Add a new vendor to the account

Create a new vendor resource in the account

Securitybearer

Request

Request Body schema: application/json

name required	string <= 191 characters The name of a vendor
category required	string The type of vendor Enum: "ENGINEERING" "PRODUCT" "MARKETING" "CS" "SALES" "FINANCE" "HR" "ADMINISTRATIVE" "SECURITY" "LEGAL"
risk required	string The level of risk for customer data Enum: "NONE" "LOW" "MODERATE" "HIGH"
critical required	boolean Does this vendor is considered as critical
isSubProcessor required	boolean Does this vendor is considered as sub-processor
isSubProcessorActive required	boolean Does this subprocessor is active
userId required	number <= 1000000000 The user ID of the person responsible for the compliance of this vendor
url required	string <= 191 characters Vendor URL
privacyUrl	string <= 191 characters Vendor Privacy Policy URL
termsUrl	string <= 191 characters Vendor Terms of Use URL
servicesProvided required	string <= 30000 characters Describe vendor services
dataStored required	string <= 30000 characters What type of data the vendor stores
location	string <= 30000 characters Location of the vendor services
hasPii required	boolean Does this vendor store any type of PII
passwordPolicy required	string The vendor password policy Enum: "USERNAME_PASSWORD" "SSO" "LDAP"
passwordRequiresMinLength required	boolean Is there a minimum length for user passwords
passwordMinLength	number [ 6 .. 12 ] Minimum character length for a password
passwordRequiresNumber required	boolean Does a password require numbers
passwordRequiresSymbol required	boolean Does a password require non-alpha-numeric characters
passwordMfaEnabled required	boolean Is mult-factor authentication enabled for this vendor
contactAtVendor	string <= 191 characters The name of the corresponding account manager for this vendor
contactsEmail	string <= 191 characters The email of the corresponding account manager for this vendor
notes	string <= 30000 characters Additional notes for vendor
renewalDate	string or null Vendor renewal date
renewalScheduleType	string or null Vendor renewal schedule type Enum: "ONE_MONTH" "TWO_MONTHS" "THREE_MONTHS" "SIX_MONTHS" "ONE_YEAR" "CUSTOM"
confirmed	boolean or null Is all vendor data confirmed?
isComplianceReviewRequired required	boolean Is vendor compliance report review required?

Responses

201

Record created!

400

Malformed data and/or validation errors

401

Invalid Authorization

403

You are not allowed to perform this action

500

Internal server error

default

Response Code: 412

You must accept the Drata terms and conditions to use the API

post/public/vendors

Request samples

application/json

{"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"critical": false,
"isSubProcessor": false,
"isSubProcessorActive": false,
"userId": 1,
"url": "https://acme.com",
"privacyUrl": "https://acme.com/privacy",
"termsUrl": "https://acme.com/terms",
"servicesProvided": "Perform security scans once a month",
"dataStored": "resulting reports of security scans",
"location": "San Diego",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"renewalDate": "2023-09-19",
"renewalScheduleType": "ONE_YEAR",
"confirmed": true,
"isComplianceReviewRequired": true
}

Response samples

application/json

{"id": 1,
"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"critical": false,
"location": "USA",
"url": "https://acme.com",
"privacyUrl": "https://acme.com/privacy",
"termsUrl": "https://acme.com/terms",
"servicesProvided": "Perform security scans once a month",
"dataStored": "resulting reports of security scans",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"logoUrl": "https://cdn-prod.imgpilot.com/logo.png",
"createdAt": "2020-07-06 12:00:00.000000",
"updatedAt": "2020-07-06 12:00:00.000000",
"user": {"id": 1,
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2020-07-06 12:00:00.000000",
"createdAt": "2020-07-06 12:00:00.000000",
"updatedAt": "2020-07-06 12:00:00.000000",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2020-07-06 12:00:00.000000",
"invitationEmail": "[email protected]",
"linkedAt": "2020-07-06 12:00:00.000000",
"createdAt": "2020-07-06 12:00:00.000000",
"updatedAt": "2020-07-06 12:00:00.000000"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2020-07-06 12:00:00.000000",
"disconnectedAt": "2020-07-06 12:00:00.000000",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2020-07-06 12:00:00.000000",
"failedAt": "2020-07-06 12:00:00.000000",
"key": "[email protected]",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "drata.com",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2020-07-06 12:00:00.000000",
"aliasUpdatedAt": "2020-07-06 12:00:00.000000",
"deletedAt": "2020-07-06 12:00:00.000000",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": "",
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": "ACCOUNT_ADMIN_DISABLED",
"groupLabel": "Everyone"
},
"hasIdp": true
}
]
},
"documents": [{"id": 1,
"name": "AWS SOC 2 2018",
"fileUrl": "http://localhost:5000/download/vendors/1",
"createdAt": "2020-07-06 12:00:00.000000",
"updatedAt": "2020-07-06 12:00:00.000000"
}
],
"lastQuestionnaire": { },
"isSubProcessor": false,
"isSubProcessorActive": false,
"archivedAt": null,
"status": "ACTIVE",
"renewalDate": "2023-09-19",
"renewalScheduleType": "ONE_YEAR",
"renewalDateStatus": "COMPLETED",
"confirmedAt": "Tue Sep 19 2023",
"reviews": [{"id": 1,
"updatedAt": "2023-09-19",
"reviewer": "John Doe",
"reviewDate": "2023-09-19",
"reportIssueDate": "2023-09-19",
"socReport": "SOC_1",
"socReportType1": true,
"socReportType2": true,
"socType1StartDate": "2023-09-19",
"socType1EndDate": "2023-09-19",
"socType2StartDate": "2023-09-19",
"socType2EndDate": "2023-09-19",
"reportOpinion": "UNQUALIFIED",
"encompassBusinessNeeds": true,
"followUpActivity": "User must proceed to...",
"hasMaterialImpact": true,
"cpaFirm": "CPA firm name",
"cpaProcedurePerformed": "The following procedures were performed...",
"subserviceOrganization": "Subservice Inc.",
"subserviceOrganizationUsingInclusiveMethod": true,
"subserviceOrganizationProcedurePerformed": "The following procedures were performed...",
"trustServiceCategories": [{"id": 1,
"category": "AVAILABILITY"
}
],
"userControls": [{"id": 1,
"name": "End User Control 1",
"inPlace": true
}
],
"services": [{"id": 1,
"name": "Service 1"
}
],
"locations": [{"id": 1,
"city": "San Diego",
"stateCountry": "CA"
}
],
"findings": [{"id": 1,
"description": "Finding 1"
}
]
}
],
"isComplianceReviewRequired": false
}