> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vendexlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Assessments

> Create and update assessments, manage evidence, and read the audit log.

These endpoints manage assessments — your organization's review records — plus their evidence documents and audit log. All routes take an `account-id` and a `vendor-list-id`. Reads require **viewer**; writes require **member** or above.

Base path prefix: `/vendor-assessments`.

## Get assessments

<ParamField path="GET /vendor-assessments?account-id={uuid}&vendor-list-id={listId}">
  Returns all saved assessments for the list. Add `vendor-id`, `vendor-profile-id`, or `assessment-id` to narrow the result.
</ParamField>

## Create or update an assessment

<ParamField path="POST | PUT /vendor-assessments?account-id={uuid}&vendor-list-id={listId}">
  Upserts an assessment. Identify the vendor via query or body (`vendor_id`, `vendor_profile_id`, or `vendor_name`).
</ParamField>

```json theme={null}
{
  "vendor_name": "1Password",
  "compliance_approval_status": "approved",
  "sponsor_business_department": "Cybersecurity",
  "sponsor_contact": "sponsor@yourco.com",
  "use_case": "Manage employee passwords",
  "data_collected": ["name", "phone"],
  "compliance_comment": "Reviewed SOC 2; approved."
}
```

Valid `compliance_approval_status` values: `not-started`, `in-progress`, `on-hold`, `approved`, `conditional approval`, `rejected`. For conditional approvals, include `conditional_approval_condition`.

## Delete an assessment

<ParamField path="DELETE /vendor-assessments?account-id={uuid}&assessment-id={id}">
  Deletes an assessment. `assessment-id` is preferred; `vendor-id` / `vendor-profile-id` are also supported.
</ParamField>

## Evidence documents

<ParamField path="GET /vendor-assessments/documents">
  Lists documents attached to an assessment.
</ParamField>

<ParamField path="GET /vendor-assessments/documents/upload-url">
  Returns a presigned upload URL (member+). Upload the file directly, then it's attached to the assessment.
</ParamField>

<ParamField path="GET /vendor-assessments/documents/download-url">
  Returns a presigned download URL for a document.
</ParamField>

<ParamField path="DELETE /vendor-assessments/documents?document-id={id}">
  Removes a document.
</ParamField>

## Audit log

<ParamField path="GET /vendor-assessments/audit-log?assessment-id={id}&page={n}&limit={n}">
  Returns the approval audit for an assessment.
</ParamField>

The response groups related field changes from a single save into one `event` (`event_id`, `created_at`, `submitted_by`, `changes`), giving you a clean, event-level history. A flattened `logs` list is also returned for compatibility.
