Add a new vendor to the account

Create a new vendor resource in the account

Securitybearer
Request
Request Body schema: application/json
name
required
string <= 191 characters

The name of the vendor

category
string or null

The type of vendor

Enum: "ENGINEERING" "PRODUCT" "MARKETING" "CS" "SALES" "FINANCE" "HR" "ADMINISTRATIVE" "SECURITY" "LEGAL" "NONE"
risk
string

The level of risk associated with customer data

Enum: "NONE" "LOW" "MODERATE" "HIGH"
status
string or null

The status of vendor

Enum: "ACTIVE" "ARCHIVED" "APPROVED" "REJECTED" "FLAGGED" "ON_HOLD" "OFFBOARDED" "UNDER_REVIEW" "NONE"
critical
boolean or null

Does this vendor is considered as critical

isSubProcessor
required
boolean

Indicates whether this vendor is considered a sub-processor

isSubProcessorActive
required
boolean

Indicates whether this subprocessor is active

userId
number or null <= 1000000000

The user ID of the person responsible for vendor compliance

url
string or null <= 191 characters

Vendor URL

privacyUrl
string <= 191 characters

Vendor Privacy Policy URL

termsUrl
string <= 191 characters

Vendor Terms of Use URL

servicesProvided
string or null <= 30000 characters

Description of the services provided by the vendor

dataStored
string or null <= 30000 characters

Description of the type of data the vendor stores

location
string <= 30000 characters

Location where the vendor services are provided

hasPii
required
boolean

Indicates whether this vendor stores any type of Personally Identifiable Information (PII)

passwordPolicy
string or null

The vendor password policy

Enum: "USERNAME_PASSWORD" "SSO" "LDAP" "NONE"
passwordRequiresMinLength
required
boolean

Indicates whether there is a minimum length requirement for password

passwordMinLength
number or null [ 6 .. 12 ]

Minimum character length required for a password

passwordRequiresNumber
required
boolean

Indicates whether a password requires numbers

passwordRequiresSymbol
required
boolean

Indicates whether a password requires non-alpha-numeric characters

passwordMfaEnabled
required
boolean

Indicates whether multi-factor authentication is enabled for this vendor

contactAtVendor
string or null <= 191 characters

Name of the corresponding account manager for this vendor

contactsEmail
string or null <= 191 characters

Email of the corresponding account manager for this vendor

notes
string <= 30000 characters

Additional notes for vendor

renewalDate
string or null

Vendor renewal date

renewalScheduleType
string or null

Vendor renewal schedule type

Enum: "ONE_MONTH" "TWO_MONTHS" "THREE_MONTHS" "SIX_MONTHS" "ONE_YEAR" "CUSTOM"
confirmed
boolean or null

Is all vendor data confirmed?

isComplianceReviewRequired
required
boolean

Is vendor compliance report review required?

type
string or null

Vendor type identifier

Enum: "VENDOR" "SUPPLIER" "CONTRACTOR" "PARTNER" "OTHER" "NONE"
accountId
string <= 36 characters

Account Id

operationalImpact
string or null

Vendor level of operational impact

Enum: "NONE" "LOW" "NORMAL" "IMPORTANT" "CRITICAL"
environmentAccess
string or null

Vendor environment access privileges

Enum: "NO" "READ_ONLY" "READ_WRITE"
impactLevel
string or null

Vendor overall impact level

Enum: "INSIGNIFICANT" "MINOR" "MODERATE" "MAJOR" "CRITICAL"
dataAccessedOrProcessedList
Array of strings or null

List of data accessed or processed enum type

Enum: "GENERAL" "PUBLIC" "CONTROLLED_UNCLASSIFIED" "FINANCIAL" "PROPRIETARY" "EMPLOYEE_PERSONNEL" "PERSONAL_IDENTIFIABLE_INFORMATION" "PROTECTED_HEALTH_INFORMATION" "OTHER_PERSONAL_OR_SENSITIVE"
integrations
Array of numbers

List of vendor IDs

cost
string or null

Annual Contract Value for the vendor in Cents unit

Responses
201

Record created!

400

Malformed data and/or validation errors

401

Invalid Authorization

403

You are not allowed to perform this action

500

Internal server error

default

Response Code: 412

You must accept the Drata terms and conditions to use the API

post/public/vendors
Request samples
application/json
{
  • "name": "Acme",
  • "category": "ENGINEERING",
  • "risk": "MODERATE",
  • "status": "UNDER_REVIEW",
  • "critical": false,
  • "isSubProcessor": false,
  • "isSubProcessorActive": false,
  • "userId": 1,
  • "privacyUrl": "https://acme.com/privacy",
  • "termsUrl": "https://acme.com/terms",
  • "servicesProvided": "Perform security scans once a month",
  • "dataStored": "resulting reports of security scans",
  • "location": "San Diego",
  • "hasPii": true,
  • "passwordPolicy": "USERNAME_PASSWORD",
  • "passwordRequiresMinLength": true,
  • "passwordMinLength": 8,
  • "passwordRequiresNumber": true,
  • "passwordRequiresSymbol": true,
  • "passwordMfaEnabled": true,
  • "contactAtVendor": "John Doe",
  • "contactsEmail": "[email protected]",
  • "notes": "Meeting once a month to adjust contract",
  • "renewalDate": "2024-03-12",
  • "renewalScheduleType": "ONE_YEAR",
  • "confirmed": true,
  • "isComplianceReviewRequired": true,
  • "type": "VENDOR",
  • "accountId": 36,
  • "operationalImpact": "IMPORTANT",
  • "environmentAccess": "READ_ONLY",
  • "impactLevel": "INSIGNIFICANT",
  • "dataAccessedOrProcessedList": [
    • "FINANCIAL",
    • "GENERAL"
    ],
  • "integrations": [
    • 1,
    • 2,
    • 3
    ],
  • "cost": "1088"
}
Response samples
application/json
{
  • "id": 1,
  • "name": "Acme",
  • "category": "ENGINEERING",
  • "risk": "MODERATE",
  • "type": "CONTRACTOR",
  • "critical": false,
  • "location": "USA",
  • "privacyUrl": "https://acme.com",
  • "termsUrl": "https://acme.com",
  • "servicesProvided": "Perform security scans once a month",
  • "dataStored": "Resulting reports of security scans",
  • "hasPii": true,
  • "passwordPolicy": "USERNAME_PASSWORD",
  • "passwordRequiresMinLength": true,
  • "passwordMinLength": 8,
  • "passwordRequiresNumber": true,
  • "passwordRequiresSymbol": true,
  • "passwordMfaEnabled": true,
  • "contactAtVendor": "John Doe",
  • "contactsEmail": "[email protected]",
  • "notes": "Meeting once a month to adjust contract",
  • "createdAt": "2020-07-06 12:00:00.000000",
  • "updatedAt": "2020-07-06 12:00:00.000000",
  • "user": { },
  • "documents": [],
  • "lastQuestionnaire": { },
  • "isSubProcessor": false,
  • "isSubProcessorActive": false,
  • "archivedAt": "2020-07-06 12:00:00.000000",
  • "status": "ACTIVE",
  • "renewalDate": "2020-07-06",
  • "renewalScheduleType": "ONE_YEAR",
  • "renewalDateStatus": "COMPLETED",
  • "confirmedAt": "2020-07-06 12:00:00.000000",
  • "reviews": [
    • {
      • "id": 1,
      • "updatedAt": "2024-03-12",
      • "reviewer": "John Doe",
      • "reviewDate": "2024-03-12",
      • "reportIssueDate": "2024-03-12",
      • "socReport": "SOC_1",
      • "socReportType1": true,
      • "socReportType2": true,
      • "socType1StartDate": "2024-03-12",
      • "socType1EndDate": "2024-03-12",
      • "socType2StartDate": "2024-03-12",
      • "socType2EndDate": "2024-03-12",
      • "reportOpinion": "UNQUALIFIED",
      • "encompassBusinessNeeds": true,
      • "followUpActivity": "User must proceed to...",
      • "hasMaterialImpact": true,
      • "cpaFirm": "CPA firm name",
      • "cpaProcedurePerformed": "The following procedures were performed...",
      • "subserviceOrganization": "Subservice Inc.",
      • "subserviceOrganizationUsingInclusiveMethod": true,
      • "subserviceOrganizationProcedurePerformed": "The following procedures were performed...",
      • "trustServiceCategories": [
        • {
          • "id": 1,
          • "category": "AVAILABILITY"
          }
        ],
      • "userControls": [
        • {
          • "id": 1,
          • "name": "End User Control 1",
          • "inPlace": true
          }
        ],
      • "services": [
        • {
          • "id": 1,
          • "name": "Service 1"
          }
        ],
      • "locations": [
        • {
          • "id": 1,
          • "city": "San Diego",
          • "stateCountry": "CA"
          }
        ],
      • "findings": [
        • {
          • "id": 1,
          • "description": "Finding 1"
          }
        ]
      }
    ],
  • "isComplianceReviewRequired": false,
  • "sharedAccountId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
  • "isDrataUser": false,
  • "events": 4,
  • "integrations": [
    • { }
    ],
  • "cost": "1088",
  • "operationalImpact": "CRITICAL",
  • "environmentAccess": "READ_ONLY",
  • "impactLevel": "INSIGNIFICANT",
  • "dataAccessedOrProcessedList": [
    • { }
    ]
}