Vendor Documents

Vendor Documents provide compliance-related documentation, such as bridge letters, questionnaires, and SOC reports.

List Vendor Documents

Get a list of Documents for a given Vendor.

🔒 Requires Vendors: List Vendors permission.

Securitybearer
Request
path Parameters
vendorId
required
number
query Parameters
cursor
string

This parameter is used to paginate through results. No value is needed for the first request. If there are additional results, the response will contain a pagination.cursor value that can be used in the subsequent request to retrieve the next page of results

size
number [ 1 .. 50 ]
Default: 20

Number of results to return

sort
string (SortTypeLimitedEnum)

Which field to sort by

Enum: "createdAt" "updatedAt"
sortDir
string (SortDirectionEnum)

The direction to sort the data

Enum: "ASC" "DESC"
type
string (VendorDocumentTypeEnum)

Vendor Document type

Enum: "COMPLIANCE_REPORT" "COMPLIANCE_REPORT_REVIEW" "BRIDGE_LETTER" "UPLOADED_COMPLIANCE_REPORT_REVIEW" "QUESTIONNAIRE_ATTACHMENT" "SOC_DOCUMENT"
expand[]
Array of strings (VendorDocumentExpandEnum)

List of subcollections and sub-objects to expand

Items Value: "downloadUrl"
Responses
200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/vendors/{vendorId}/documents
Request samples 
Response samples 
application/json
{
  • "data": [
    • {
      • "id": 1,
      • "name": "AWS SOC 2 2025",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z",
      • "type": "COMPLIANCE_REPORT",
      • "downloadUrl": {}
      }
    ],
  • "pagination": {
    • "cursor": "string"
    }
}
Upload Vendor Document
Upload a Vendor Document.


🔒 Requires Vendors: Upload Vendor Report permission.


Securitybearer 
Request 
path Parameters
vendorId
required
number
 
Request Body schema: multipart/form-data
required
file
required
string <binary> 
Accepted file extensions: .pdf, .docx, .odt, .xlsx, .ods, .pptx, .odp, .gif, .jpeg, .jpg, .png. MIME type must match the file extension


 
securityReviewId
number or null
Security Review ID, when set this will attach the document to this security review


 
type
string
Vendor Document type


 Enum: "COMPLIANCE_REPORT" "COMPLIANCE_REPORT_REVIEW" "BRIDGE_LETTER" "UPLOADED_COMPLIANCE_REPORT_REVIEW" "QUESTIONNAIRE_ATTACHMENT" "SOC_DOCUMENT"  
Responses 
201
Created


400
Malformed data and/or validation errors


401
Invalid Authorization


402
You must upgrade your plan to use this feature


403
You are not allowed to perform this action


412
You must accept the Drata terms and conditions to use the API


413
The file was too large to upload


500
Internal server error


503
Third party system was unavailable


post/vendors/{vendorId}/documents
Request samples 
Response samples 
application/json
{
  • "id": 1,
  • "name": "AWS SOC 2 2025",
  • "createdAt": "2025-07-01T16:45:55.246Z",
  • "updatedAt": "2025-07-01T16:45:55.246Z",
  • "type": "COMPLIANCE_REPORT",
  • "downloadUrl": {}
}
Get Vendor Document
🔒 Requires Vendors: Get Vendor permission.


Securitybearer 
Request 
path Parameters
vendorId
required
number
 
documentId
required
number
 
Responses 
200
401
Invalid Authorization


402
You must upgrade your plan to use this feature


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


get/vendors/{vendorId}/documents/{documentId}
Request samples 
Response samples 
application/json
{
  • "id": 1,
  • "name": "AWS SOC 2 2025",
  • "createdAt": "2025-07-01T16:45:55.246Z",
  • "updatedAt": "2025-07-01T16:45:55.246Z",
  • "type": "COMPLIANCE_REPORT",
  • "downloadUrl": {}
}