Upload document by vendor id

Upload vendor documents
Securitybearer
Request
path Parameters

required
number
Request Body schema: multipart/form-data
required

type	string or null Vendor document type Enum: "COMPLIANCE_REPORT" "COMPLIANCE_REPORT_REVIEW" "BRIDGE_LETTER" "UPLOADED_COMPLIANCE_REPORT_REVIEW" "QUESTIONNAIRE_ATTACHMENT" "SOC_DOCUMENT"
file required	string <binary> Accepted file extensions: .pdf, .docx, .odt, .xlsx, .ods, .pptx, .odp, .gif, .jpeg, .jpg, .png
Responses
201
Record created!
400
Malformed data and/or validation errors
401
Invalid Authorization
402
Response Code 402

You must pay to activate this feature
403
You are not allowed to perform this action
412
Response Code: 412

You must accept the Drata terms and conditions to use the API
413
The file was too large to upload
500
Internal server error
503
Third party system was unavailable
post/vendors/{id}/documents
Request samples
Response samples
application/json
{"data": [{"id": 1,
"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"type": "CONTRACTOR",
"critical": false,
"location": "USA",
"url": "https://acme.com",
"privacyUrl": "https://acme.com",
"termsUrl": "https://acme.com",
"trustCenterUrl": "https://trust.drata.com",
"trustCenterProvider": "DRATA",
"servicesProvided": "Perform security scans once a month",
"dataStored": "Resulting reports of security scans",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"logoUrl": "https://cdn-prod.imgpilot.com/logo.png",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"user": {"id": 1,
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "drata.com",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
]
},
"vendorRelationshipContact": {"id": 1,
"email": "[email protected]",
"firstName": "Adam",
"lastName": "Attack",
"createdAt": "2025-01-08T21:18:10.846Z",
"updatedAt": "2025-01-10T23:46:09.000Z"
},
"documents": [{"id": 1,
"name": "AWS SOC 2 2018",
"fileUrl": "http://localhost:5000/download/vendors/1",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"lastQuestionnaire": {"vendorId": 0,
"sendAt": "string",
"sentEmail": "string",
"file": "string",
"respondedAt": "string",
"responseId": 0,
"isManualUpload": true,
"completedBy": "string"
},
"isSubProcessor": false,
"isSubProcessorActive": false,
"archivedAt": "2025-07-01T16:45:55.246Z",
"status": "ACTIVE",
"renewalDate": "2020-07-06",
"renewalScheduleType": "ONE_YEAR",
"renewalDateStatus": "COMPLETED",
"confirmedAt": "2025-07-01T16:45:55.246Z",
"reviews": [{"id": 1,
"updatedAt": "2025-07-01T16:45:55.246Z",
"reviewer": "John Doe",
"reviewDate": "2025-07-01T16:45:55.246Z",
"reportIssueDate": "2025-07-01T16:45:55.246Z",
"socReport": "SOC_1",
"socReportType1": true,
"socReportType2": true,
"socType1StartDate": "2025-07-01T16:45:55.246Z",
"socType1EndDate": "2025-07-01T16:45:55.246Z",
"socType2StartDate": "2025-07-01T16:45:55.246Z",
"socType2EndDate": "2025-07-01T16:45:55.246Z",
"reportOpinion": "UNQUALIFIED",
"encompassBusinessNeeds": true,
"followUpActivity": "User must proceed to...",
"hasMaterialImpact": true,
"cpaFirm": "CPA firm name",
"cpaProcedurePerformed": "The following procedures were performed...",
"subserviceOrganization": "Subservice Inc.",
"subserviceOrganizationUsingInclusiveMethod": true,
"subserviceOrganizationProcedurePerformed": "The following procedures were performed...",
"trustServiceCategories": [{"id": 1,
"category": "AVAILABILITY"
}
],
"userControls": [{"id": 1,
"name": "End User Control 1",
"inPlace": true
}
],
"services": [{"id": 1,
"name": "Service 1"
}
],
"locations": [{"id": 1,
"city": "San Diego",
"stateCountry": "CA"
}
],
"findings": [{"id": 1,
"description": "Finding 1"
}
]
}
],
"sharedAccountId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"isDrataUser": false,
"events": 4,
"impactLevel": "INSIGNIFICANT",
"securityReview": {"id": 1,
"requestedAt": "2019-08-24T14:15:22Z",
"reviewDeadlineAt": "2019-08-24T14:15:22Z",
"decision": "APPROVED",
"note": "string",
"status": "NOT_YET_STARTED",
"type": "SECURITY",
"user": {"id": 1,
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": null,
"clientType": null,
"state": null,
"connected": null,
"connectedAt": null,
"failedAt": null,
"companyId": null,
"assignmentId": null,
"user": null,
"accountId": null,
"clientId": null,
"clientAlias": null,
"manuallyUpdatedAt": null,
"aliasUpdatedAt": null,
"deletedAt": null,
"requestorId": null,
"product": { },
"writeAccessEnabled": null,
"sourcePreference": null,
"securityLabel": null,
"jqlQuery": null,
"authorized": null,
"workspaces": [ ],
"providerTypes": [ ],
"code": null,
"groupLabel": null
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
]
},
"vendor": {"id": 1,
"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"type": "CONTRACTOR",
"critical": false,
"location": "USA",
"url": "https://acme.com",
"privacyUrl": "https://acme.com",
"termsUrl": "https://acme.com",
"trustCenterUrl": "https://trust.drata.com",
"trustCenterProvider": "DRATA",
"servicesProvided": "Perform security scans once a month",
"dataStored": "Resulting reports of security scans",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"logoUrl": "https://cdn-prod.imgpilot.com/logo.png",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"user": {"id": 1,
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": null,
"userId": null,
"status": null,
"caseId": null,
"caseInvitationId": null,
"url": null,
"manualCheckDate": null,
"manuallyCheckUrl": null,
"type": null,
"source": null,
"reportData": null,
"user": null,
"outOfScopeReason": null,
"outOfScopeAt": null,
"invitationEmail": null,
"linkedAt": null,
"createdAt": null,
"updatedAt": null
}
],
"identities": [{"id": null,
"identityId": null,
"username": null,
"connectedAt": null,
"disconnectedAt": null,
"hasMfa": null,
"user": null,
"connection": null,
"hasIdp": null,
"secondaryEmail": null,
"firstName": null,
"lastName": null,
"startedAt": null,
"separatedAt": null,
"isContractor": null,
"jobTitle": null,
"managerId": null,
"managerName": null
}
]
},
"documents": [{"id": 1,
"name": "AWS SOC 2 2018",
"fileUrl": "http://localhost:5000/download/vendors/1",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"lastQuestionnaire": {"vendorId": 0,
"sendAt": "string",
"sentEmail": "string",
"file": "string",
"respondedAt": "string",
"responseId": 0,
"isManualUpload": true,
"completedBy": "string"
},
"isSubProcessor": false,
"isSubProcessorActive": false,
"archivedAt": "2025-07-01T16:45:55.246Z",
"status": "ACTIVE",
"renewalDate": "2020-07-06",
"renewalScheduleType": "ONE_YEAR",
"renewalDateStatus": "COMPLETED",
"confirmedAt": "2025-07-01T16:45:55.246Z",
"reviews": [{"id": 1,
"updatedAt": "2025-07-01T16:45:55.246Z",
"reviewer": "John Doe",
"reviewDate": "2025-07-01T16:45:55.246Z",
"reportIssueDate": "2025-07-01T16:45:55.246Z",
"socReport": "SOC_1",
"socReportType1": true,
"socReportType2": true,
"socType1StartDate": "2025-07-01T16:45:55.246Z",
"socType1EndDate": "2025-07-01T16:45:55.246Z",
"socType2StartDate": "2025-07-01T16:45:55.246Z",
"socType2EndDate": "2025-07-01T16:45:55.246Z",
"reportOpinion": "UNQUALIFIED",
"encompassBusinessNeeds": true,
"followUpActivity": "User must proceed to...",
"hasMaterialImpact": true,
"cpaFirm": "CPA firm name",
"cpaProcedurePerformed": "The following procedures were performed...",
"subserviceOrganization": "Subservice Inc.",
"subserviceOrganizationUsingInclusiveMethod": true,
"subserviceOrganizationProcedurePerformed": "The following procedures were performed...",
"trustServiceCategories": [null
],
"userControls": [null
],
"services": [null
],
"locations": [null
],
"findings": [null
]
}
],
"sharedAccountId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"isDrataUser": false,
"events": 4,
"integrations": [{"id": 1,
"name": "Acme"
}
],
"cost": "1088",
"operationalImpact": "CRITICAL",
"environmentAccess": "READ_ONLY",
"impactLevel": "INSIGNIFICANT",
"dataAccessedOrProcessedList": ["string"
],
"latestSecurityReviews": [{"id": 1,
"requestedAt": "2019-08-24T14:15:22Z",
"reviewDeadlineAt": "2019-08-24T14:15:22Z",
"decision": "APPROVED",
"note": "string",
"status": "NOT_YET_STARTED",
"type": "SECURITY",
"user": {"id": null,
"email": null,
"firstName": null,
"lastName": null,
"jobTitle": null,
"avatarUrl": null,
"drataTermsAgreedAt": null,
"createdAt": null,
"updatedAt": null,
"roles": [ ],
"backgroundChecks": [ ],
"identities": [ ]
},
"vendor": { },
"requesterUser": {"id": null,
"email": null,
"firstName": null,
"lastName": null,
"jobTitle": null,
"avatarUrl": null,
"drataTermsAgreedAt": null,
"createdAt": null,
"updatedAt": null,
"roles": [ ],
"backgroundChecks": [ ],
"identities": [ ]
}
}
],
"riskCount": 0,
"vendorRelationshipContact": {"id": 1,
"email": "[email protected]",
"firstName": "Adam",
"lastName": "Attack",
"createdAt": "2025-01-08T21:18:10.846Z",
"updatedAt": "2025-01-10T23:46:09.000Z"
}
},
"requesterUser": {"id": 1,
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
},
"riskCount": 0
}
],
"page": 1,
"limit": 10,
"total": 100
}