Upload document by vendor id

Upload vendor documents

Securitybearer

Request

path Parameters

required

number

Request Body schema: multipart/form-data
required

type	string or null Vendor document type Enum: "COMPLIANCE_REPORT" "COMPLIANCE_REPORT_REVIEW" "BRIDGE_LETTER" "UPLOADED_COMPLIANCE_REPORT_REVIEW" "QUESTIONNAIRE_ATTACHMENT" "SOC_DOCUMENT"
file required	string <binary> Accepted file extensions: .pdf, .docx, .odt, .xlsx, .ods, .pptx, .odp, .gif, .jpeg, .jpg, .png

Responses

201

Record created!

400

Malformed data and/or validation errors

401

Invalid Authorization

402

Response Code 402

You must pay to activate this feature

403

You are not allowed to perform this action

412

Response Code: 412

You must accept the Drata terms and conditions to use the API

413

The file was too large to upload

500

Internal server error

503

Third party system was unavailable

post/vendors/{id}/documents

Request samples

Response samples

application/json

{"data": [{"id": 1,
"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"type": "CONTRACTOR",
"critical": false,
"location": "USA",
"url": "https://acme.com",
"privacyUrl": "https://acme.com",
"termsUrl": "https://acme.com",
"trustCenterUrl": "https://trust.drata.com",
"trustCenterProvider": "DRATA",
"servicesProvided": "Perform security scans once a month",
"dataStored": "Resulting reports of security scans",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"logoUrl": "https://cdn-prod.imgpilot.com/logo.png",
"createdAt": "2020-07-06 12:00:00.000000",
"updatedAt": "2020-07-06 12:00:00.000000",
"user": { },
"vendorRelationshipContact": {"id": 1,
"email": "[email protected]",
"firstName": "Adam",
"lastName": "Attack",
"createdAt": "2025-01-08T21:18:10.846Z",
"updatedAt": "2025-01-10T23:46:09.000Z"
},
"documents": [{"id": 1,
"name": "AWS SOC 2 2018",
"fileUrl": "http://localhost:5000/download/vendors/1",
"createdAt": "2020-07-06 12:00:00.000000",
"updatedAt": "2020-07-06 12:00:00.000000"
}
],
"lastQuestionnaire": { },
"isSubProcessor": false,
"isSubProcessorActive": false,
"archivedAt": "2020-07-06 12:00:00.000000",
"status": "ACTIVE",
"renewalDate": "2020-07-06",
"renewalScheduleType": "ONE_YEAR",
"renewalDateStatus": "COMPLETED",
"confirmedAt": "2020-07-06 12:00:00.000000",
"reviews": [{"id": 1,
"updatedAt": "2025-02-13",
"reviewer": "John Doe",
"reviewDate": "2025-02-13",
"reportIssueDate": "2025-02-13",
"socReport": "SOC_1",
"socReportType1": true,
"socReportType2": true,
"socType1StartDate": "2025-02-13",
"socType1EndDate": "2025-02-13",
"socType2StartDate": "2025-02-13",
"socType2EndDate": "2025-02-13",
"reportOpinion": "UNQUALIFIED",
"encompassBusinessNeeds": true,
"followUpActivity": "User must proceed to...",
"hasMaterialImpact": true,
"cpaFirm": "CPA firm name",
"cpaProcedurePerformed": "The following procedures were performed...",
"subserviceOrganization": "Subservice Inc.",
"subserviceOrganizationUsingInclusiveMethod": true,
"subserviceOrganizationProcedurePerformed": "The following procedures were performed...",
"trustServiceCategories": [{"id": 1,
"category": "AVAILABILITY"
}
],
"userControls": [{"id": 1,
"name": "End User Control 1",
"inPlace": true
}
],
"services": [{"id": 1,
"name": "Service 1"
}
],
"locations": [{"id": 1,
"city": "San Diego",
"stateCountry": "CA"
}
],
"findings": [{"id": 1,
"description": "Finding 1"
}
]
}
],
"sharedAccountId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"isDrataUser": false,
"events": 4,
"impactLevel": "INSIGNIFICANT",
"securityReview": [{"id": 1,
"requestedAt": "2019-08-24T14:15:22Z",
"reviewDeadlineAt": "2019-08-24T14:15:22Z",
"decision": "APPROVED",
"note": "string",
"status": "NOT_YET_STARTED",
"type": "SECURITY",
"user": {"id": 1,
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2020-07-06 12:00:00.000000",
"createdAt": "2020-07-06 12:00:00.000000",
"updatedAt": "2020-07-06 12:00:00.000000",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": null,
"userId": null,
"status": null,
"caseId": null,
"caseInvitationId": null,
"url": null,
"manualCheckDate": null,
"manuallyCheckUrl": null,
"type": null,
"source": null,
"reportData": null,
"user": null,
"outOfScopeReason": null,
"outOfScopeAt": null,
"invitationEmail": null,
"linkedAt": null,
"createdAt": null,
"updatedAt": null
}
],
"identities": [{"id": null,
"identityId": null,
"username": null,
"connectedAt": null,
"disconnectedAt": null,
"hasMfa": null,
"user": null,
"connection": null,
"hasIdp": null,
"secondaryEmail": null,
"firstName": null,
"lastName": null,
"startedAt": null,
"separatedAt": null,
"isContractor": null,
"jobTitle": null,
"managerId": null,
"managerName": null
}
]
},
"vendor": {"id": 1,
"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"type": "CONTRACTOR",
"critical": false,
"location": "USA",
"url": "https://acme.com",
"privacyUrl": "https://acme.com",
"termsUrl": "https://acme.com",
"trustCenterUrl": "https://trust.drata.com",
"trustCenterProvider": "DRATA",
"servicesProvided": "Perform security scans once a month",
"dataStored": "Resulting reports of security scans",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"logoUrl": "https://cdn-prod.imgpilot.com/logo.png",
"createdAt": "2020-07-06 12:00:00.000000",
"updatedAt": "2020-07-06 12:00:00.000000",
"user": { },
"documents": [{"id": null,
"name": null,
"fileUrl": null,
"createdAt": null,
"updatedAt": null
}
],
"lastQuestionnaire": { },
"isSubProcessor": false,
"isSubProcessorActive": false,
"archivedAt": "2020-07-06 12:00:00.000000",
"status": "ACTIVE",
"renewalDate": "2020-07-06",
"renewalScheduleType": "ONE_YEAR",
"renewalDateStatus": "COMPLETED",
"confirmedAt": "2020-07-06 12:00:00.000000",
"reviews": [{"id": null,
"updatedAt": null,
"reviewer": null,
"reviewDate": null,
"reportIssueDate": null,
"socReport": null,
"socReportType1": null,
"socReportType2": null,
"socType1StartDate": null,
"socType1EndDate": null,
"socType2StartDate": null,
"socType2EndDate": null,
"reportOpinion": null,
"encompassBusinessNeeds": null,
"followUpActivity": null,
"hasMaterialImpact": null,
"cpaFirm": null,
"cpaProcedurePerformed": null,
"subserviceOrganization": null,
"subserviceOrganizationUsingInclusiveMethod": null,
"subserviceOrganizationProcedurePerformed": null,
"trustServiceCategories": [ ],
"userControls": [ ],
"services": [ ],
"locations": [ ],
"findings": [ ]
}
],
"sharedAccountId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"isDrataUser": false,
"events": 4,
"integrations": [{ }
],
"cost": "1088",
"operationalImpact": "CRITICAL",
"environmentAccess": "READ_ONLY",
"impactLevel": "INSIGNIFICANT",
"dataAccessedOrProcessedList": [{ }
],
"latestSecurityReviews": [{ }
],
"riskCount": 0,
"vendorRelationshipContact": {"id": 1,
"email": "[email protected]",
"firstName": "Adam",
"lastName": "Attack",
"createdAt": "2025-01-08T21:18:10.846Z",
"updatedAt": "2025-01-10T23:46:09.000Z"
}
},
"requesterUser": { }
}
],
"riskCount": 0
}
],
"page": 1,
"limit": 10,
"total": 100
}