Vendors

Find vendors by search terms and filters

List vendors given the provided search terms and filters

🔒 Requires Vendors: List Vendors permission.

Securitybearer

Request

query Parameters

page	number >= 1 Default: 1 Which page of data are you requesting
limit	number [ 1 .. 50 ] Default: 20 How many items are you requesting
q	string Filter data to search term Example: q=Acme
sort	string Which type of sort (default: NAME) Enum: "CATEGORY" "NAME" "POLICY" "RISK" "USER" "TYPE" "STATUS" "IMPACT_LEVEL" Example: sort=NAME
sortDir	string Which direction to sort the data (default: ASC) Enum: "ASC" "DESC" Example: sortDir=ASC
category	string Filter data to vendors of this category Enum: "ENGINEERING" "PRODUCT" "MARKETING" "CS" "SALES" "FINANCE" "HR" "ADMINISTRATIVE" "SECURITY" "LEGAL" "INFORMATION_TECHNOLOGY" "NONE" Example: category=ENGINEERING
risk	string Filter data to vendors of this risk level Enum: "NONE" "LOW" "MODERATE" "HIGH" Example: risk=MODERATE
status	string The status of vendor Enum: "PROSPECTIVE" "ACTIVE" "ARCHIVED" "APPROVED" "REJECTED" "FLAGGED" "ON_HOLD" "OFFBOARDED" "UNDER_REVIEW" "NONE" Example: status=UNDER_REVIEW
contactEmail	string <email> The contact email of vendor Example: [email protected]
contactName	string The name of the primary contact person Example: contactName=John Doe
critical	boolean Filter data to vendors depending on if it is considered critical Example: critical=false
passwordPolicy	string Filter data to vendors with this password policy Enum: "USERNAME_PASSWORD" "SSO" "LDAP" "NONE" "NOT_APPLICABLE" "SCIM" "OTHER" Example: passwordPolicy=USERNAME_PASSWORD
userId	number <= 1000000000 Filter data to a person responsible for vendors Example: userId=1
withLastQuestionnaires	boolean Add last questionnaires to vendors Example: withLastQuestionnaires=false
type	string Filter data to vendors of this type Enum: "VENDOR" "SUPPLIER" "CONTRACTOR" "PARTNER" "OTHER" "NONE" Example: type=CONTRACTOR
impactLevel	string Vendor overall impact level Enum: "INSIGNIFICANT" "MINOR" "MODERATE" "MAJOR" "CRITICAL" "UNSCORED" Example: impactLevel=INSIGNIFICANT
isArchived	boolean Get archived or unarchived vendors Example: isArchived=false
renewalDate	string Vendor renewal date Example: renewalDate=2025-07-01T16:45:55.246Z
renewalScheduleType	string Vendor renewal schedule type Enum: "ONE_MONTH" "TWO_MONTHS" "THREE_MONTHS" "SIX_MONTHS" "ONE_YEAR" "CUSTOM" "NONE" Example: renewalScheduleType=ONE_YEAR
renewalDateStatus	string Vendor renewal status based on how close it is to the renewal due date Enum: "NO_RENEWAL" "COMPLETED" "RENEWAL_DUE_SOON" "RENEWAL_DUE" Example: renewalDateStatus=COMPLETED
nextReviewDeadlineStatus	string Vendor next review deadline from security review Enum: "NO_RENEWAL" "DUE_SOON" "OVERDUE" Example: nextReviewDeadlineStatus=NO_RENEWAL
scheduledQuestionnaireStatus	string Vendor scheduled questionnaire status Enum: "ENABLED" "DISABLED" Example: scheduledQuestionnaireStatus=ENABLED
securityReviewStatus	string Vendor security review status Enum: "NO_SECURITY" "UP_TO_DATE" "IN_PROGRESS" "NEEDS_REVIEW" "COMPLETED" "NO_PAST_REVIEW" Example: securityReviewStatus=NO_SECURITY
sharedAccountId	string Shared account id

Responses

200

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/vendors

Request samples

Response samples

application/json

{"data": [{"id": 1,
"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"type": "CONTRACTOR",
"critical": false,
"location": "USA",
"url": "https://acme.com",
"privacyUrl": "https://acme.com",
"termsUrl": "https://acme.com",
"trustCenterUrl": "https://trust.drata.com",
"trustCenterProvider": "DRATA",
"servicesProvided": "Perform security scans once a month",
"dataStored": "Resulting reports of security scans",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"logoUrl": "https://cdn-prod.imgpilot.com/logo.png",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"user": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": null,
"name": null,
"type": null,
"fileUrl": null,
"renewalDate": null,
"createdAt": null,
"updatedAt": null
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
},
"vendorRelationshipContact": {"id": 1,
"email": "[email protected]",
"firstName": "Adam",
"lastName": "Attack",
"createdAt": "2025-01-08T21:18:10.846Z",
"updatedAt": "2025-01-10T23:46:09.000Z"
},
"documents": [{"id": 1,
"name": "AWS SOC 2 2018",
"fileUrl": "http://localhost:5000/download/vendors/1",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"lastQuestionnaire": {"vendorId": 0,
"sendAt": "string",
"sentEmail": "string",
"file": "string",
"respondedAt": "string",
"responseId": 0,
"isManualUpload": true,
"completedBy": "string"
},
"isSubProcessor": false,
"isSubProcessorActive": false,
"archivedAt": "2025-07-01T16:45:55.246Z",
"status": "ACTIVE",
"renewalDate": "2020-07-06",
"renewalScheduleType": "ONE_YEAR",
"renewalDateStatus": "COMPLETED",
"confirmedAt": "2025-07-01T16:45:55.246Z",
"reviews": [{"id": 1,
"updatedAt": "2025-07-01T16:45:55.246Z",
"reviewer": "John Doe",
"reviewDate": "2025-07-01T16:45:55.246Z",
"reportIssueDate": "2025-07-01T16:45:55.246Z",
"socReport": "SOC_1",
"socReportType1": true,
"socReportType2": true,
"socType1StartDate": "2025-07-01T16:45:55.246Z",
"socType1EndDate": "2025-07-01T16:45:55.246Z",
"socType2StartDate": "2025-07-01T16:45:55.246Z",
"socType2EndDate": "2025-07-01T16:45:55.246Z",
"reportOpinion": "UNQUALIFIED",
"encompassBusinessNeeds": true,
"followUpActivity": "User must proceed to...",
"hasMaterialImpact": true,
"cpaFirm": "CPA firm name",
"cpaProcedurePerformed": "The following procedures were performed...",
"subserviceOrganization": "Subservice Inc.",
"subserviceOrganizationUsingInclusiveMethod": true,
"subserviceOrganizationProcedurePerformed": "The following procedures were performed...",
"trustServiceCategories": [{"id": 1,
"category": "AVAILABILITY"
}
],
"userControls": [{"id": 1,
"name": "End User Control 1",
"inPlace": true
}
],
"services": [{"id": 1,
"name": "Service 1"
}
],
"locations": [{"id": 1,
"city": "San Diego",
"stateCountry": "CA"
}
],
"findings": [{"id": 1,
"description": "Finding 1"
}
]
}
],
"sharedAccountId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"isDrataUser": false,
"events": 4,
"impactLevel": "INSIGNIFICANT",
"securityReview": {"id": 1,
"requestedAt": "2019-08-24T14:15:22Z",
"reviewDeadlineAt": "2019-08-24T14:15:22Z",
"decision": "APPROVED",
"note": "string",
"status": "NOT_YET_STARTED",
"type": "SECURITY",
"user": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": null,
"clientType": null,
"state": null,
"connected": null,
"connectedAt": null,
"failedAt": null,
"companyId": null,
"assignmentId": null,
"user": null,
"accountId": null,
"clientId": null,
"clientAlias": null,
"manuallyUpdatedAt": null,
"aliasUpdatedAt": null,
"deletedAt": null,
"requestorId": null,
"product": { },
"writeAccessEnabled": null,
"sourcePreference": null,
"securityLabel": null,
"jqlQuery": null,
"authorized": null,
"workspaces": [ ],
"providerTypes": [ ],
"code": null,
"groupLabel": null
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [null
],
"page": 1,
"limit": 10,
"total": 100
}
]
},
"vendor": {"id": 1,
"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"type": "CONTRACTOR",
"critical": false,
"location": "USA",
"url": "https://acme.com",
"privacyUrl": "https://acme.com",
"termsUrl": "https://acme.com",
"trustCenterUrl": "https://trust.drata.com",
"trustCenterProvider": "DRATA",
"servicesProvided": "Perform security scans once a month",
"dataStored": "Resulting reports of security scans",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"logoUrl": "https://cdn-prod.imgpilot.com/logo.png",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"user": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": null,
"userId": null,
"status": null,
"caseId": null,
"caseInvitationId": null,
"url": null,
"manualCheckDate": null,
"manuallyCheckUrl": null,
"type": null,
"source": null,
"reportData": null,
"user": null,
"outOfScopeReason": null,
"outOfScopeAt": null,
"invitationEmail": null,
"linkedAt": null,
"createdAt": null,
"updatedAt": null
}
],
"identities": [{"id": null,
"identityId": null,
"username": null,
"connectedAt": null,
"disconnectedAt": null,
"hasMfa": null,
"user": null,
"connection": null,
"hasIdp": null,
"secondaryEmail": null,
"firstName": null,
"lastName": null,
"startedAt": null,
"separatedAt": null,
"isContractor": null,
"jobTitle": null,
"managerId": null,
"managerName": null
}
],
"documents": [{"data": [ ],
"page": null,
"limit": null,
"total": null
}
]
},
"documents": [{"id": 1,
"name": "AWS SOC 2 2018",
"fileUrl": "http://localhost:5000/download/vendors/1",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"lastQuestionnaire": {"vendorId": 0,
"sendAt": "string",
"sentEmail": "string",
"file": "string",
"respondedAt": "string",
"responseId": 0,
"isManualUpload": true,
"completedBy": "string"
},
"isSubProcessor": false,
"isSubProcessorActive": false,
"archivedAt": "2025-07-01T16:45:55.246Z",
"status": "ACTIVE",
"renewalDate": "2020-07-06",
"renewalScheduleType": "ONE_YEAR",
"renewalDateStatus": "COMPLETED",
"confirmedAt": "2025-07-01T16:45:55.246Z",
"reviews": [{"id": 1,
"updatedAt": "2025-07-01T16:45:55.246Z",
"reviewer": "John Doe",
"reviewDate": "2025-07-01T16:45:55.246Z",
"reportIssueDate": "2025-07-01T16:45:55.246Z",
"socReport": "SOC_1",
"socReportType1": true,
"socReportType2": true,
"socType1StartDate": "2025-07-01T16:45:55.246Z",
"socType1EndDate": "2025-07-01T16:45:55.246Z",
"socType2StartDate": "2025-07-01T16:45:55.246Z",
"socType2EndDate": "2025-07-01T16:45:55.246Z",
"reportOpinion": "UNQUALIFIED",
"encompassBusinessNeeds": true,
"followUpActivity": "User must proceed to...",
"hasMaterialImpact": true,
"cpaFirm": "CPA firm name",
"cpaProcedurePerformed": "The following procedures were performed...",
"subserviceOrganization": "Subservice Inc.",
"subserviceOrganizationUsingInclusiveMethod": true,
"subserviceOrganizationProcedurePerformed": "The following procedures were performed...",
"trustServiceCategories": [null
],
"userControls": [null
],
"services": [null
],
"locations": [null
],
"findings": [null
]
}
],
"sharedAccountId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"isDrataUser": false,
"events": 4,
"integrations": [{"id": 1,
"name": "Acme"
}
],
"cost": "1088",
"operationalImpact": "CRITICAL",
"environmentAccess": "READ_ONLY",
"impactLevel": "INSIGNIFICANT",
"dataAccessedOrProcessedList": ["string"
],
"latestSecurityReviews": [{"id": 1,
"requestedAt": "2019-08-24T14:15:22Z",
"reviewDeadlineAt": "2019-08-24T14:15:22Z",
"decision": "APPROVED",
"note": "string",
"status": "NOT_YET_STARTED",
"type": "SECURITY",
"user": {"id": null,
"entryId": null,
"email": null,
"firstName": null,
"lastName": null,
"jobTitle": null,
"avatarUrl": null,
"drataTermsAgreedAt": null,
"createdAt": null,
"updatedAt": null,
"roles": [ ],
"backgroundChecks": [ ],
"identities": [ ],
"documents": [ ]
},
"vendor": { },
"requesterUser": {"id": null,
"entryId": null,
"email": null,
"firstName": null,
"lastName": null,
"jobTitle": null,
"avatarUrl": null,
"drataTermsAgreedAt": null,
"createdAt": null,
"updatedAt": null,
"roles": [ ],
"backgroundChecks": [ ],
"identities": [ ],
"documents": [ ]
}
}
],
"riskCount": 0,
"vendorRelationshipContact": {"id": 1,
"email": "[email protected]",
"firstName": "Adam",
"lastName": "Attack",
"createdAt": "2025-01-08T21:18:10.846Z",
"updatedAt": "2025-01-10T23:46:09.000Z"
}
},
"requesterUser": {"id": 1,
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
},
"riskCount": 0
}
],
"page": 1,
"limit": 10,
"total": 100
}

Add a new vendor to the account

Create a new vendor resource in the account

🔒 Requires Vendors: Create Vendor permission.

Securitybearer

Request

Request Body schema: application/json
required

name required	string <= 191 characters The name of the vendor
category	string or null The type of vendor Enum: "ENGINEERING" "PRODUCT" "MARKETING" "CS" "SALES" "FINANCE" "HR" "ADMINISTRATIVE" "SECURITY" "LEGAL" "INFORMATION_TECHNOLOGY" "NONE"
risk	string The level of risk associated with customer data Enum: "NONE" "LOW" "MODERATE" "HIGH"
status	string or null The status of vendor Enum: "PROSPECTIVE" "ACTIVE" "ARCHIVED" "APPROVED" "REJECTED" "FLAGGED" "ON_HOLD" "OFFBOARDED" "UNDER_REVIEW" "NONE"
critical	boolean or null Does this vendor is considered as critical
isSubProcessor	boolean Default: false Indicates whether this vendor is considered a sub-processor
isSubProcessorActive	boolean Default: false Indicates whether this subprocessor is active
userId	number or null <= 1000000000 The user ID of the person responsible for vendor compliance
url	string or null <uri> <= 191 characters Vendor URL
privacyUrl	string or null <uri> <= 191 characters Vendor Privacy Policy URL
termsUrl	string or null <uri> <= 191 characters Vendor Terms of Use URL
servicesProvided	string or null <= 30000 characters Description of the services provided by the vendor
dataStored	string or null <= 30000 characters Description of the type of data the vendor stores
location	string <= 30000 characters Location where the vendor services are provided
hasPii	boolean Default: false Indicates whether this vendor stores any type of Personally Identifiable Information (PII)
passwordPolicy	string or null The vendor password policy Enum: "USERNAME_PASSWORD" "SSO" "LDAP" "NONE" "NOT_APPLICABLE" "SCIM" "OTHER"
passwordRequiresMinLength	boolean Default: false Indicates whether there is a minimum length requirement for password
passwordMinLength	number or null [ 6 .. 12 ] Minimum character length required for a password
passwordRequiresNumber	boolean Default: false Indicates whether a password requires numbers
passwordRequiresSymbol	boolean Default: false Indicates whether a password requires non-alpha-numeric characters
passwordMfaEnabled	boolean Default: false Indicates whether multi-factor authentication is enabled for this vendor
contactAtVendor	string or null <= 191 characters Name of the corresponding account manager for this vendor
contactsEmail	string or null <email> <= 191 characters Email of the corresponding account manager for this vendor
notes	string <= 30000 characters Additional notes for vendor
renewalDate	string or null Vendor renewal date
renewalScheduleType	string or null Vendor renewal schedule type Enum: "ONE_MONTH" "TWO_MONTHS" "THREE_MONTHS" "SIX_MONTHS" "ONE_YEAR" "CUSTOM" "NONE"
confirmed	boolean or null Is all vendor data confirmed?
type	string or null Vendor type identifier Enum: "VENDOR" "SUPPLIER" "CONTRACTOR" "PARTNER" "OTHER" "NONE"
accountId	string <= 36 characters Account Id
operationalImpact	string or null Vendor level of operational impact Enum: "NONE" "LOW" "NORMAL" "IMPORTANT" "CRITICAL"
environmentAccess	string or null Vendor environment access privileges Enum: "NO" "READ_ONLY" "READ_WRITE"
impactLevel	string or null Vendor overall impact level Enum: "INSIGNIFICANT" "MINOR" "MODERATE" "MAJOR" "CRITICAL" "UNSCORED"
dataAccessedOrProcessedList	Array of strings or null unique List of data accessed or processed enum type Enum: "GENERAL" "PUBLIC" "CONTROLLED_UNCLASSIFIED" "FINANCIAL" "PROPRIETARY" "EMPLOYEE_PERSONNEL" "PERSONAL_IDENTIFIABLE_INFORMATION" "PROTECTED_HEALTH_INFORMATION" "OTHER_PERSONAL_OR_SENSITIVE" "CARDHOLDER_DATA"
integrations	Array of numbers unique List of vendor IDs
cost	string or null Annual Contract Value for the vendor in Cents unit
excludeIds	Array of numbers or null Excluded vendor ids.

Responses

201

Created

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

post/vendors

Request samples

application/json

{"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"status": "UNDER_REVIEW",
"critical": false,
"isSubProcessor": false,
"isSubProcessorActive": false,
"userId": 1,
"url": "https://acme.com",
"privacyUrl": "https://acme.com/privacy",
"termsUrl": "https://acme.com/terms",
"servicesProvided": "Perform security scans once a month",
"dataStored": "resulting reports of security scans",
"location": "San Diego",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"renewalDate": "2025-07-01T16:45:55.246Z",
"renewalScheduleType": "ONE_YEAR",
"confirmed": true,
"type": "VENDOR",
"accountId": 36,
"operationalImpact": "IMPORTANT",
"environmentAccess": "READ_ONLY",
"impactLevel": "INSIGNIFICANT",
"dataAccessedOrProcessedList": ["FINANCIAL",
"GENERAL"
],
"integrations": [1,
2,
3
],
"cost": "1088",
"excludeIds": [1,
2
]
}

Response samples

application/json

{"id": 1,
"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"type": "CONTRACTOR",
"critical": false,
"location": "USA",
"url": "https://acme.com",
"privacyUrl": "https://acme.com",
"termsUrl": "https://acme.com",
"trustCenterUrl": "https://trust.drata.com",
"trustCenterProvider": "DRATA",
"servicesProvided": "Perform security scans once a month",
"dataStored": "Resulting reports of security scans",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"logoUrl": "https://cdn-prod.imgpilot.com/logo.png",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"user": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": 1,
"name": "Security Training",
"type": "SEC_TRAINING",
"fileUrl": "http://localhost:5000/download/documents/1",
"renewalDate": "2026-10-27",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
},
"documents": [{"id": 1,
"name": "AWS SOC 2 2018",
"fileUrl": "http://localhost:5000/download/vendors/1",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"lastQuestionnaire": {"vendorId": 0,
"sendAt": "string",
"sentEmail": "string",
"file": "string",
"respondedAt": "string",
"responseId": 0,
"isManualUpload": true,
"completedBy": "string"
},
"isSubProcessor": false,
"isSubProcessorActive": false,
"archivedAt": "2025-07-01T16:45:55.246Z",
"status": "ACTIVE",
"renewalDate": "2020-07-06",
"renewalScheduleType": "ONE_YEAR",
"renewalDateStatus": "COMPLETED",
"confirmedAt": "2025-07-01T16:45:55.246Z",
"reviews": [{"id": 1,
"updatedAt": "2025-07-01T16:45:55.246Z",
"reviewer": "John Doe",
"reviewDate": "2025-07-01T16:45:55.246Z",
"reportIssueDate": "2025-07-01T16:45:55.246Z",
"socReport": "SOC_1",
"socReportType1": true,
"socReportType2": true,
"socType1StartDate": "2025-07-01T16:45:55.246Z",
"socType1EndDate": "2025-07-01T16:45:55.246Z",
"socType2StartDate": "2025-07-01T16:45:55.246Z",
"socType2EndDate": "2025-07-01T16:45:55.246Z",
"reportOpinion": "UNQUALIFIED",
"encompassBusinessNeeds": true,
"followUpActivity": "User must proceed to...",
"hasMaterialImpact": true,
"cpaFirm": "CPA firm name",
"cpaProcedurePerformed": "The following procedures were performed...",
"subserviceOrganization": "Subservice Inc.",
"subserviceOrganizationUsingInclusiveMethod": true,
"subserviceOrganizationProcedurePerformed": "The following procedures were performed...",
"trustServiceCategories": [{"id": 1,
"category": "AVAILABILITY"
}
],
"userControls": [{"id": 1,
"name": "End User Control 1",
"inPlace": true
}
],
"services": [{"id": 1,
"name": "Service 1"
}
],
"locations": [{"id": 1,
"city": "San Diego",
"stateCountry": "CA"
}
],
"findings": [{"id": 1,
"description": "Finding 1"
}
]
}
],
"sharedAccountId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"isDrataUser": false,
"events": 4,
"integrations": [{"id": 1,
"name": "Acme"
}
],
"cost": "1088",
"operationalImpact": "CRITICAL",
"environmentAccess": "READ_ONLY",
"impactLevel": "INSIGNIFICANT",
"dataAccessedOrProcessedList": ["string"
],
"latestSecurityReviews": [{"id": 1,
"requestedAt": "2019-08-24T14:15:22Z",
"reviewDeadlineAt": "2019-08-24T14:15:22Z",
"decision": "APPROVED",
"note": "string",
"status": "NOT_YET_STARTED",
"type": "SECURITY",
"user": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": null,
"name": null,
"type": null,
"fileUrl": null,
"renewalDate": null,
"createdAt": null,
"updatedAt": null
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
},
"vendor": { },
"requesterUser": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": null,
"name": null,
"type": null,
"fileUrl": null,
"renewalDate": null,
"createdAt": null,
"updatedAt": null
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
}
}
],
"riskCount": 0,
"vendorRelationshipContact": {"id": 1,
"email": "[email protected]",
"firstName": "Adam",
"lastName": "Attack",
"createdAt": "2025-01-08T21:18:10.846Z",
"updatedAt": "2025-01-10T23:46:09.000Z"
}
}

Get vendors statistics

Get vendors stats given inclusion and exclusion arrays

🔒 Requires Vendors: Get Vendors Statistics permission.

Securitybearer

Request

query Parameters

includeScopes	Array of strings or null unique Allow list to include stats Enum: "businessUnits" "hasPii" "impactLevel" "isCritical" "subprocessors" "passwordPolicy" "reminder" "risk" "status" "type" Example: includeScopes=reminder&includeScopes=passwordPolicy
excludeScopes	Array of strings or null unique List to exclude stats with less precedence than include list Enum: "businessUnits" "hasPii" "impactLevel" "isCritical" "subprocessors" "passwordPolicy" "reminder" "risk" "status" "type" Example: excludeScopes=businessUnits&excludeScopes=passwordPolicy

Responses

200

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/vendors/stats

Request samples

Response samples

application/json

{"reminder": [{"key": "RENEWAL_DUE",
"amount": 1
},
{"key": "RENEWAL_DUE_SOON",
"amount": 1
}
],
"hasPii": [{"key": "true",
"amount": 1
},
{"key": "false",
"amount": 1
}
],
"businessUnits": [{"key": "ENGINEERING",
"amount": 118
},
{"key": "PRODUCT",
"amount": 2
}
],
"passwordPolicy": [{"key": "USERNAME_PASSWORD",
"amount": 118
},
{"key": "SSO",
"amount": 2
},
{"key": "NONE",
"amount": 2
},
{"key": "LDAP",
"amount": 2
}
],
"status": [{"key": "ACTIVE",
"amount": 118
},
{"key": "UNDER_REVIEW",
"amount": 1
}
],
"isCritical": [{"key": "Yes",
"amount": 10
},
{"key": "No",
"amount": 20
}
],
"isSubProcessor": [{"key": "true",
"amount": 10
},
{"key": "false",
"amount": 20
}
],
"type": [{"key": "CONTRACTOR",
"amount": 1
},
{"key": "NONE",
"amount": 2
},
{"key": "OTHER",
"amount": 3
},
{"key": "PARTNER",
"amount": 4
},
{"key": "SUPPLIER",
"amount": 4
},
{"key": "VENDOR",
"amount": 5
}
],
"risk": [{"key": "HIGH",
"amount": 118
},
{"key": "MODERATE",
"amount": 2
},
{"key": "LOW",
"amount": 2
},
{"key": "NONE",
"amount": 2
}
],
"impactLevel": [{"key": "CRITICAL",
"amount": 7
},
{"key": "MAJOR",
"amount": 12
},
{"key": "MODERATE",
"amount": 1
},
{"key": "MINOR",
"amount": 5
},
{"key": "INSIGNIFICANT",
"amount": 21
},
{"key": "UNSCORED",
"amount": 0
}
]
}

Find vendor by id

Get a vendor

🔒 Requires Vendors: Get Vendor permission.

Securitybearer

Request

path Parameters

required

number

Responses

200

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/vendors/{id}

Request samples

Response samples

application/json

{"id": 1,
"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"type": "CONTRACTOR",
"critical": false,
"location": "USA",
"url": "https://acme.com",
"privacyUrl": "https://acme.com",
"termsUrl": "https://acme.com",
"trustCenterUrl": "https://trust.drata.com",
"trustCenterProvider": "DRATA",
"servicesProvided": "Perform security scans once a month",
"dataStored": "Resulting reports of security scans",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"logoUrl": "https://cdn-prod.imgpilot.com/logo.png",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"user": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": 1,
"name": "Security Training",
"type": "SEC_TRAINING",
"fileUrl": "http://localhost:5000/download/documents/1",
"renewalDate": "2026-10-27",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
},
"documents": [{"id": 1,
"name": "AWS SOC 2 2018",
"fileUrl": "http://localhost:5000/download/vendors/1",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"lastQuestionnaire": {"vendorId": 0,
"sendAt": "string",
"sentEmail": "string",
"file": "string",
"respondedAt": "string",
"responseId": 0,
"isManualUpload": true,
"completedBy": "string"
},
"isSubProcessor": false,
"isSubProcessorActive": false,
"archivedAt": "2025-07-01T16:45:55.246Z",
"status": "ACTIVE",
"renewalDate": "2020-07-06",
"renewalScheduleType": "ONE_YEAR",
"renewalDateStatus": "COMPLETED",
"confirmedAt": "2025-07-01T16:45:55.246Z",
"reviews": [{"id": 1,
"updatedAt": "2025-07-01T16:45:55.246Z",
"reviewer": "John Doe",
"reviewDate": "2025-07-01T16:45:55.246Z",
"reportIssueDate": "2025-07-01T16:45:55.246Z",
"socReport": "SOC_1",
"socReportType1": true,
"socReportType2": true,
"socType1StartDate": "2025-07-01T16:45:55.246Z",
"socType1EndDate": "2025-07-01T16:45:55.246Z",
"socType2StartDate": "2025-07-01T16:45:55.246Z",
"socType2EndDate": "2025-07-01T16:45:55.246Z",
"reportOpinion": "UNQUALIFIED",
"encompassBusinessNeeds": true,
"followUpActivity": "User must proceed to...",
"hasMaterialImpact": true,
"cpaFirm": "CPA firm name",
"cpaProcedurePerformed": "The following procedures were performed...",
"subserviceOrganization": "Subservice Inc.",
"subserviceOrganizationUsingInclusiveMethod": true,
"subserviceOrganizationProcedurePerformed": "The following procedures were performed...",
"trustServiceCategories": [{"id": 1,
"category": "AVAILABILITY"
}
],
"userControls": [{"id": 1,
"name": "End User Control 1",
"inPlace": true
}
],
"services": [{"id": 1,
"name": "Service 1"
}
],
"locations": [{"id": 1,
"city": "San Diego",
"stateCountry": "CA"
}
],
"findings": [{"id": 1,
"description": "Finding 1"
}
]
}
],
"sharedAccountId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"isDrataUser": false,
"events": 4,
"integrations": [{"id": 1,
"name": "Acme"
}
],
"cost": "1088",
"operationalImpact": "CRITICAL",
"environmentAccess": "READ_ONLY",
"impactLevel": "INSIGNIFICANT",
"dataAccessedOrProcessedList": ["string"
],
"latestSecurityReviews": [{"id": 1,
"requestedAt": "2019-08-24T14:15:22Z",
"reviewDeadlineAt": "2019-08-24T14:15:22Z",
"decision": "APPROVED",
"note": "string",
"status": "NOT_YET_STARTED",
"type": "SECURITY",
"user": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": null,
"name": null,
"type": null,
"fileUrl": null,
"renewalDate": null,
"createdAt": null,
"updatedAt": null
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
},
"vendor": { },
"requesterUser": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": null,
"name": null,
"type": null,
"fileUrl": null,
"renewalDate": null,
"createdAt": null,
"updatedAt": null
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
}
}
],
"riskCount": 0,
"vendorRelationshipContact": {"id": 1,
"email": "[email protected]",
"firstName": "Adam",
"lastName": "Attack",
"createdAt": "2025-01-08T21:18:10.846Z",
"updatedAt": "2025-01-10T23:46:09.000Z"
}
}

Update vendor details by id

Update a vendor

🔒 Requires Vendors: Update Vendor permission.

Securitybearer

Request

path Parameters

required

number

Request Body schema: application/json
required

name	string <= 191 characters The name of the vendor
category	string or null The type of vendor Enum: "ENGINEERING" "PRODUCT" "MARKETING" "CS" "SALES" "FINANCE" "HR" "ADMINISTRATIVE" "SECURITY" "LEGAL" "INFORMATION_TECHNOLOGY" "NONE"
risk	string The level of risk associated with customer data Enum: "NONE" "LOW" "MODERATE" "HIGH"
status	string or null The status of vendor Enum: "PROSPECTIVE" "ACTIVE" "ARCHIVED" "APPROVED" "REJECTED" "FLAGGED" "ON_HOLD" "OFFBOARDED" "UNDER_REVIEW" "NONE"
critical	boolean or null Does this vendor is considered as critical
isSubProcessor	boolean Indicates whether this vendor is considered a sub-processor
isSubProcessorActive	boolean Indicates whether this subprocessor is active
userId	number or null <= 1000000000 The user ID of the person responsible for vendor compliance
url	string or null <uri> <= 191 characters Vendor URL
privacyUrl	string or null <uri> <= 191 characters Vendor Privacy Policy URL
termsUrl	string or null <uri> <= 191 characters Vendor Terms of Use URL
servicesProvided	string or null <= 30000 characters Description of the services provided by the vendor
dataStored	string or null <= 30000 characters Description of the type of data the vendor stores
location	string <= 30000 characters Location where the vendor services are provided
hasPii	boolean Indicates whether this vendor stores any type of Personally Identifiable Information (PII)
passwordPolicy	string or null The vendor password policy Enum: "USERNAME_PASSWORD" "SSO" "LDAP" "NONE" "NOT_APPLICABLE" "SCIM" "OTHER"
passwordRequiresMinLength	boolean Indicates whether there is a minimum length requirement for password
passwordMinLength	number or null [ 6 .. 12 ] Minimum character length required for a password
passwordRequiresNumber	boolean Indicates whether a password requires numbers
passwordRequiresSymbol	boolean Indicates whether a password requires non-alpha-numeric characters
passwordMfaEnabled	boolean Indicates whether multi-factor authentication is enabled for this vendor
contactAtVendor	string or null <= 191 characters Name of the corresponding account manager for this vendor
contactsEmail	string or null <email> <= 191 characters Email of the corresponding account manager for this vendor
notes	string <= 30000 characters Additional notes for vendor
renewalDate	string or null Vendor renewal date
renewalScheduleType	string or null Vendor renewal schedule type Enum: "ONE_MONTH" "TWO_MONTHS" "THREE_MONTHS" "SIX_MONTHS" "ONE_YEAR" "CUSTOM" "NONE"
confirmed	boolean or null Is all vendor data confirmed?
type	string or null Vendor type identifier Enum: "VENDOR" "SUPPLIER" "CONTRACTOR" "PARTNER" "OTHER" "NONE"
accountId	string <= 36 characters Account Id
operationalImpact	string or null Vendor level of operational impact Enum: "NONE" "LOW" "NORMAL" "IMPORTANT" "CRITICAL"
environmentAccess	string or null Vendor environment access privileges Enum: "NO" "READ_ONLY" "READ_WRITE"
impactLevel	string or null Vendor overall impact level Enum: "INSIGNIFICANT" "MINOR" "MODERATE" "MAJOR" "CRITICAL" "UNSCORED"
dataAccessedOrProcessedList	Array of strings or null unique List of data accessed or processed enum type Enum: "GENERAL" "PUBLIC" "CONTROLLED_UNCLASSIFIED" "FINANCIAL" "PROPRIETARY" "EMPLOYEE_PERSONNEL" "PERSONAL_IDENTIFIABLE_INFORMATION" "PROTECTED_HEALTH_INFORMATION" "OTHER_PERSONAL_OR_SENSITIVE" "CARDHOLDER_DATA"
integrations	Array of numbers unique List of vendor IDs
cost	string or null Annual Contract Value for the vendor in Cents unit
excludeIds	Array of numbers or null Excluded vendor ids.

Responses

200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

put/vendors/{id}

Request samples

application/json

{"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"status": "UNDER_REVIEW",
"critical": false,
"isSubProcessor": false,
"isSubProcessorActive": false,
"userId": 1,
"url": "https://acme.com",
"privacyUrl": "https://acme.com/privacy",
"termsUrl": "https://acme.com/terms",
"servicesProvided": "Perform security scans once a month",
"dataStored": "resulting reports of security scans",
"location": "San Diego",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"renewalDate": "2025-07-01T16:45:55.246Z",
"renewalScheduleType": "ONE_YEAR",
"confirmed": true,
"type": "VENDOR",
"accountId": 36,
"operationalImpact": "IMPORTANT",
"environmentAccess": "READ_ONLY",
"impactLevel": "INSIGNIFICANT",
"dataAccessedOrProcessedList": ["FINANCIAL",
"GENERAL"
],
"integrations": [1,
2,
3
],
"cost": "1088",
"excludeIds": [1,
2
]
}

Response samples

application/json

{"id": 1,
"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"type": "CONTRACTOR",
"critical": false,
"location": "USA",
"url": "https://acme.com",
"privacyUrl": "https://acme.com",
"termsUrl": "https://acme.com",
"trustCenterUrl": "https://trust.drata.com",
"trustCenterProvider": "DRATA",
"servicesProvided": "Perform security scans once a month",
"dataStored": "Resulting reports of security scans",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"logoUrl": "https://cdn-prod.imgpilot.com/logo.png",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"user": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": 1,
"name": "Security Training",
"type": "SEC_TRAINING",
"fileUrl": "http://localhost:5000/download/documents/1",
"renewalDate": "2026-10-27",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
},
"documents": [{"id": 1,
"name": "AWS SOC 2 2018",
"fileUrl": "http://localhost:5000/download/vendors/1",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"lastQuestionnaire": {"vendorId": 0,
"sendAt": "string",
"sentEmail": "string",
"file": "string",
"respondedAt": "string",
"responseId": 0,
"isManualUpload": true,
"completedBy": "string"
},
"isSubProcessor": false,
"isSubProcessorActive": false,
"archivedAt": "2025-07-01T16:45:55.246Z",
"status": "ACTIVE",
"renewalDate": "2020-07-06",
"renewalScheduleType": "ONE_YEAR",
"renewalDateStatus": "COMPLETED",
"confirmedAt": "2025-07-01T16:45:55.246Z",
"reviews": [{"id": 1,
"updatedAt": "2025-07-01T16:45:55.246Z",
"reviewer": "John Doe",
"reviewDate": "2025-07-01T16:45:55.246Z",
"reportIssueDate": "2025-07-01T16:45:55.246Z",
"socReport": "SOC_1",
"socReportType1": true,
"socReportType2": true,
"socType1StartDate": "2025-07-01T16:45:55.246Z",
"socType1EndDate": "2025-07-01T16:45:55.246Z",
"socType2StartDate": "2025-07-01T16:45:55.246Z",
"socType2EndDate": "2025-07-01T16:45:55.246Z",
"reportOpinion": "UNQUALIFIED",
"encompassBusinessNeeds": true,
"followUpActivity": "User must proceed to...",
"hasMaterialImpact": true,
"cpaFirm": "CPA firm name",
"cpaProcedurePerformed": "The following procedures were performed...",
"subserviceOrganization": "Subservice Inc.",
"subserviceOrganizationUsingInclusiveMethod": true,
"subserviceOrganizationProcedurePerformed": "The following procedures were performed...",
"trustServiceCategories": [{"id": 1,
"category": "AVAILABILITY"
}
],
"userControls": [{"id": 1,
"name": "End User Control 1",
"inPlace": true
}
],
"services": [{"id": 1,
"name": "Service 1"
}
],
"locations": [{"id": 1,
"city": "San Diego",
"stateCountry": "CA"
}
],
"findings": [{"id": 1,
"description": "Finding 1"
}
]
}
],
"sharedAccountId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"isDrataUser": false,
"events": 4,
"integrations": [{"id": 1,
"name": "Acme"
}
],
"cost": "1088",
"operationalImpact": "CRITICAL",
"environmentAccess": "READ_ONLY",
"impactLevel": "INSIGNIFICANT",
"dataAccessedOrProcessedList": ["string"
],
"latestSecurityReviews": [{"id": 1,
"requestedAt": "2019-08-24T14:15:22Z",
"reviewDeadlineAt": "2019-08-24T14:15:22Z",
"decision": "APPROVED",
"note": "string",
"status": "NOT_YET_STARTED",
"type": "SECURITY",
"user": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": null,
"name": null,
"type": null,
"fileUrl": null,
"renewalDate": null,
"createdAt": null,
"updatedAt": null
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
},
"vendor": { },
"requesterUser": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": null,
"name": null,
"type": null,
"fileUrl": null,
"renewalDate": null,
"createdAt": null,
"updatedAt": null
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
}
}
],
"riskCount": 0,
"vendorRelationshipContact": {"id": 1,
"email": "[email protected]",
"firstName": "Adam",
"lastName": "Attack",
"createdAt": "2025-01-08T21:18:10.846Z",
"updatedAt": "2025-01-10T23:46:09.000Z"
}
}

Remove a vendor by id

Delete a vendor

🔒 Requires Vendors: Delete Vendor permission.

Securitybearer

Request

path Parameters

required

number

Responses

200

Successful

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

delete/vendors/{id}

Request samples

Response samples

application/json

{"statusCode": 0,
"message": "string",
"code": 0,
"debugInfo": {"name": "string",
"message": "string",
"stack": "string"
}
}

Upload document by vendor id

Upload vendor documents

🔒 Requires Vendors: Upload Vendor Report permission.

Securitybearer

Request

path Parameters

required

number

Request Body schema: multipart/form-data
required

type	string or null Vendor document type Enum: "COMPLIANCE_REPORT" "COMPLIANCE_REPORT_REVIEW" "BRIDGE_LETTER" "UPLOADED_COMPLIANCE_REPORT_REVIEW" "QUESTIONNAIRE_ATTACHMENT" "SOC_DOCUMENT"
file required	string <binary> Accepted file extensions: .pdf, .docx, .odt, .xlsx, .ods, .pptx, .odp, .gif, .jpeg, .jpg, .pngMIME type must match the file extension.
securityReviewId	number or null Security review id, when set this will attach the document to this security review.

Responses

201

Created

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

412

You must accept the Drata terms and conditions to use the API

413

The file was too large to upload

500

Internal server error

503

Third party system was unavailable

post/vendors/{id}/documents

Request samples

Response samples

application/json

{"data": [{"id": 1,
"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"type": "CONTRACTOR",
"critical": false,
"location": "USA",
"url": "https://acme.com",
"privacyUrl": "https://acme.com",
"termsUrl": "https://acme.com",
"trustCenterUrl": "https://trust.drata.com",
"trustCenterProvider": "DRATA",
"servicesProvided": "Perform security scans once a month",
"dataStored": "Resulting reports of security scans",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"logoUrl": "https://cdn-prod.imgpilot.com/logo.png",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"user": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": null,
"name": null,
"type": null,
"fileUrl": null,
"renewalDate": null,
"createdAt": null,
"updatedAt": null
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
},
"vendorRelationshipContact": {"id": 1,
"email": "[email protected]",
"firstName": "Adam",
"lastName": "Attack",
"createdAt": "2025-01-08T21:18:10.846Z",
"updatedAt": "2025-01-10T23:46:09.000Z"
},
"documents": [{"id": 1,
"name": "AWS SOC 2 2018",
"fileUrl": "http://localhost:5000/download/vendors/1",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"lastQuestionnaire": {"vendorId": 0,
"sendAt": "string",
"sentEmail": "string",
"file": "string",
"respondedAt": "string",
"responseId": 0,
"isManualUpload": true,
"completedBy": "string"
},
"isSubProcessor": false,
"isSubProcessorActive": false,
"archivedAt": "2025-07-01T16:45:55.246Z",
"status": "ACTIVE",
"renewalDate": "2020-07-06",
"renewalScheduleType": "ONE_YEAR",
"renewalDateStatus": "COMPLETED",
"confirmedAt": "2025-07-01T16:45:55.246Z",
"reviews": [{"id": 1,
"updatedAt": "2025-07-01T16:45:55.246Z",
"reviewer": "John Doe",
"reviewDate": "2025-07-01T16:45:55.246Z",
"reportIssueDate": "2025-07-01T16:45:55.246Z",
"socReport": "SOC_1",
"socReportType1": true,
"socReportType2": true,
"socType1StartDate": "2025-07-01T16:45:55.246Z",
"socType1EndDate": "2025-07-01T16:45:55.246Z",
"socType2StartDate": "2025-07-01T16:45:55.246Z",
"socType2EndDate": "2025-07-01T16:45:55.246Z",
"reportOpinion": "UNQUALIFIED",
"encompassBusinessNeeds": true,
"followUpActivity": "User must proceed to...",
"hasMaterialImpact": true,
"cpaFirm": "CPA firm name",
"cpaProcedurePerformed": "The following procedures were performed...",
"subserviceOrganization": "Subservice Inc.",
"subserviceOrganizationUsingInclusiveMethod": true,
"subserviceOrganizationProcedurePerformed": "The following procedures were performed...",
"trustServiceCategories": [{"id": 1,
"category": "AVAILABILITY"
}
],
"userControls": [{"id": 1,
"name": "End User Control 1",
"inPlace": true
}
],
"services": [{"id": 1,
"name": "Service 1"
}
],
"locations": [{"id": 1,
"city": "San Diego",
"stateCountry": "CA"
}
],
"findings": [{"id": 1,
"description": "Finding 1"
}
]
}
],
"sharedAccountId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"isDrataUser": false,
"events": 4,
"impactLevel": "INSIGNIFICANT",
"securityReview": {"id": 1,
"requestedAt": "2019-08-24T14:15:22Z",
"reviewDeadlineAt": "2019-08-24T14:15:22Z",
"decision": "APPROVED",
"note": "string",
"status": "NOT_YET_STARTED",
"type": "SECURITY",
"user": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": null,
"clientType": null,
"state": null,
"connected": null,
"connectedAt": null,
"failedAt": null,
"companyId": null,
"assignmentId": null,
"user": null,
"accountId": null,
"clientId": null,
"clientAlias": null,
"manuallyUpdatedAt": null,
"aliasUpdatedAt": null,
"deletedAt": null,
"requestorId": null,
"product": { },
"writeAccessEnabled": null,
"sourcePreference": null,
"securityLabel": null,
"jqlQuery": null,
"authorized": null,
"workspaces": [ ],
"providerTypes": [ ],
"code": null,
"groupLabel": null
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [null
],
"page": 1,
"limit": 10,
"total": 100
}
]
},
"vendor": {"id": 1,
"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"type": "CONTRACTOR",
"critical": false,
"location": "USA",
"url": "https://acme.com",
"privacyUrl": "https://acme.com",
"termsUrl": "https://acme.com",
"trustCenterUrl": "https://trust.drata.com",
"trustCenterProvider": "DRATA",
"servicesProvided": "Perform security scans once a month",
"dataStored": "Resulting reports of security scans",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"logoUrl": "https://cdn-prod.imgpilot.com/logo.png",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"user": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": null,
"userId": null,
"status": null,
"caseId": null,
"caseInvitationId": null,
"url": null,
"manualCheckDate": null,
"manuallyCheckUrl": null,
"type": null,
"source": null,
"reportData": null,
"user": null,
"outOfScopeReason": null,
"outOfScopeAt": null,
"invitationEmail": null,
"linkedAt": null,
"createdAt": null,
"updatedAt": null
}
],
"identities": [{"id": null,
"identityId": null,
"username": null,
"connectedAt": null,
"disconnectedAt": null,
"hasMfa": null,
"user": null,
"connection": null,
"hasIdp": null,
"secondaryEmail": null,
"firstName": null,
"lastName": null,
"startedAt": null,
"separatedAt": null,
"isContractor": null,
"jobTitle": null,
"managerId": null,
"managerName": null
}
],
"documents": [{"data": [ ],
"page": null,
"limit": null,
"total": null
}
]
},
"documents": [{"id": 1,
"name": "AWS SOC 2 2018",
"fileUrl": "http://localhost:5000/download/vendors/1",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"lastQuestionnaire": {"vendorId": 0,
"sendAt": "string",
"sentEmail": "string",
"file": "string",
"respondedAt": "string",
"responseId": 0,
"isManualUpload": true,
"completedBy": "string"
},
"isSubProcessor": false,
"isSubProcessorActive": false,
"archivedAt": "2025-07-01T16:45:55.246Z",
"status": "ACTIVE",
"renewalDate": "2020-07-06",
"renewalScheduleType": "ONE_YEAR",
"renewalDateStatus": "COMPLETED",
"confirmedAt": "2025-07-01T16:45:55.246Z",
"reviews": [{"id": 1,
"updatedAt": "2025-07-01T16:45:55.246Z",
"reviewer": "John Doe",
"reviewDate": "2025-07-01T16:45:55.246Z",
"reportIssueDate": "2025-07-01T16:45:55.246Z",
"socReport": "SOC_1",
"socReportType1": true,
"socReportType2": true,
"socType1StartDate": "2025-07-01T16:45:55.246Z",
"socType1EndDate": "2025-07-01T16:45:55.246Z",
"socType2StartDate": "2025-07-01T16:45:55.246Z",
"socType2EndDate": "2025-07-01T16:45:55.246Z",
"reportOpinion": "UNQUALIFIED",
"encompassBusinessNeeds": true,
"followUpActivity": "User must proceed to...",
"hasMaterialImpact": true,
"cpaFirm": "CPA firm name",
"cpaProcedurePerformed": "The following procedures were performed...",
"subserviceOrganization": "Subservice Inc.",
"subserviceOrganizationUsingInclusiveMethod": true,
"subserviceOrganizationProcedurePerformed": "The following procedures were performed...",
"trustServiceCategories": [null
],
"userControls": [null
],
"services": [null
],
"locations": [null
],
"findings": [null
]
}
],
"sharedAccountId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"isDrataUser": false,
"events": 4,
"integrations": [{"id": 1,
"name": "Acme"
}
],
"cost": "1088",
"operationalImpact": "CRITICAL",
"environmentAccess": "READ_ONLY",
"impactLevel": "INSIGNIFICANT",
"dataAccessedOrProcessedList": ["string"
],
"latestSecurityReviews": [{"id": 1,
"requestedAt": "2019-08-24T14:15:22Z",
"reviewDeadlineAt": "2019-08-24T14:15:22Z",
"decision": "APPROVED",
"note": "string",
"status": "NOT_YET_STARTED",
"type": "SECURITY",
"user": {"id": null,
"entryId": null,
"email": null,
"firstName": null,
"lastName": null,
"jobTitle": null,
"avatarUrl": null,
"drataTermsAgreedAt": null,
"createdAt": null,
"updatedAt": null,
"roles": [ ],
"backgroundChecks": [ ],
"identities": [ ],
"documents": [ ]
},
"vendor": { },
"requesterUser": {"id": null,
"entryId": null,
"email": null,
"firstName": null,
"lastName": null,
"jobTitle": null,
"avatarUrl": null,
"drataTermsAgreedAt": null,
"createdAt": null,
"updatedAt": null,
"roles": [ ],
"backgroundChecks": [ ],
"identities": [ ],
"documents": [ ]
}
}
],
"riskCount": 0,
"vendorRelationshipContact": {"id": 1,
"email": "[email protected]",
"firstName": "Adam",
"lastName": "Attack",
"createdAt": "2025-01-08T21:18:10.846Z",
"updatedAt": "2025-01-10T23:46:09.000Z"
}
},
"requesterUser": {"id": 1,
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
},
"riskCount": 0
}
],
"page": 1,
"limit": 10,
"total": 100
}

Update vendor status

Update vendor status to archive or activate a vendor

🔒 Requires Vendors: Update Vendor's Status permission.

Securitybearer

Request

path Parameters

required

number

Request Body schema: application/json
required

vendorStatus

required

string

Status to update the targeted vendor

Enum: "PROSPECTIVE" "ACTIVE" "ARCHIVED" "APPROVED" "REJECTED" "FLAGGED" "ON_HOLD" "OFFBOARDED" "UNDER_REVIEW" "NONE"

Responses

200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

put/vendors/{id}/status

Request samples

application/json

{"vendorStatus": "ARCHIVED"
}

Response samples

application/json

{"id": 1,
"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"type": "CONTRACTOR",
"critical": false,
"location": "USA",
"url": "https://acme.com",
"privacyUrl": "https://acme.com",
"termsUrl": "https://acme.com",
"trustCenterUrl": "https://trust.drata.com",
"trustCenterProvider": "DRATA",
"servicesProvided": "Perform security scans once a month",
"dataStored": "Resulting reports of security scans",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"logoUrl": "https://cdn-prod.imgpilot.com/logo.png",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"user": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": 1,
"name": "Security Training",
"type": "SEC_TRAINING",
"fileUrl": "http://localhost:5000/download/documents/1",
"renewalDate": "2026-10-27",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
},
"documents": [{"id": 1,
"name": "AWS SOC 2 2018",
"fileUrl": "http://localhost:5000/download/vendors/1",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"lastQuestionnaire": {"vendorId": 0,
"sendAt": "string",
"sentEmail": "string",
"file": "string",
"respondedAt": "string",
"responseId": 0,
"isManualUpload": true,
"completedBy": "string"
},
"isSubProcessor": false,
"isSubProcessorActive": false,
"archivedAt": "2025-07-01T16:45:55.246Z",
"status": "ACTIVE",
"renewalDate": "2020-07-06",
"renewalScheduleType": "ONE_YEAR",
"renewalDateStatus": "COMPLETED",
"confirmedAt": "2025-07-01T16:45:55.246Z",
"reviews": [{"id": 1,
"updatedAt": "2025-07-01T16:45:55.246Z",
"reviewer": "John Doe",
"reviewDate": "2025-07-01T16:45:55.246Z",
"reportIssueDate": "2025-07-01T16:45:55.246Z",
"socReport": "SOC_1",
"socReportType1": true,
"socReportType2": true,
"socType1StartDate": "2025-07-01T16:45:55.246Z",
"socType1EndDate": "2025-07-01T16:45:55.246Z",
"socType2StartDate": "2025-07-01T16:45:55.246Z",
"socType2EndDate": "2025-07-01T16:45:55.246Z",
"reportOpinion": "UNQUALIFIED",
"encompassBusinessNeeds": true,
"followUpActivity": "User must proceed to...",
"hasMaterialImpact": true,
"cpaFirm": "CPA firm name",
"cpaProcedurePerformed": "The following procedures were performed...",
"subserviceOrganization": "Subservice Inc.",
"subserviceOrganizationUsingInclusiveMethod": true,
"subserviceOrganizationProcedurePerformed": "The following procedures were performed...",
"trustServiceCategories": [{"id": 1,
"category": "AVAILABILITY"
}
],
"userControls": [{"id": 1,
"name": "End User Control 1",
"inPlace": true
}
],
"services": [{"id": 1,
"name": "Service 1"
}
],
"locations": [{"id": 1,
"city": "San Diego",
"stateCountry": "CA"
}
],
"findings": [{"id": 1,
"description": "Finding 1"
}
]
}
],
"sharedAccountId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"isDrataUser": false,
"events": 4,
"integrations": [{"id": 1,
"name": "Acme"
}
],
"cost": "1088",
"operationalImpact": "CRITICAL",
"environmentAccess": "READ_ONLY",
"impactLevel": "INSIGNIFICANT",
"dataAccessedOrProcessedList": ["string"
],
"latestSecurityReviews": [{"id": 1,
"requestedAt": "2019-08-24T14:15:22Z",
"reviewDeadlineAt": "2019-08-24T14:15:22Z",
"decision": "APPROVED",
"note": "string",
"status": "NOT_YET_STARTED",
"type": "SECURITY",
"user": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": null,
"name": null,
"type": null,
"fileUrl": null,
"renewalDate": null,
"createdAt": null,
"updatedAt": null
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
},
"vendor": { },
"requesterUser": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": null,
"name": null,
"type": null,
"fileUrl": null,
"renewalDate": null,
"createdAt": null,
"updatedAt": null
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
}
}
],
"riskCount": 0,
"vendorRelationshipContact": {"id": 1,
"email": "[email protected]",
"firstName": "Adam",
"lastName": "Attack",
"createdAt": "2025-01-08T21:18:10.846Z",
"updatedAt": "2025-01-10T23:46:09.000Z"
}
}

Find vendor questionnaires by vendor id, page and limit

List vendor questionnaires by vendor id

🔒 Requires Vendors: List Vendor Questionnaire permission.

Securitybearer

Request

path Parameters

required

number

query Parameters

page	number >= 1 Default: 1 Which page of data are you requesting
limit	number [ 1 .. 50 ] Default: 20 How many items are you requesting

Responses

200

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/vendors/{id}/questionnaires

Request samples

Response samples

application/json

{"data": [{"id": 1,
"completedBy": "Acme",
"recipientEmail": "[email protected]",
"isCompleted": "true",
"dateSent": "2025-07-01T16:45:55.246Z",
"isManualUpload": "true",
"responseId": 1,
"title": "Vendor Questionnaire"
}
],
"page": 1,
"limit": 10,
"total": 100
}

Add a questionnaire to vendor by recipient email

Send questionnaire to recipient email

🔒 Requires Vendors: Send Questionnaire to Vendor permission.

Securitybearer

Request

path Parameters

required

number

Request Body schema: application/json
required

email required	string <email> <= 191 characters The email address to receive the questionnaire
questionnaireId required	number Vendor questionnaire ID
emailContent required	string <= 768 characters The email content for the vendor
securityReviewId required	number Security Review ID

Responses

201

Created

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

post/vendors/{id}/questionnaires

Request samples

application/json

{"email": "[email protected]",
"questionnaireId": 1,
"emailContent": "Hi,\n\nWe'd like to conduct a security review and would like some information from you. Use this link to complete the questionnaire.\n\nThank you.",
"securityReviewId": 1
}

Response samples

application/json

{"data": [{"id": 1,
"completedBy": "Acme",
"recipientEmail": "[email protected]",
"isCompleted": "true",
"dateSent": "2025-07-01T16:45:55.246Z",
"isManualUpload": "true",
"responseId": 1,
"title": "Vendor Questionnaire"
}
],
"page": 1,
"limit": 10,
"total": 100
}

Upload security questionnaire by vendor id

Upload security questionnaire

🔒 Requires Vendors: Upload Security Questionnaire permission.

Securitybearer

Request

path Parameters

required

number

Request Body schema: multipart/form-data
required

files required	Array of strings <binary> Accepted file extensions: .pdf, .docx, .odt, .xlsx, .ods, .pptx, .odp, .gif, .jpeg, .jpg, .png
securityReviewId	number or null Security review id, when set this will attach the questionnaire to this security review.

Responses

201

Created

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

post/vendors/{id}/questionnaires/manual

Request samples

Response samples

application/json

{"id": 1,
"completedBy": "Acme",
"recipientEmail": "[email protected]",
"isCompleted": "true",
"dateSent": "2025-07-01T16:45:55.246Z",
"isManualUpload": "true",
"responseId": 1,
"title": "Vendor Questionnaire"
}

Save a vendor's security review

Create a new vendor's security review

🔒 Requires Vendors: Create Security Review permission.

Securitybearer

Request

path Parameters

vendorId

required

number

Request Body schema: application/json
required

title	string or null <= 191 characters Vendor security review title
reviewDeadlineAt required	string <date-time> Vendor security review deadline date
requestedAt	string <date-time> Vendor security requested date
securityReviewStatus required	string The status for the security review Enum: "NOT_YET_STARTED" "IN_PROGRESS" "COMPLETED" "NOT_REQUIRED"
securityReviewType required	string The type for the security review Enum: "SECURITY" "SOC_REPORT" "UPLOAD_REPORT"
requesterUserId	number <= 1000000000 The user ID of the person that requested the security review

Responses

201

Created

400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

post/vendors/{vendorId}/security-reviews

Request samples

application/json

{"title": "Security review title",
"reviewDeadlineAt": "2025-07-01T16:45:55.246Z",
"requestedAt": "2025-07-01T16:45:55.246Z",
"securityReviewStatus": "NOT_YET_STARTED",
"securityReviewType": "SECURITY",
"requesterUserId": 1
}

Response samples

application/json

{"id": 1,
"requestedAt": "2019-08-24T14:15:22Z",
"reviewDeadlineAt": "2019-08-24T14:15:22Z",
"decision": "APPROVED",
"note": "string",
"status": "NOT_YET_STARTED",
"type": "SECURITY",
"user": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": 1,
"name": "Security Training",
"type": "SEC_TRAINING",
"fileUrl": "http://localhost:5000/download/documents/1",
"renewalDate": "2026-10-27",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
},
"vendor": {"id": 1,
"name": "Acme",
"category": "ENGINEERING",
"risk": "MODERATE",
"type": "CONTRACTOR",
"critical": false,
"location": "USA",
"url": "https://acme.com",
"privacyUrl": "https://acme.com",
"termsUrl": "https://acme.com",
"trustCenterUrl": "https://trust.drata.com",
"trustCenterProvider": "DRATA",
"servicesProvided": "Perform security scans once a month",
"dataStored": "Resulting reports of security scans",
"hasPii": true,
"passwordPolicy": "USERNAME_PASSWORD",
"passwordRequiresMinLength": true,
"passwordMinLength": 8,
"passwordRequiresNumber": true,
"passwordRequiresSymbol": true,
"passwordMfaEnabled": true,
"contactAtVendor": "John Doe",
"contactsEmail": "[email protected]",
"notes": "Meeting once a month to adjust contract",
"logoUrl": "https://cdn-prod.imgpilot.com/logo.png",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"user": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": 1,
"name": "Security Training",
"type": "SEC_TRAINING",
"fileUrl": "http://localhost:5000/download/documents/1",
"renewalDate": "2026-10-27",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
},
"documents": [{"id": 1,
"name": "AWS SOC 2 2018",
"fileUrl": "http://localhost:5000/download/vendors/1",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"lastQuestionnaire": {"vendorId": 0,
"sendAt": "string",
"sentEmail": "string",
"file": "string",
"respondedAt": "string",
"responseId": 0,
"isManualUpload": true,
"completedBy": "string"
},
"isSubProcessor": false,
"isSubProcessorActive": false,
"archivedAt": "2025-07-01T16:45:55.246Z",
"status": "ACTIVE",
"renewalDate": "2020-07-06",
"renewalScheduleType": "ONE_YEAR",
"renewalDateStatus": "COMPLETED",
"confirmedAt": "2025-07-01T16:45:55.246Z",
"reviews": [{"id": 1,
"updatedAt": "2025-07-01T16:45:55.246Z",
"reviewer": "John Doe",
"reviewDate": "2025-07-01T16:45:55.246Z",
"reportIssueDate": "2025-07-01T16:45:55.246Z",
"socReport": "SOC_1",
"socReportType1": true,
"socReportType2": true,
"socType1StartDate": "2025-07-01T16:45:55.246Z",
"socType1EndDate": "2025-07-01T16:45:55.246Z",
"socType2StartDate": "2025-07-01T16:45:55.246Z",
"socType2EndDate": "2025-07-01T16:45:55.246Z",
"reportOpinion": "UNQUALIFIED",
"encompassBusinessNeeds": true,
"followUpActivity": "User must proceed to...",
"hasMaterialImpact": true,
"cpaFirm": "CPA firm name",
"cpaProcedurePerformed": "The following procedures were performed...",
"subserviceOrganization": "Subservice Inc.",
"subserviceOrganizationUsingInclusiveMethod": true,
"subserviceOrganizationProcedurePerformed": "The following procedures were performed...",
"trustServiceCategories": [{"id": 1,
"category": "AVAILABILITY"
}
],
"userControls": [{"id": 1,
"name": "End User Control 1",
"inPlace": true
}
],
"services": [{"id": 1,
"name": "Service 1"
}
],
"locations": [{"id": 1,
"city": "San Diego",
"stateCountry": "CA"
}
],
"findings": [{"id": 1,
"description": "Finding 1"
}
]
}
],
"sharedAccountId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"isDrataUser": false,
"events": 4,
"integrations": [{"id": 1,
"name": "Acme"
}
],
"cost": "1088",
"operationalImpact": "CRITICAL",
"environmentAccess": "READ_ONLY",
"impactLevel": "INSIGNIFICANT",
"dataAccessedOrProcessedList": ["string"
],
"latestSecurityReviews": [{ }
],
"riskCount": 0,
"vendorRelationshipContact": {"id": 1,
"email": "[email protected]",
"firstName": "Adam",
"lastName": "Attack",
"createdAt": "2025-01-08T21:18:10.846Z",
"updatedAt": "2025-01-10T23:46:09.000Z"
}
},
"requesterUser": {"id": 1,
"entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"email": "[email protected]",
"firstName": "Sally",
"lastName": "Smith",
"jobTitle": "CEO",
"avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
"drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z",
"roles": ["ROLE",
"ANOTHER_ROLE"
],
"backgroundChecks": [{"id": 1,
"userId": 1,
"status": "OK",
"caseId": "abc123",
"caseInvitationId": "abc123",
"url": "https://app-stage.karmacheck.com/background_check/aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
"manualCheckDate": "2020-07-06",
"manuallyCheckUrl": "url.com",
"type": "CERTN",
"source": "DRATA",
"reportData": "string",
"user": { },
"outOfScopeReason": "abc123",
"outOfScopeAt": "2025-07-01T16:45:55.246Z",
"invitationEmail": "[email protected]",
"linkedAt": "2025-07-01T16:45:55.246Z",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"identities": [{"id": 1,
"identityId": "1a2b3c",
"username": "Username",
"connectedAt": "2025-07-01T16:45:55.246Z",
"disconnectedAt": "2025-07-01T16:45:55.246Z",
"hasMfa": true,
"user": { },
"connection": {"id": "1",
"clientType": "GOOGLE",
"state": "ACTIVE",
"connected": false,
"connectedAt": "2025-07-01T16:45:55.246Z",
"failedAt": "2025-07-01T16:45:55.246Z",
"companyId": "12341234",
"assignmentId": "FLk12AsS",
"user": { },
"accountId": "string",
"clientId": "abc123",
"clientAlias": "My-connection-alias-1",
"manuallyUpdatedAt": "2025-07-01T16:45:55.246Z",
"aliasUpdatedAt": "2025-07-01T16:45:55.246Z",
"deletedAt": "2025-07-01T16:45:55.246Z",
"requestorId": "328d3016-71f3-4485-af20-06ce8044da18",
"product": { },
"writeAccessEnabled": false,
"sourcePreference": "LABEL",
"securityLabel": "Jira Security Label",
"jqlQuery": "project = IT AND type = \"Offboarding\"",
"authorized": true,
"workspaces": [{"id": 1,
"name": "Drata",
"description": "Platform to track SOC 2 compliance within the organization",
"howItWorks": null,
"url": "https://app.drata.com",
"logo": "https://cdn.drata.com/icon/icon_fwhite_bblue_256.png",
"primary": true
}
],
"providerTypes": [5
],
"code": 10010,
"groupLabel": "Everyone"
},
"hasIdp": true,
"secondaryEmail": "[email protected]",
"firstName": "John",
"lastName": "Doe",
"startedAt": "2025-07-01T16:45:55.246Z",
"separatedAt": "2025-07-01T16:45:55.246Z",
"isContractor": true,
"jobTitle": "Engineer",
"managerId": "x00jk12-2312",
"managerName": "string"
}
],
"documents": [{"data": [{"id": 1,
"name": "Security Training",
"type": "SEC_TRAINING",
"fileUrl": "http://localhost:5000/download/documents/1",
"renewalDate": "2026-10-27",
"createdAt": "2025-07-01T16:45:55.246Z",
"updatedAt": "2025-07-01T16:45:55.246Z"
}
],
"page": 1,
"limit": 10,
"total": 100
}
]
}
}

Vendors

Find vendors by search terms and filters

query Parameters

Add a new vendor to the account

Request Body schema: application/jsonrequired

Get vendors statistics

query Parameters

Find vendor by id

path Parameters

Update vendor details by id

path Parameters

Request Body schema: application/jsonrequired

Remove a vendor by id

path Parameters

Upload document by vendor id

path Parameters

Request Body schema: multipart/form-datarequired

Update vendor status

path Parameters

Request Body schema: application/jsonrequired

Find vendor questionnaires by vendor id, page and limit

path Parameters

query Parameters

Add a questionnaire to vendor by recipient email

path Parameters

Request Body schema: application/jsonrequired

Upload security questionnaire by vendor id

path Parameters

Request Body schema: multipart/form-datarequired

Save a vendor's security review

path Parameters

Request Body schema: application/jsonrequired

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: multipart/form-data
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: multipart/form-data
required

Request Body schema: application/json
required