Vendor Security Reviews

Vendor Security Reviews track the status of security reviews for Vendors. You can create a security review, upload questionnaires, and track the progress of the review. The help docs have more information.

Create Vendor Security Review

Create a new Security Review for a given Vendor.

๐Ÿ”’ Requires Vendors: Create Security Review permission.

Securitybearer
Request
path Parameters
vendorId
required
number
Request Body schema: application/json
required
reviewDeadlineAt
required
string <date-time>

Vendor Security Review deadline date

securityReviewStatus
required
string

The status of the Security Review

Enum: "NOT_YET_STARTED" "IN_PROGRESS" "COMPLETED" "NOT_REQUIRED"
securityReviewType
required
string

The type of the Security Review

Enum: "SECURITY" "SOC_REPORT" "UPLOAD_REPORT"
requestedAt
string <date-time>

Vendor Security Review requested date

note
string or null <= 1000 characters

Vendor Security Review note

requesterUserId
number or null <= 1000000000

Optional. The user ID of the person that requested the Security Review. If not provided, defaults to: (1) the vendor's security owner if assigned and active, or (2) the platform admin user.

title
string or null <= 191 characters

Vendor Security Review title

Responses
201

Created

400

Malformed data and/or validation errors

401

Invalid Authorization

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

post/vendors/{vendorId}/security-reviews
Request samples
application/json
{
  • "reviewDeadlineAt": "2025-07-01T16:45:55.246Z",
  • "securityReviewStatus": "NOT_YET_STARTED",
  • "securityReviewType": "SECURITY",
  • "requestedAt": "2025-07-01T16:45:55.246Z",
  • "note": "Security Review note",
  • "requesterUserId": 1,
  • "title": "Security Review title"
}
Response samples
application/json
{
  • "id": 1,
  • "requestedAt": "2019-08-24T14:15:22Z",
  • "reviewDeadlineAt": "2019-08-24T14:15:22Z",
  • "decision": "APPROVED",
  • "title": "string",
  • "note": "string",
  • "status": "NOT_YET_STARTED",
  • "type": "SECURITY",
  • "userId": 0,
  • "requesterUserId": 0,
  • "user": {
    • "id": 1,
    • "email": "[email protected]",
    • "firstName": "Sally",
    • "lastName": "Smith",
    • "createdAt": "2025-07-01T16:45:55.246Z",
    • "updatedAt": "2025-07-01T16:45:55.246Z"
    },
  • "requesterUser": {
    • "id": 1,
    • "email": "[email protected]",
    • "firstName": "Sally",
    • "lastName": "Smith",
    • "createdAt": "2025-07-01T16:45:55.246Z",
    • "updatedAt": "2025-07-01T16:45:55.246Z"
    },
  • "_links": {},
  • "socReviewForm": {
    • "readyToFinalize": false,
    • "reviewerInformation": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "reviewer": "Jane Doe",
      • "reportIssueDate": "2020-07-06"
      },
    • "complianceScope": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "certification": "SOC_2",
      • "scopeType": "TYPE_2",
      • "auditPeriod": "2020-07-06",
      • "auditPeriodRange": {
        • "start": "2020-07-06",
        • "end": "2020-07-06"
        },
      • "trustServiceCriteria": [
        • "AVAILABILITY"
        ]
      },
    • "reportOpinion": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "reportOpinion": "UNQUALIFIED",
      • "encompassBusinessNeeds": true,
      • "followUpActivity": "Schedule a follow-up review in 90 days."
      },
    • "findings": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "findings": [
        • {
          • "description": "Control objective was not met during the audit period."
          }
        ],
      • "hasMaterialImpact": false
      },
    • "endUserControls": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "userControls": [
        • {
          • "description": "Users must enforce strong password policies.",
          • "inPlace": true
          }
        ]
      },
    • "servicesAndLocations": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "services": [
        • {
          • "name": "Cloud Hosting"
          }
        ],
      • "locations": [
        • {
          • "city": "Austin",
          • "stateOrCountry": "TX"
          }
        ]
      },
    • "cpaFirm": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "cpaFirm": "Deloitte",
      • "cpaProcedurePerformed": "Assessed reputation via public records."
      },
    • "subserviceOrganizations": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "subserviceOrganization": "SubCo Inc.",
      • "subserviceOrganizationUsingInclusiveMethod": true,
      • "subserviceOrganizationProcedurePerformed": "Reviewed available SOC reports."
      }
    }
}

Create Vendor Security Review with File

Create a new Security Review for a given Vendor with file upload in a single atomic operation.

๐Ÿ”’ Requires Vendors: Create Security Review permission.

Securitybearer
Request
path Parameters
vendorId
required
number
Request Body schema: application/json
required
title
required
string <= 255 characters

The title of the security review

reviewDeadlineAt
required
string <date-time>

Vendor Security Review deadline date

requestedAt
string

The date when the security review was requested

securityReviewStatus
required
string

The status of the security review

Enum: "NOT_YET_STARTED" "IN_PROGRESS" "COMPLETED" "NOT_REQUIRED"
securityReviewType
required
string

The type of security review

Enum: "SECURITY" "SOC_REPORT" "UPLOAD_REPORT"
requesterUserId
number

Optional. The ID of the user requesting the security review. If not provided, defaults to: (1) the vendor's security owner if assigned and active, or (2) the platform admin user.

note
string <= 1000 characters

Optional notes for the security review

documentType
string

The type of document being uploaded

Enum: "COMPLIANCE_REPORT" "COMPLIANCE_REPORT_REVIEW" "BRIDGE_LETTER" "UPLOADED_COMPLIANCE_REPORT_REVIEW" "QUESTIONNAIRE_ATTACHMENT" "SOC_DOCUMENT" "QUESTIONNAIRE_REPORT"
file
required
string <binary>

File to upload. Accepted file extensions: .pdf, .docx, .odt, .doc, .xlsx, .ods, .pptx, .odp, .gif, .jpg, .jpeg, .png, .csv

Responses
201

Created

400

Malformed data and/or validation errors

401

Invalid Authorization

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

post/vendors/{vendorId}/security-reviews/with-file
Request samples
application/json
{
  • "title": "Q4 2024 Security Review",
  • "reviewDeadlineAt": "2025-07-01T16:45:55.246Z",
  • "requestedAt": "2024-01-01T00:00:00.000Z",
  • "securityReviewStatus": 3,
  • "securityReviewType": 1,
  • "requesterUserId": 123,
  • "note": "Additional notes about the security review",
  • "documentType": 1,
  • "file": "string"
}
Response samples
application/json
{
  • "id": 1,
  • "requestedAt": "2019-08-24T14:15:22Z",
  • "reviewDeadlineAt": "2019-08-24T14:15:22Z",
  • "decision": "APPROVED",
  • "title": "string",
  • "note": "string",
  • "status": "NOT_YET_STARTED",
  • "type": "SECURITY",
  • "userId": 0,
  • "requesterUserId": 0,
  • "user": {
    • "id": 1,
    • "email": "[email protected]",
    • "firstName": "Sally",
    • "lastName": "Smith",
    • "createdAt": "2025-07-01T16:45:55.246Z",
    • "updatedAt": "2025-07-01T16:45:55.246Z"
    },
  • "requesterUser": {
    • "id": 1,
    • "email": "[email protected]",
    • "firstName": "Sally",
    • "lastName": "Smith",
    • "createdAt": "2025-07-01T16:45:55.246Z",
    • "updatedAt": "2025-07-01T16:45:55.246Z"
    },
  • "_links": {},
  • "socReviewForm": {
    • "readyToFinalize": false,
    • "reviewerInformation": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "reviewer": "Jane Doe",
      • "reportIssueDate": "2020-07-06"
      },
    • "complianceScope": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "certification": "SOC_2",
      • "scopeType": "TYPE_2",
      • "auditPeriod": "2020-07-06",
      • "auditPeriodRange": {
        • "start": "2020-07-06",
        • "end": "2020-07-06"
        },
      • "trustServiceCriteria": [
        • "AVAILABILITY"
        ]
      },
    • "reportOpinion": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "reportOpinion": "UNQUALIFIED",
      • "encompassBusinessNeeds": true,
      • "followUpActivity": "Schedule a follow-up review in 90 days."
      },
    • "findings": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "findings": [
        • {
          • "description": "Control objective was not met during the audit period."
          }
        ],
      • "hasMaterialImpact": false
      },
    • "endUserControls": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "userControls": [
        • {
          • "description": "Users must enforce strong password policies.",
          • "inPlace": true
          }
        ]
      },
    • "servicesAndLocations": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "services": [
        • {
          • "name": "Cloud Hosting"
          }
        ],
      • "locations": [
        • {
          • "city": "Austin",
          • "stateOrCountry": "TX"
          }
        ]
      },
    • "cpaFirm": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "cpaFirm": "Deloitte",
      • "cpaProcedurePerformed": "Assessed reputation via public records."
      },
    • "subserviceOrganizations": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "subserviceOrganization": "SubCo Inc.",
      • "subserviceOrganizationUsingInclusiveMethod": true,
      • "subserviceOrganizationProcedurePerformed": "Reviewed available SOC reports."
      }
    }
}

Get Vendor Security Review ๐Ÿงช

Get a specific Security Review for a given Vendor. For SOC_REPORT reviews the response includes a socReview field with the SOC form data.

๐Ÿงช Note: This endpoint is in beta and may change.

๐Ÿ”’ Requires Vendors: List Vendors permission.

Securitybearer
Request
path Parameters
vendorId
required
number
securityReviewId
required
number
query Parameters
expand[]
Array of strings (VendorSecurityReviewExpandEnum)

List of subcollections and sub-objects to expand

Items Enum: "user" "requesterUser"
Responses
200

Successful

400

Malformed data and/or validation errors

401

Invalid Authorization

403

You are not allowed to perform this action

404

Not Found

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/vendors/{vendorId}/security-reviews/{securityReviewId}
Request samples 
Response samples 
application/json
{
  • "id": 1,
  • "requestedAt": "2019-08-24T14:15:22Z",
  • "reviewDeadlineAt": "2019-08-24T14:15:22Z",
  • "decision": "APPROVED",
  • "title": "string",
  • "note": "string",
  • "status": "NOT_YET_STARTED",
  • "type": "SECURITY",
  • "userId": 0,
  • "requesterUserId": 0,
  • "user": {
    • "id": 1,
    • "email": "[email protected]",
    • "firstName": "Sally",
    • "lastName": "Smith",
    • "createdAt": "2025-07-01T16:45:55.246Z",
    • "updatedAt": "2025-07-01T16:45:55.246Z"
    },
  • "requesterUser": {
    • "id": 1,
    • "email": "[email protected]",
    • "firstName": "Sally",
    • "lastName": "Smith",
    • "createdAt": "2025-07-01T16:45:55.246Z",
    • "updatedAt": "2025-07-01T16:45:55.246Z"
    },
  • "_links": {},
  • "socReviewForm": {
    • "readyToFinalize": false,
    • "reviewerInformation": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "reviewer": "Jane Doe",
      • "reportIssueDate": "2020-07-06"
      },
    • "complianceScope": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "certification": "SOC_2",
      • "scopeType": "TYPE_2",
      • "auditPeriod": "2020-07-06",
      • "auditPeriodRange": {
        • "start": "2020-07-06",
        • "end": "2020-07-06"
        },
      • "trustServiceCriteria": [
        • "AVAILABILITY"
        ]
      },
    • "reportOpinion": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "reportOpinion": "UNQUALIFIED",
      • "encompassBusinessNeeds": true,
      • "followUpActivity": "Schedule a follow-up review in 90 days."
      },
    • "findings": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "findings": [
        • {
          • "description": "Control objective was not met during the audit period."
          }
        ],
      • "hasMaterialImpact": false
      },
    • "endUserControls": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "userControls": [
        • {
          • "description": "Users must enforce strong password policies.",
          • "inPlace": true
          }
        ]
      },
    • "servicesAndLocations": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "services": [
        • {
          • "name": "Cloud Hosting"
          }
        ],
      • "locations": [
        • {
          • "city": "Austin",
          • "stateOrCountry": "TX"
          }
        ]
      },
    • "cpaFirm": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "cpaFirm": "Deloitte",
      • "cpaProcedurePerformed": "Assessed reputation via public records."
      },
    • "subserviceOrganizations": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "subserviceOrganization": "SubCo Inc.",
      • "subserviceOrganizationUsingInclusiveMethod": true,
      • "subserviceOrganizationProcedurePerformed": "Reviewed available SOC reports."
      }
    }
}
Update Vendor Security Review ๐Ÿงช
Update a Vendor Security Review. The title field applies to all security review types. The socForm field is only processed when securityReviewType is SOC_REPORT.


๐Ÿงช Note: This endpoint is in beta and may change.


๐Ÿ”’ Requires Vendors: Update Security Review permission.


Securitybearer 
Request 
path Parameters
vendorId
required
number
 
securityReviewId
required
number
 
Request Body schema: application/json
required
title
string  <= 191 characters 
The Security Review name.


 
object or null
SOC review form data. Only processed when securityReviewType is SOC_REPORT.


 
Responses 
200
Successful


400
Malformed data and/or validation errors


401
Invalid Authorization


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


put/vendors/{vendorId}/security-reviews/{securityReviewId}
Request samples 
application/json
{
  • "title": "string",
  • "socForm": {
    • "reviewerInformation": {
      • "reviewerUserId": 42,
      • "reportIssueDate": "2020-07-06"
      },
    • "complianceScope": {
      • "certification": "SOC_2",
      • "scopeType": "TYPE_2",
      • "auditPeriod": "2020-07-06",
      • "auditPeriodRange": {
        • "start": "2020-07-06",
        • "end": "2020-07-06"
        },
      • "trustServiceCriteria": [
        • "AVAILABILITY"
        ]
      },
    • "reportOpinion": {
      • "reportOpinion": "UNQUALIFIED",
      • "encompassBusinessNeeds": true,
      • "followUpActivity": "string"
      },
    • "findings": {
      • "findings": [
        • {
          • "description": "string"
          }
        ],
      • "hasMaterialImpact": false
      },
    • "endUserControls": {
      • "userControls": [
        • {
          • "description": "string",
          • "inPlace": true
          }
        ]
      },
    • "servicesAndLocations": {
      • "services": [
        • {
          • "name": "string"
          }
        ],
      • "locations": [
        • {
          • "city": "Austin",
          • "stateOrCountry": "TX"
          }
        ]
      },
    • "cpaFirm": {
      • "cpaFirm": "Deloitte",
      • "cpaProcedurePerformed": "string"
      },
    • "subserviceOrganizations": {
      • "subserviceOrganization": "string",
      • "subserviceOrganizationUsingInclusiveMethod": true,
      • "subserviceOrganizationProcedurePerformed": "string"
      }
    }
}
Response samples 
application/json
{
  • "id": 1,
  • "requestedAt": "2019-08-24T14:15:22Z",
  • "reviewDeadlineAt": "2019-08-24T14:15:22Z",
  • "decision": "APPROVED",
  • "title": "string",
  • "note": "string",
  • "status": "NOT_YET_STARTED",
  • "type": "SECURITY",
  • "userId": 0,
  • "requesterUserId": 0,
  • "user": {
    • "id": 1,
    • "email": "[email protected]",
    • "firstName": "Sally",
    • "lastName": "Smith",
    • "createdAt": "2025-07-01T16:45:55.246Z",
    • "updatedAt": "2025-07-01T16:45:55.246Z"
    },
  • "requesterUser": {
    • "id": 1,
    • "email": "[email protected]",
    • "firstName": "Sally",
    • "lastName": "Smith",
    • "createdAt": "2025-07-01T16:45:55.246Z",
    • "updatedAt": "2025-07-01T16:45:55.246Z"
    },
  • "_links": {},
  • "socReviewForm": {
    • "readyToFinalize": false,
    • "reviewerInformation": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "reviewer": "Jane Doe",
      • "reportIssueDate": "2020-07-06"
      },
    • "complianceScope": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "certification": "SOC_2",
      • "scopeType": "TYPE_2",
      • "auditPeriod": "2020-07-06",
      • "auditPeriodRange": {
        • "start": "2020-07-06",
        • "end": "2020-07-06"
        },
      • "trustServiceCriteria": [
        • "AVAILABILITY"
        ]
      },
    • "reportOpinion": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "reportOpinion": "UNQUALIFIED",
      • "encompassBusinessNeeds": true,
      • "followUpActivity": "Schedule a follow-up review in 90 days."
      },
    • "findings": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "findings": [
        • {
          • "description": "Control objective was not met during the audit period."
          }
        ],
      • "hasMaterialImpact": false
      },
    • "endUserControls": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "userControls": [
        • {
          • "description": "Users must enforce strong password policies.",
          • "inPlace": true
          }
        ]
      },
    • "servicesAndLocations": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "services": [
        • {
          • "name": "Cloud Hosting"
          }
        ],
      • "locations": [
        • {
          • "city": "Austin",
          • "stateOrCountry": "TX"
          }
        ]
      },
    • "cpaFirm": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "cpaFirm": "Deloitte",
      • "cpaProcedurePerformed": "Assessed reputation via public records."
      },
    • "subserviceOrganizations": {
      • "isComplete": false,
      • "missingRequiredFields": [
        • "reviewerInformation.reviewer"
        ],
      • "subserviceOrganization": "SubCo Inc.",
      • "subserviceOrganizationUsingInclusiveMethod": true,
      • "subserviceOrganizationProcedurePerformed": "Reviewed available SOC reports."
      }
    }
}
Upload Security Questionnaire
๐Ÿ”’ Requires Vendors: Upload Security Questionnaire permission.


Securitybearer 
Request 
path Parameters
vendorId
required
number
 
Request Body schema: multipart/form-data
required
files
required
Array of strings <binary> 
Accepted file extensions: .pdf, .docx, .odt, .doc, .xlsx, .ods, .pptx, .odp, .csv


 
Responses 
201
Created


400
Malformed data and/or validation errors


401
Invalid Authorization


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


post/vendors/{vendorId}/security-questionnaires
Request samples 
Response samples 
application/json
{
  • "id": 1,
  • "completedBy": "Acme",
  • "recipientEmail": "[email protected]",
  • "isCompleted": "true",
  • "dateSent": "2025-07-01T16:45:55.246Z",
  • "isManualUpload": "true",
  • "responseId": 1,
  • "title": "Vendor Security Questionnaire"
}
Upload Security Questionnaire
Upload a Security Questionnaire to a Vendor for a specific Security Review.


๐Ÿ”’ Requires Vendors: Upload Security Questionnaire permission.


Securitybearer 
Request 
path Parameters
vendorId
required
number
 
securityReviewId
required
number
 
Request Body schema: multipart/form-data
required
files
required
Array of strings <binary> 
Accepted file extensions: .pdf, .docx, .odt, .doc, .xlsx, .ods, .pptx, .odp, .csv


 
Responses 
201
Created


400
Malformed data and/or validation errors


401
Invalid Authorization


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


500
Internal server error


post/vendors/{vendorId}/security-reviews/{securityReviewId}/security-questionnaires
Request samples 
Response samples 
application/json
{
  • "id": 1,
  • "completedBy": "Acme",
  • "recipientEmail": "[email protected]",
  • "isCompleted": "true",
  • "dateSent": "2025-07-01T16:45:55.246Z",
  • "isManualUpload": "true",
  • "responseId": 1,
  • "title": "Vendor Security Questionnaire"
}
List Security Review Actions ๐Ÿงช
List available actions for a security review based on its current state (e.g. Finalize, Reopen). Currently only SOC report type security reviews are supported.


๐Ÿงช Note: This endpoint is in beta and may change.


๐Ÿ”’ Requires Vendors: List Security Review Actions permission.


Securitybearer 
Request 
path Parameters
vendorId
required
number
 
securityReviewId
required
number
 
Responses 
200
Successful


401
Invalid Authorization


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


422
Actions are not supported for the given security review type.


500
Internal server error


get/vendors/{vendorId}/security-reviews/{securityReviewId}/actions
Request samples 
Response samples 
application/json
{
  • "data": [
    • {
      • "action": "finalize"
      }
    ]
}
Perform Security Review Action ๐Ÿงช
Execute an action on a security review (Finalize or Reopen). Finalize marks the review as complete. Reopen returns a completed review to in-progress. Currently only SOC report type security reviews are supported.


๐Ÿงช Note: This endpoint is in beta and may change.


๐Ÿ”’ Requires Vendors: Perform Security Review Action permission.


Securitybearer 
Request 
path Parameters
vendorId
required
number
 
securityReviewId
required
number
 
Request Body schema: application/json
required
action
required
string
Action to perform on the security review.


 Enum: "finalize" "reopen"  
Responses 
200
Successful


400
Malformed data and/or validation errors


401
Invalid Authorization


403
You are not allowed to perform this action


404
Not Found


412
You must accept the Drata terms and conditions to use the API


422
The requested action is not available for the current state of this security review, or the security review type does not support actions.


500
Internal server error


post/vendors/{vendorId}/security-reviews/{securityReviewId}/actions
Request samples 
application/json
{
  • "action": "finalize"
}
Response samples 
application/json
{
  • "success": true,
  • "newStatus": "COMPLETED",
  • "message": "Security review finalized successfully"
}