--- title: Vanta API Integration on Truto slug: vanta category: Default canonical: "https://truto.one/integrations/detail/vanta/" --- # Vanta API Integration on Truto **Category:** Default **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Groups** — Groups are a collection of users in the source application. In some applications, they might also be called Teams. - **Users** — The User object represents a User. ## MCP-ready AI tools Truto exposes 182 tools for Vanta that AI agents can call directly. - **list_all_vanta_controls** — List controls in Vanta. Returns id, externalId, name, description, source, domains, owner, role, and customFields for each control. - **get_single_vanta_control_by_id** — Get a control in Vanta by id. Returns fields such as id, externalId, name, description, source, domains, owner, customFields, numDocumentsPassing, numDocumentsTotal, numTestsPassing, numTestsTotal, status, role, and note. - **create_a_vanta_control** — Create a custom control in Vanta. Requires externalId, name, description, effectiveDate, and domain as parameters. Returns id, externalId, name, description, source, domains, owner, role, and customFields, which include information about the newly created control. - **update_a_vanta_control_by_id** — Update a control's metadata in Vanta using id. Returns id (control's unique ID), externalId (external control ID), name, description, source, domains, owner, role, and customFields in the response. - **delete_a_vanta_control_by_id** — Delete a specific control in Vanta using id. No content is returned in the response when the control is successfully removed. - **vanta_controls_set_owner** — Set owner for a specific control in Vanta using id. Returns id, externalId, name, description, source, domains, owner, role, and customFields in the response. - **vanta_controls_add_from_library** — Add a control from the Vanta library to your organization's controls in Vanta. Requires controlId. Returns id, externalId, name, description, source, domains, owner, role, and customFields of the new control in the response. - **list_all_vanta_control_documents** — List documents for a specific control in Vanta. Requires id. Returns id, ownerId, category, isSensitive, title, uploadStatus, uploadStatusDate, and url for each document. - **delete_a_vanta_control_document_by_id** — Remove a document from a control in Vanta. Requires control_id and id. Returns no content if successful. - **create_a_vanta_control_document** — Add a document to a control in Vanta. Requires id (as controlId) and documentId. Returns document fields including id, ownerId, category, isSensitive, title, uploadStatus, uploadStatusDate, and url. - **list_all_vanta_control_tests** — List tests for a specific control in Vanta. Requires id. Returns fields: id, name, lastTestRunDate, latestFlipDate, description, failureDescription, remediationDescription, version, category, integrations, status, deactivatedStatusInfo, remediationStatusInfo, owner. - **delete_a_vanta_control_test_by_id** — Remove a control-test mapping in Vanta. Requires control_id and id. Returns no content in the response. - **create_a_vanta_control_test** — Add a test to a control in Vanta. Requires id for the control and testId in the body. Returns test fields (id, name, lastTestRunDate, description, status, owner) and control fields (id, name, description, source, domains, owner) in the response. - **list_all_vanta_documents** — List documents in Vanta. Returns id, ownerId, category, isSensitive, title, uploadStatus, uploadStatusDate, and url for each document. - **get_single_vanta_document_by_id** — Get a document in Vanta by id. Returns fields such as id, ownerId, category, isSensitive, title, uploadStatus, uploadStatusDate, url, description, deactivatedStatus, note, nextRenewalDate, renewalCadence, reminderWindow, and subscribers. - **delete_a_vanta_document_by_id** — Delete a document by id in Vanta. Returns no content on success. Requires id. - **create_a_vanta_document** — Create a custom document in Vanta. Requires title, description, timeSensitivity, cadence, reminderWindow, and isSensitive. Returns id, ownerId, category, isSensitive, title, uploadStatus, uploadStatusDate, and url in the response. - **vanta_documents_submit** — Submit a document collection in Vanta. Requires id. Returns a 204 status on success with no content. - **list_all_vanta_document_files** — List uploaded files for a document in Vanta. Requires id. Returns id, fileName, title, description, mimeType, uploadedBy, creationDate, updatedDate, deletionDate, effectiveDate, and url for each uploaded file. - **vanta_document_files_download** — Download a specific document-file in Vanta by document_id and id. The response returns the 'readable' field indicating if the file stream can be read. - **create_a_vanta_document_file** — Upload a file for a document in Vanta. Requires id. Returns id, fileName, title, description, mimeType, uploadedBy, creationDate, updatedDate, deletionDate, effectiveDate, and url for the uploaded document. - **delete_a_vanta_document_file_by_id** — Delete a document-file in Vanta. Requires document_id and id. No content is returned in the response. - **list_all_vanta_frameworks** — List frameworks in Vanta. Returns fields: id, displayName, shorthandName, description, numControlsCompleted, numControlsTotal, numDocumentsPassing, numDocumentsTotal, numTestsPassing, numTestsTotal for each framework. - **get_single_vanta_framework_by_id** — Get details about a specific framework in Vanta using id. Returns fields such as id, displayName, shorthandName, description, numControlsCompleted, numControlsTotal, numDocumentsPassing, numDocumentsTotal, numTestsPassing, numTestsTotal, and requirementCategories where requirementCategories include id, name, shorthand, and requirements with their controls. - **list_all_vanta_framework_controls** — List controls for a specific framework in Vanta. Requires framework_id. Returns id, externalId, name, description, source, domains, owner, role, and customFields for each control. - **list_all_vanta_groups** — List groups in Vanta. Returns id, name, and creationDate fields for each group. - **get_single_vanta_group_by_id** — Get group details by id in Vanta. Returns id, name, and creationDate fields in the response. - **create_a_vanta_group_person** — Add people to a group in Vanta. Requires id. Returns an array of results for each person, including id, status ('SUCCESS' or 'ERROR'), and an error message if applicable. - **delete_a_vanta_group_person_by_id** — Remove people from a group in Vanta. Requires id. Returns the results array with each person's id, status (either SUCCESS or ERROR), and an optional error message per person. - **list_all_vanta_group_people** — List people in a group in Vanta. Requires group_id. Returns id, emailAddress, employment status and dates, leaveInfo, groupIds, name, sources of information, and detailed tasksSummary for each person. - **list_all_vanta_integrations** — List all integrations connected to a Vanta instance. Returns integrationId, displayName, resourceKinds, and details about installed connections including connectionId, isDisabled status, and connectionErrorMessage. - **get_single_vanta_integration_by_id** — Get details of a specific integration in Vanta. Requires id. Returns integrationId, displayName, resourceKinds (resource types ingested), and connections (connectionId, isDisabled, connectionErrorMessage) in the response. - **list_all_vanta_integration_resource_kinds** — List integration resource kinds in Vanta for a specific integration_id. Returns integrationId (the integration identifier), resourceKind (resource type), isScopable (audit scoping eligibility), canUpdateDescription, and canUpdateOwner for each kind. - **get_single_vanta_integration_resource_kind_by_id** — Get details for a specific integration-resource-kinds in Vanta. Requires integration_id and id. Returns integrationId, resourceKind, isScopable, canUpdateDescription, canUpdateOwner, numResources, numInScope, numOwned, numWithDescription. - **list_all_vanta_resources** — List resources for a specific integration and resourceKind in Vanta. Requires integration_id and resource_kind. Returns fields including responseType, resourceKind, resourceId, displayName, owner, inScope, creationDate, and more. - **get_single_vanta_resource_by_id** — Get detailed information about a specific resource in Vanta using integration_id, resource_kind, and id. Returns key fields such as responseType, resourceKind, resourceId, connectionId, displayName, owner, inScope, description, creationDate, and additional resource-specific fields. - **update_a_vanta_resource_by_id** — Update metadata for a specific resource in Vanta. Requires integration_id, resource_kind, and id. Returns no content on success. - **vanta_resources_update_many** — Update metadata for multiple resources in Vanta. Requires integration_id and resource_kind. Returns results array with id, status (SUCCESS or ERROR), and error message for each resource updated. - **list_all_vanta_monitored_computers** — List monitored computers in Vanta. Returns id, integrationId, lastCheckDate, screenlock, diskEncryption, passwordManager, antivirusInstallation, operatingSystem, owner, serialNumber, and udid fields for each computer. - **get_single_vanta_monitored_computer_by_id** — Get a monitored computer in Vanta by id. Requires id. Returns id, integrationId, lastCheckDate, screenlock, diskEncryption, passwordManager, antivirusInstallation, operatingSystem, owner, serialNumber, and udid fields in the response. - **list_all_vanta_people** — List people in Vanta. Returns id, emailAddress, employment (status, startDate, jobTitle, endDate), leaveInfo, groupIds, name, sources, and tasksSummary (status, dueDate, completionDate, details) for each person. - **get_single_vanta_person_by_id** — Get person in Vanta using id. Returns fields including id, emailAddress, employment (status, startDate, jobTitle, endDate), leaveInfo, groupIds, name, sources, and tasksSummary. - **update_a_vanta_person_by_id** — Update a person's metadata in Vanta using id. Returns id, emailAddress, employment details, leaveInfo, groupIds, name, sources, and tasksSummary in the response. - **delete_a_vanta_person_by_id** — Offboard a list of people in Vanta. Requires each update to include acknowledgerId and id. Returns results array with each person's id, status (SUCCESS or ERROR), and error message if applicable. Eligibility depends on ex-employee status, monitored accounts deactivated, and all custom offboarding tasks completed. Unmonitored accounts are marked deactivated. Offboarding fails if unfinished tasks remain. - **vanta_people_mark_as_not** — Mark a set of accounts as 'not a person' in Vanta by providing the required updates array with id and reason. Returns the id, status, and, if any error occurs, the message for each account processed. - **vanta_people_mark_as** — Mark a set of accounts as people in Vanta. Requires updates. Returns for each id: status indicating SUCCESS or ERROR, and message on error. - **vanta_people_clear_leave** — Remove leave information for a specific person in Vanta using id. Returns fields including id, emailAddress, employment details, leaveInfo, groupIds, name, sources, and tasksSummary. - **vanta_people_set_leave** — Set leave information for a person in Vanta. Requires id, startDate, and endDate (nullable). Response returns id, emailAddress, employment, leaveInfo, groupIds, name, sources, and tasksSummary. Existing leaveInfo will be replaced. - **get_single_vanta_trust_center_by_id** — Get a Trust Center in Vanta by id. Requires id. Returns id, title, companyDescription, privacyPolicy, customDomain, isPublic, bannerSetting, customTheme, creationDate, and updatedDate fields in the response. - **update_a_vanta_trust_center_by_id** — Update a Trust Center in Vanta using id. Returns id, title, companyDescription, privacyPolicy, customDomain, isPublic, bannerSetting, customTheme, creationDate, and updatedDate fields in the response. - **list_all_vanta_trust_center_documents** — Use this endpoint to retrieve a list of documents published in a specific Trust Center. These documents typically include security policies, compliance reports, certifications, and other trust-related resources shared by an organization. - **list_all_vanta_controls_library** — List controls-library resources in Vanta. Returns id, externalId, name, description, source, domains, owner, role, and customFields for each control. - **list_all_vanta_discovered_vendors** — List discovered vendors in Vanta. Returns for each vendor: id, name, normalizedName, category, source, discoveredDate, numberOfAccounts, ignored, and rejected fields. - **vanta_discovered_vendors_managed_vendor** — Add a discovered vendor to managed vendor in Vanta. Requires id. Returns key fields: id (unique vendor ID), name, websiteUrl, accountManagerName, servicesProvided, additionalNotes, securityOwnerUserId, status, inherentRiskLevel, residualRiskLevel, contract dates, contractAmount, authentication details, and riskAttributeIds in the response. - **list_all_vanta_discovered_vendor_accounts** — List discovered vendor accounts in Vanta for a given discovered_vendor_id. Returns id, displayName, type, and for COMPUTER type, also owner details (id, email, displayName, type) in the response. - **list_all_vanta_document_controls** — List controls associated with a document in Vanta. Requires id. Returns fields: id, externalId, name, description, source, domains, owner, role, and customFields for each control. - **list_all_vanta_document_links** — List uploaded links for a specific document in Vanta. Requires id. Returns id, creationDate, effectiveDate, title, url, and description for each link in the response. - **create_a_vanta_document_link** — Create document link in Vanta for a specific document using id. Returns id, creationDate, effectiveDate, title, url, and description for the created link. - **delete_a_vanta_document_link_by_id** — Delete a specific document link in Vanta. Requires document_id and id. No content is returned in the response. - **create_a_vanta_document_owner** — Set the owner of a document in Vanta. Requires id. Returns id, ownerId, category, isSensitive, title, uploadStatus, uploadStatusDate, and url for the document in the response. - **list_all_vanta_policies** — List policies in Vanta. Returns id, name, description, status, approvedAtDate, and latestVersion.status for each policy. - **get_single_vanta_policy_by_id** — Get a policy in Vanta by id. Returns id, name, description, status, approvedAtDate, and latestVersion fields in the response. Policy ids can be found in Vanta in the URL bar after /policies/. - **list_all_vanta_risk_scenarios** — List risk scenarios in Vanta. Returns riskId, description, isSensitive, likelihood, impact, residualLikelihood, residualImpact, categories, ciaCategories, treatment, owner, note, customFields, isArchived, and reviewStatus for each scenario. - **get_single_vanta_risk_scenario_by_id** — Get a risk scenario in Vanta using id. Returns riskId, description, isSensitive, likelihood, impact, residualLikelihood, residualImpact, categories, ciaCategories, treatment, owner, note, customFields, isArchived, and reviewStatus. - **create_a_vanta_risk_scenario** — Create a risk scenario in Vanta. Requires description. Returns riskId, description, isSensitive, likelihood, impact, residualLikelihood, residualImpact, categories, ciaCategories, treatment, owner, note, customFields, isArchived, and reviewStatus. - **update_a_vanta_risk_scenario_by_id** — Update a risk scenario in Vanta. Requires id. Returns riskId, description, isSensitive, likelihood, impact, residualLikelihood, residualImpact, categories, ciaCategories, treatment, owner, note, customFields, isArchived, and reviewStatus fields in the response. - **list_all_vanta_tests** — List tests in Vanta. Returns fields such as id, name, lastTestRunDate, latestFlipDate, description, failureDescription, remediationDescription, version, category, integrations, status, deactivatedStatusInfo, remediationStatusInfo, and owner in the response. - **get_single_vanta_test_by_id** — Get a test by id in Vanta. Requires id. Returns id for the test, name, lastTestRunDate, latestFlipDate, description, failureDescription, remediationDescription, version, category, integrations, status, deactivatedStatusInfo, remediationStatusInfo, and owner. - **list_all_vanta_test_entities** — List test entities in Vanta for a specific test_id. Returns id, entityStatus, displayName, responseType, deactivatedReason, lastUpdatedDate, and createdDate fields for each entity in the response. - **vanta_test_entities_deactivate** — Deactivate a specific test-entity in Vanta. Requires test_id and id. Returns deactivation request acceptance status. There may be a delay until the next test run. - **vanta_test_entities_reactivate** — Reactivate a test-entity in Vanta. Requires test_id and id. Returns confirmation that the reactivation request has been accepted. Reactivation may be delayed until the next test run. - **list_all_vanta_vendor_risk_attributes** — List vendor risk attributes in Vanta. Returns id, name, description, vendorCategories, enabled, and riskLevel fields for each risk attribute in the response. - **list_all_vanta_vulnerabilities** — List vulnerabilities in Vanta. Returns id, name, description, integrationId, packageIdentifier, vulnerabilityType, targetId, severity, scores, dates, fixability, relatedVulns, relatedUrls, externalURL, scanSource, and deactivateMetadata fields. - **get_single_vanta_vulnerability_by_id** — Get a vulnerability in Vanta by id. Returns id, name, description, integrationId, packageIdentifier, vulnerabilityType, targetId, firstDetectedDate, sourceDetectedDate, lastDetectedDate, severity, cvssSeverityScore, scannerScore, isFixable, remediateByDate, relatedVulns, relatedUrls, externalURL, scanSource, deactivateMetadata fields in the response. - **vanta_vulnerability_monitoring_reactivate** — Reactivate vulnerability monitoring in Vanta for specified vulnerabilities by providing their id values. Returns id, status (SUCCESS or ERROR), and message (if ERROR) for each processed vulnerability in the response. - **vanta_vulnerability_monitoring_deactivate** — Deactivate vulnerability monitoring in Vanta. Requires updates with id, deactivateReason, and shouldReactivateWhenFixable. Returns results for each id with status and, if an error occurs, a message. - **list_all_vanta_vulnerability_remediations** — List vulnerability remediations in Vanta. Returns id, vulnerabilityId, vulnerableAssetId, severity, detectedDate, slaDeadlineDate, and remediationDate for each remediation. - **create_a_vanta_sla_miss_acknowledgment** — Acknowledge SLA miss for vulnerability remediation in Vanta. Requires updates with id and slaViolationComment. Returns results array with id, status (SUCCESS or ERROR), and message for errors. - **list_all_vanta_vulnerabilities_assets** — List assets associated with vulnerabilities in Vanta. Returns id, name, assetType, hasBeenScanned, imageScanTag, and scanners fields for each asset. - **get_single_vanta_vulnerabilities_asset_by_id** — Get vulnerable asset in Vanta by id. Returns id, name, assetType, hasBeenScanned, imageScanTag, and scanners (with integration and asset details) in the response. - **list_all_vanta_vendors** — List vendors in Vanta. Returns key fields such as id, name, websiteUrl, accountManagerName, accountManagerEmail, servicesProvided, status, risk levels, contract dates, authDetails, headquarters, contractAmount, category, and customFields. - **get_single_vanta_vendor_by_id** — Get vendor in Vanta by id. Returns id, name, websiteUrl, accountManagerName, accountManagerEmail, servicesProvided, additionalNotes, securityOwnerUserId, businessOwnerUserId, contract dates, isVisibleToAuditors, isRiskAutoScored, riskAttributeIds, category, authDetails, status, risk levels, vendorHeadquarters, contractAmount, and customFields in the response. - **create_a_vanta_vendor** — Create a vendor in Vanta. Returns id, name, websiteUrl, accountManagerName, accountManagerEmail, servicesProvided, additionalNotes, securityOwnerUserId, businessOwnerUserId, contractStartDate, contractRenewalDate, contractTerminationDate, nextSecurityReviewDueDate, lastSecurityReviewCompletionDate, isVisibleToAuditors, isRiskAutoScored, riskAttributeIds, category, authDetails, status, inherentRiskLevel, residualRiskLevel, vendorHeadquarters, contractAmount, customFields in the response. - **update_a_vanta_vendor_by_id** — Update a vendor in Vanta by id. Returns id, name, websiteUrl, accountManagerName, accountManagerEmail, servicesProvided, additionalNotes, securityOwnerUserId, businessOwnerUserId, contractStartDate, contractRenewalDate, contractTerminationDate, nextSecurityReviewDueDate, lastSecurityReviewCompletionDate, isVisibleToAuditors, isRiskAutoScored, riskAttributeIds, category, authDetails, status, inherentRiskLevel, residualRiskLevel, vendorHeadquarters, contractAmount, and customFields in the response. - **delete_a_vanta_vendor_by_id** — Delete a vendor in Vanta by id. No content is returned in the response. - **list_all_vanta_vendor_documents** — List vendor documents in Vanta. Requires vendor_id. Returns id, fileName, title, description, mimeType, uploadedBy, creationDate, updatedDate, deletionDate, type, and url fields for each document. - **create_a_vanta_vendor_document** — Add document to a vendor in Vanta. Requires vendor_id, file, and type. Returns fields: id (document identifier), fileName (file name), title, description, mimeType, uploadedBy (actor who uploaded), creationDate, updatedDate, deletionDate, type, and url (document link) in the response. - **list_all_vanta_vendor_findings** — List vendor findings in Vanta for a specific vendor_id. Returns id, vendorId, securityReviewId, documentId, content, riskStatus, and remediation fields for each finding. - **create_a_vanta_vendor_finding** — Create a vendor finding in Vanta for a given vendor_id. Returns id, vendorId, securityReviewId, documentId, content, riskStatus, and remediation fields describing the finding and its status. - **update_a_vanta_vendor_finding_by_id** — Update a vendor finding in Vanta. Requires vendor_id and id. Returns id, vendorId, securityReviewId, documentId, content, riskStatus, and remediation fields describing the updated finding. - **delete_a_vanta_vendor_finding_by_id** — Delete a specific vendor-finding in Vanta. Requires vendor_id and id. No content is returned in the response. - **get_single_vanta_security_review_by_id** — Get a security review in Vanta. Requires vendor_id and id. Returns fields including id, vendorId, decisionNotes, comments, completedByUserId, startDate, dueDate, overrideDueDate, completionDate, and decision object for review status and timestamps. - **list_all_vanta_vendor_security_review** — List security reviews for a vendor in Vanta. Requires vendor_id. Returns id, vendorId, decisionNotes, comments, completedByUserId, startDate, dueDate, overrideDueDate, completionDate, and decision fields for each security review. - **list_all_vanta_security_review_documents** — List security review documents in Vanta for a given vendor_id and security_review_id. Returns id, fileName, title, description, mimeType, uploadedBy, creationDate, updatedDate, deletionDate, type, and url fields for each document. - **create_a_vanta_security_review_document** — Add a document to a security review in Vanta. Requires vendor_id and security_review_id. Returns id, fileName, title, description, mimeType, uploadedBy, creationDate, updatedDate, deletionDate, type, and url fields for the created document. - **delete_a_vanta_security_review_document_by_id** — Delete a security review document in Vanta. Requires vendor_id, security_review_id, and id. Returns no content in the response. - **create_a_vanta_vendor_status** — Set status for a vendor in Vanta. Requires id and status. Returns fields such as id, name, websiteUrl, accountManagerName, accountManagerEmail, servicesProvided, additionalNotes, securityOwnerUserId, businessOwnerUserId, contractStartDate, contractRenewalDate, contractTerminationDate, nextSecurityReviewDueDate, lastSecurityReviewCompletionDate, isVisibleToAuditors, isRiskAutoScored, riskAttributeIds, category, authDetails, status, inherentRiskLevel, residualRiskLevel, vendorHeadquarters, contractAmount, and customFields providing the vendor's profile, risk, contract, and authentication details. - **list_all_vanta_trust_center_access_requests** — List Trust Center access requests in Vanta for a specified slug_id. Returns id, email, name, companyName, reason, requestedResources, accessLevel, creationDate, and updatedDate fields for each access request in the response. - **get_single_vanta_trust_center_access_request_by_id** — Get a specific Trust Center access request in Vanta using slug_id and id. Returns id, email, name, companyName, reason, requestedResources, accessLevel, creationDate, and updatedDate in the response. - **vanta_trust_center_access_requests_approve** — Approve a trust-center-access-requests in Vanta. Requires slug_id and id. Returns no content in the response. - **vanta_trust_center_access_requests_deny** — Deny an access request for a Trust Center in Vanta. Requires slug_id and id. No content is returned in the response. - **list_all_vanta_trust_center_activity_events** — List Trust Center viewer activity events in Vanta. Requires slug_id. Returns id, date, eventType, details (varies by event type), viewerId, viewerEmail, city, and countryCode for each event. - **list_all_vanta_trust_center_control_categories** — List control categories for a Trust Center in Vanta. Requires slug_id. Returns id and name fields for each control category in the response. - **get_single_vanta_trust_center_control_category_by_id** — Get a specific control category in Vanta Trust Center. Requires slug_id and id. Returns id (unique identifier) and name (category name) in the response. - **create_a_vanta_trust_center_control_category** — Create a control category in Vanta Trust Center. Requires slug_id and name. Returns id and name of the created control category in the response. - **update_a_vanta_trust_center_control_category_by_id** — Update a specific Trust Center control category in Vanta. Requires slug_id and id. Returns id and name fields representing the updated control category. - **delete_a_vanta_trust_center_control_category_by_id** — Delete a control category in Vanta Trust Center, along with all controls in the category. Requires slug_id and id. No content returned in response. - **list_all_vanta_trust_center_controls** — List controls for a Trust Center in Vanta. Requires slug_id. Returns id, name, description, and categories (id and name) for each control. - **get_single_vanta_trust_center_control_by_id** — Get a specific Trust Center control in Vanta. Requires slug_id and id. Returns id (unique identifier), name (control summary), description, and categories (array of category ids and names) in the response. - **create_a_vanta_trust_center_control** — Add a control to a Trust Center in Vanta. Requires slug_id, controlId, and categoryIds. Returns id, name, description, and categories (with id and name) for the created control in the response. - **delete_a_vanta_trust_center_control_by_id** — Delete a specific trust-center-controls resource in Vanta. Requires slug_id and id. No content returned in the response. - **list_all_vanta_trust_center_faqs** — List Trust Center FAQs in Vanta. Requires slug_id. Returns id, question, and answer fields for each FAQ in the response. - **get_single_vanta_trust_center_faq_by_id** — Get a specific Trust Center FAQ in Vanta. Requires slug_id and id. Returns id (FAQ identifier), question (FAQ question), and answer (FAQ answer) in the response. - **create_a_vanta_trust_center_faq** — Create a Trust Center FAQ in Vanta. Requires slug_id, question, and answer. Returns id (unique identifier), question, and answer in the response. - **update_a_vanta_trust_center_faq_by_id** — Update a specific trust-center-faqs in Vanta. Requires slug_id and id. Returns id (unique FAQ identifier), question (FAQ question), and answer (FAQ answer) in the response. - **delete_a_vanta_trust_center_faq_by_id** — Delete a specific FAQ from the Trust Center in Vanta. Requires slug_id and id. No content is returned in the response. - **list_all_vanta_trust_center_resources** — List Trust Center resources in Vanta. Requires slug_id. Returns id, fileName, title, description, mimeType, creationDate, updatedDate, and isPublic fields for each resource. - **get_single_vanta_trust_center_document_by_id** — Get a specific Trust Center document in Vanta. Requires slug_id and id. Returns id, fileName, title, description, mimeType, creationDate, updatedDate, and isPublic fields in the response. - **create_a_vanta_trust_center_document** — Create Trust Center document in Vanta. Requires slug_id. Returns id, fileName, title, description, mimeType, creationDate, updatedDate, and isPublic fields for the new document. - **update_a_vanta_trust_center_document_by_id** — Update a specific Trust Center document in Vanta. Requires slug_id and id. Returns id, fileName, title, description, mimeType, creationDate, updatedDate, and isPublic fields in the response. - **delete_a_vanta_trust_center_document_by_id** — Delete a specific Trust Center document in Vanta. Requires slug_id and id. No content is returned in the response. - **list_all_vanta_trust_center_subprocessors** — List subprocessors for a Trust Center in Vanta. Requires slug_id. Returns id, name, description, location, purpose, and url fields for each subprocessor in the response. - **get_single_vanta_trust_center_subprocessor_by_id** — Get a specific Trust Center subprocessor in Vanta. Requires slug_id and id. Returns id (unique identifier), name, description, location, purpose, and url of the subprocessor. - **create_a_vanta_trust_center_subprocessor** — Create a Trust Center subprocessor in Vanta. Requires slug_id and request body with name. Returns id, name, description, location, purpose, and url of the created subprocessor in the response. - **update_a_vanta_trust_center_subprocessor_by_id** — Update a specific Trust Center subprocessor in Vanta. Requires slug_id and id. Returns id, name, description, location, purpose, and url fields for the updated subprocessor in the response. - **delete_a_vanta_trust_center_subprocessor_by_id** — Delete a specific subprocessor from a Trust Center in Vanta. Requires slug_id and id. Returns no content (204) in the response upon successful deletion. - **list_all_vanta_trust_center_updates** — List updates for a Trust Center in Vanta. Requires slug_id. Returns id, title, description, category, creationDate, updatedDate, visibilityType, and notifiedEmails for each update. - **get_single_vanta_trust_center_update_by_id** — Get a specific Trust Center update in Vanta using slug_id and id. Returns id, title, description, category, creationDate, updatedDate, visibilityType, and notifiedEmails in the response. - **create_a_vanta_trust_center_update** — Create a Trust Center update in Vanta for a specified slug_id. Returns id, title, description, category, creationDate, updatedDate, visibilityType, and notifiedEmails in the response. - **update_a_vanta_trust_center_update_by_id** — Update a Trust Center update in Vanta. Requires slug_id and id. Returns id, title, description, category, creationDate, updatedDate, visibilityType, and notifiedEmails fields in the response. - **delete_a_vanta_trust_center_update_by_id** — Delete a Trust Center update in Vanta. Requires slug_id and id. No content is returned in the response. - **vanta_trust_center_updates_notify_all_subscribers** — Send notifications for a specific trust-center-updates resource in Vanta. Requires slug_id and id. No content is returned in the response. - **list_all_vanta_trust_center_viewers** — List Trust Center viewers in Vanta for a given slug_id. Returns id, email, name, companyName, resourceIds, accessLevel, ndaInfo, externalServiceAssociations, creationDate, updatedDate, expirationDate, and addedByUser for each viewer. - **get_single_vanta_trust_center_viewer_by_id** — Get a Trust Center viewer in Vanta by slug_id and id. Returns id, email, name, companyName, resourceIds, accessLevel, ndaInfo, externalServiceAssociations, creationDate, updatedDate, expirationDate, and addedByUser fields. - **create_a_vanta_trust_center_viewer** — Add a Trust Center viewer in Vanta. Requires slug_id, email, name, companyName, isNdaRequired, and accessLevel. Returns id, email, name, companyName, resourceIds, accessLevel, ndaInfo, externalServiceAssociations, creationDate, updatedDate, expirationDate, and addedByUser. - **delete_a_vanta_trust_center_viewer_by_id** — Remove a viewer from a Trust Center in Vanta. Requires slug_id for the Trust Center and id for the viewer. No content is returned in the response. - **list_all_vanta_trust_center_subscribers** — List Trust Center subscribers in Vanta using slug_id. Returns fields id (subscriber identifier), email, isEmailVerified (verification status), and creationDate (subscriber creation date) for each subscriber. - **get_single_vanta_trust_center_subscriber_by_id** — Get a specific Trust Center subscriber in Vanta using slug_id and id. Returns id, email, isEmailVerified, and creationDate fields in the response. - **create_a_vanta_trust_center_subscriber** — Create a Trust Center subscriber in Vanta. Requires slug_id and email. Returns id, email, isEmailVerified (whether the email is verified), and creationDate (subscriber creation timestamp) in the response. - **delete_a_vanta_trust_center_subscriber_by_id** — Delete a Trust Center subscriber in Vanta. Requires slug_id and id. Returns no content in the response. - **list_all_vanta_trust_center_subscriber_groups** — List Trust Center subscriber groups in Vanta by slug_id. Returns id, name, subscriberIds, and creationDate for each group in the response. - **get_single_vanta_trust_center_subscriber_group_by_id** — Get a specific Trust Center subscriber group in Vanta. Requires slug_id and id. Returns id, name, subscriberIds, and creationDate to identify the group, its subscribers, and when it was created. - **create_a_vanta_trust_center_subscriber_group** — Create a Trust Center subscriber group in Vanta using slug_id. Returns id, name, subscriberIds, and creationDate for the new subscriber group. - **delete_a_vanta_trust_center_subscriber_group_by_id** — Delete a Trust Center subscriber group in Vanta. Requires slug_id and id. No content is returned in the response. - **list_all_vanta_endpoint_vulnerabilities_connectors** — List API Endpoint Vulnerabilities in Vanta for the specified resource_id. Returns displayName, uniqueId, externalUrl, occurrences, severity, vulnerableComponentUniqueId, description, remediationInstructions, url, and httpMethod fields in the response. - **vanta_endpoint_vulnerabilities_connectors_sync_all** — Sync all API Endpoint Vulnerabilities in Vanta. Requires resourceId and resources. Replaces all existing resources for the given app and source_id. Response returns success indicating operation status. Must sync VulnerableComponent resources first. - **list_all_vanta_custom_resources** — List all custom-resources in Vanta for a given resource_id. Returns displayName, uniqueId, and externalUrl for each resource in the response. - **vanta_custom_resources_sync_all** — Sync all Custom Resources in Vanta by providing resourceId and resources. This operation replaces ALL existing custom resources for the given resourceId. Returns success indicating if the sync was successful. - **list_all_vanta_macos_user_computers** — List MacOS User Computers in Vanta for a specified resource_id. Returns displayName, uniqueId, externalUrl, collectedTimestamp, osName, osVersion, hardwareUuid, serialNumber, applications, browserExtensions, drives, users, systemScreenlockPolicies, isManaged, and autoUpdatesEnabled for each computer. - **vanta_macos_user_computers_sync_all** — Sync all macOS user computers in Vanta. Requires resourceId and resources. This replaces all existing MacosUserComputer resources for the given app and source; missing resources will be deleted. Returns success indicating sync status. - **list_all_vanta_package_vulnerabilities** — List package vulnerabilities in Vanta. Requires resourceId. Returns displayName, uniqueId, externalUrl, packageName, packageVersion, severity, vulnerableComponentUniqueId, description, isResolvable, and remediationInstructions for each vulnerability. - **vanta_package_vulnerabilities_sync** — Sync all package-vulnerabilities in Vanta. Requires resourceId and resources. Must first sync VulnerableComponent resources and reference their uniqueId. Response returns success indicating sync status. All previous resources are replaced. - **list_all_vanta_secrets** — List secrets in Vanta for the given resourceId. Returns displayName, uniqueId, externalUrl, name, description, createdTimestamp, creator, owner, updatedTimestamp, lastAccessedTimestamp, and expiresTimestamp for each secret. Requires resourceId. - **vanta_secrets_sync_all** — Sync all secrets in Vanta. Requires resourceId and resources array with details such as displayName, uniqueId, externalUrl, name, description, createdTimestamp, creator, and owner. Updates all existing secrets. Returns success indicating sync status. - **list_all_vanta_static_code_vulnerability_connectors** — List all static-code-vulnerability-connectors in Vanta. Requires resourceId. Returns displayName, uniqueId, externalUrl, occurrences, severity, confidence, isResolvable, vulnerableComponentUniqueId, description, remediationInstructions, cveId, cvss3Vector, and cvss3Score for each vulnerability. - **vanta_static_code_vulnerability_connectors_sync_all** — Sync all Static Code Analysis Vulnerabilities in Vanta. Requires resourceId and resources. Returns success indicating if the sync operation was successful. Must sync VulnerableComponent resources first; references to vulnerableComponentUniqueId must be valid. - **list_all_vanta_user_accounts** — List user accounts in Vanta for a specific resource_id. Returns displayName, uniqueId, externalUrl, fullName, accountName, email, permissionLevel, createdTimestamp, status, mfaEnabled, mfaMethods, authMethod, and other fields for each account. - **vanta_user_accounts_sync_all** — Sync all user-accounts in Vanta. Requires resourceId and resources. The response returns the success status indicating if user-accounts were synced. All existing user-accounts for the app and source will be replaced. - **list_all_vanta_user_security_training_statuses** — List user security training statuses in Vanta. Requires resource_id. Returns displayName, uniqueId, externalUrl, trainingId, trainingName, frameworksFulfilled, traineeFullName, traineeAccountName, traineeEmail, status, trainingCreatedTimestamp, trainingDueTimestamp, and trainingCompletedTimestamp for each user. - **vanta_user_security_training_statuses_sync_all** — Sync all user security training statuses in Vanta. Requires resourceId and resources. Replaces all existing user security training statuses for the app and source_id. Returns success indicating sync status. - **list_all_vanta_vulnerable_components** — List all vulnerable-components in Vanta for a given resource_id. Returns displayName, uniqueId, externalUrl, collectedTimestamp, name, description, and targetType fields in the response. - **vanta_vulnerable_components_sync** — Sync all vulnerable-components in Vanta. Requires resourceId and resources. The call replaces all existing resources for the given app and source_id. Returns success boolean indicating if the operation was successful. - **list_all_vanta_windows_user_computers** — List all Windows User Computers in Vanta for a given resource_id. Returns displayName, uniqueId, externalUrl, collectedTimestamp, osName, osVersion, hardwareUuid, serialNumber, and other computer properties for each computer. - **vanta_windows_user_computers_sync_all** — Sync all Windows User Computers in Vanta. Requires resourceId and resources. Returns success indicating whether Windows User Computers were synced for the integration. - **list_all_vanta_audits** — List audits in Vanta. Returns a paginated list with fields: id (audit identifier), customerOrganizationName, customerDisplayName, customerOrganizationId, audit window dates, framework, auditor details, creation and completion timestamps, and auditFocus. - **list_all_vanta_audit_comments** — List audit comments in Vanta. Requires audit_id. Returns id, auditEvidenceId, text, creationDate, modificationDate, deletionDate, and email for each comment. - **list_all_vanta_audit_controls** — List audit-controls for a specific audit in Vanta. Requires audit_id. Returns id, externalId, name, description, source, domains, owner, role, customFields, framework, and sections for each audit-control. - **list_all_vanta_audit_evidence** — List audit evidence for a specific audit in Vanta. Requires audit_id. Returns fields such as id, externalId, status, name, creationDate, deletionDate, statusUpdatedDate, testStatus, evidenceType, evidenceId, relatedControls, and description for each evidence. - **update_a_vanta_audit_evidence_by_id** — Update audit evidence in Vanta. Requires audit_id and id. Returns id (Vanta reference), externalId (UUID mapping), status (current evidence status), name, deletionDate, creationDate, statusUpdatedDate, testStatus, evidenceType, evidenceId, relatedControls, and description fields in the response. - **list_all_vanta_audit_evidence_url** — List all evidence urls for a specific audit evidence in Vanta. Requires audit_id and audit_evidence_id. Returns id (evidence reference), url (pre-signed S3 URL), filename, and isDownloadable fields in the response. - **list_all_vanta_audit_monitored_computers** — List monitored computers in Vanta for a specified audit_id. Returns id, integrationId, lastCheckDate, screenlock, diskEncryption, passwordManager, antivirusInstallation, operatingSystem, owner, serialNumber, and udid fields in the response. - **list_all_vanta_audit_people** — List people in scope for a specific audit in Vanta. Requires audit_id. Returns fields: id, emailAddress, employment details (status, startDate, endDate, jobTitle), leaveInfo, groupIds, name, sources of info, and tasksSummary for each person. - **list_all_vanta_audit_vulnerability_remediations** — List vulnerability remediations in Vanta for a specific audit. Requires audit_id. Returns id, vulnerabilityId, vulnerableAssetId, severity, detectedDate, slaDeadlineDate, and remediationDate for each remediation. - **list_all_vanta_audit_vulnerable_assets** — List assets associated with vulnerabilities in Vanta for an audit. Requires audit_id. Returns fields including id, name, assetType, hasBeenScanned, imageScanTag, and scanners array with scanner details for each asset. - **list_all_vanta_audit_vulnerabilities** — List vulnerabilities within the scope of a given audit in Vanta. Requires audit_id. Returns an array of vulnerabilities with fields including id, name, description, integrationId, packageIdentifier, vulnerabilityType, targetId, detection dates, severity, scores, isFixable, remediateByDate, relatedVulns, relatedUrls, externalURL, scanSource, and deactivateMetadata. - **list_all_vanta_audit_vendors** — List vendors in scope for a specific audit in Vanta. Requires audit_id. Returns id, name, websiteUrl, accountManagerName, accountManagerEmail, servicesProvided, additionalNotes, key contract and security fields for each vendor. - **create_a_vanta_auditor** — Create an auditor in Vanta by providing email, givenName, and familyName. Returns id, organizationId, email, givenName, and familyName fields in the response. - **create_a_vanta_group_person** — Add a person to a group in Vanta. Requires group_id and id. Returns fields such as id, emailAddress, employment (status, startDate, jobTitle, endDate), leaveInfo, groupIds, name (first, last, display), sources, and tasksSummary with task details in the response. - **delete_a_vanta_group_person_by_id** — Remove a person from a group in Vanta. Requires group_id and id. Returns id, emailAddress, employment, leaveInfo, groupIds, name, sources, and tasksSummary fields for the person in the response. - **list_all_vanta_historical_access_requests** — List historical access requests for a Trust Center in Vanta. Requires slug_id. Returns id, email, name, companyName, reason, requestedResources, accessLevel, creationDate, updatedDate, and outcome for each request. - **list_all_vanta_background_checks** — List all background checks in Vanta for the specified resource_id. Returns resources with displayName, uniqueId, externalUrl, fullName, email, status, and optional completionDate fields in the response. - **vanta_background_checks_sync_all** — Sync all background-checks resources in Vanta. Requires resourceId and resources with displayName, uniqueId, externalUrl, fullName, email, and status. Returns success indicating if the background checks were synced. ## How it works 1. **Link your customer's Vanta account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Vanta.** The Proxy API is a 1-to-1 mapping of the Vanta API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Push vulnerability scan results into Vanta for automated SLA tracking** — Security scanning platforms can sync discovered package vulnerabilities, static code issues, endpoint vulnerabilities, and secrets directly into Vanta using bulk sync endpoints. This lets mutual customers track remediation SLAs natively in Vanta without manual imports. - **Sync employee identity and access data for continuous compliance monitoring** — HR platforms and IAM tools can push user accounts, group memberships, background check statuses, and security training completions into Vanta. This automates SOC 2 and ISO 27001 controls around onboarding, offboarding, and access reviews without CSV exports or screenshots. - **Automate device compliance reporting from endpoint management tools** — MDM and endpoint security platforms can sync macOS and Windows computer states into Vanta, enabling continuous verification of disk encryption, screen lock policies, and antivirus presence across the fleet. - **Export failing tests and vulnerabilities into external ticketing systems** — ITSM and project management tools can pull Vanta test results, failing test entities, and open vulnerabilities to auto-generate engineering tickets, keeping remediation workflows in the tools developers already use. - **Programmatically manage Trust Center access for sales enablement** — CRM and deal-room platforms can approve or deny Trust Center access requests, manage viewers and subscribers, and publish updates — letting sales teams share compliance documentation with prospects without leaving their workflow. ## What you can build - **Real-time vulnerability sync pipeline** — Automatically push package vulnerabilities, endpoint vulnerabilities, static code findings, and leaked secrets into Vanta via sync_all endpoints so remediation SLAs start tracking the moment an issue is detected. - **Automated employee compliance lifecycle** — Sync user accounts, background check results, security training statuses, and group memberships into Vanta so that hiring, training completion, and offboarding events are reflected in compliance controls instantly. - **Bidirectional control and evidence management** — Create, update, and delete controls, attach control documents, link tests to controls, and upload audit evidence programmatically — turning your product into a compliance evidence source Vanta auditors can trust. - **Trust Center self-service portal** — Build a branded interface where prospects request access, get auto-approved or denied via the API, and browse FAQs, subprocessors, control categories, and downloadable resources — all managed from your product. - **Vendor risk and third-party management dashboard** — Create vendors, attach vendor documents, manage security reviews, log vendor findings, and convert discovered vendors into managed vendors — giving your users a single pane for third-party risk inside your app. - **Fleet compliance monitoring for endpoint managers** — Sync macOS and Windows computer inventories into Vanta's monitored computers list so that device encryption, OS patching, and agent installation status are continuously validated against compliance frameworks. ## FAQs ### What authentication method does the Vanta integration use through Truto? Truto handles OAuth-based authentication for Vanta. Your end users connect their Vanta accounts through Truto's embedded auth flow, and Truto manages token refresh and credential storage so you never handle secrets directly. ### How does the 'sync_all' pattern work for pushing data into Vanta? Vanta uses a declarative sync model. Endpoints like vanta_user_accounts_sync_all or vanta_package_vulnerabilities_sync accept the full current state of your data. Vanta diffs it against the previous sync to determine additions, updates, and removals — no need to track individual change events. ### Can I read and write controls, documents, and evidence for audit preparation? Yes. The integration supports full CRUD on controls, control documents, control tests, and documents. You can also upload document files, submit documents for review, create audit evidence, and manage document links and owners programmatically. ### Which compliance frameworks can I query through the API? You can list all frameworks a Vanta account has enabled, retrieve individual frameworks by ID, and list the controls mapped to each framework using the list_all_vanta_framework_controls endpoint. ### Does Truto handle pagination and rate limiting for the Vanta API? Yes. Truto abstracts away Vanta's pagination mechanics and manages rate limit backoff automatically, so your code receives complete result sets without implementing retry logic or cursor management. ### Can I manage people, groups, and access through the Unified User Directory API? Truto maps Vanta's people and groups endpoints to the Unified User Directory API. You can list, retrieve, update, and delete people, manage group memberships, set employee leave status, and mark employees as specific roles — all through a standardized schema.