
"note": "string",
"status": "NOT_YET_STARTED",
"type": "SECURITY",
"requesterUser": {"id": 1,
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2020-07-06 12:00:00.000000",
"createdAt": "2020-07-06 12:00:00.000000",
"updatedAt": "2020-07-06 12:00:00.000000",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2020-07-06 12:00:00.000000",
"invitationEmail": "[email protected]",
"linkedAt": "2020-07-06 12:00:00.000000",
"createdAt": "2020-07-06 12:00:00.000000",
"updatedAt": "2020-07-06 12:00:00.000000"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2020-07-06 12:00:00.000000",
"disconnectedAt": "2020-07-06 12:00:00.000000",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2020-07-06 12:00:00.000000",
"failedAt": "2020-07-06 12:00:00.000000",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "drata.com",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2020-07-06 12:00:00.000000",
"aliasUpdatedAt": "2020-07-06 12:00:00.000000",
"deletedAt": "2020-07-06 12:00:00.000000",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": "",
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true
}
]
},
"user": {"id": 1,
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2020-07-06 12:00:00.000000",
"createdAt": "2020-07-06 12:00:00.000000",
"updatedAt": "2020-07-06 12:00:00.000000",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2020-07-06 12:00:00.000000",
"invitationEmail": "[email protected]",
"linkedAt": "2020-07-06 12:00:00.000000",
"createdAt": "2020-07-06 12:00:00.000000",
"updatedAt": "2020-07-06 12:00:00.000000"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2020-07-06 12:00:00.000000",
"disconnectedAt": "2020-07-06 12:00:00.000000",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2020-07-06 12:00:00.000000",
"failedAt": "2020-07-06 12:00:00.000000",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "drata.com",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2020-07-06 12:00:00.000000",
"aliasUpdatedAt": "2020-07-06 12:00:00.000000",
"deletedAt": "2020-07-06 12:00:00.000000",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": "",
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true
}
]
},
"vendor": { }
}
],
"riskCount": 0
}

Add a new vendor to the account

Request Body schema: application/jsonrequired

Request Body schema: application/json
required