This reference lists the main objects in the VendexLabs data model and their most important fields. Field availability can depend on your role and on whether a vendor has been fully enriched.
Account
The organization that owns lists, assessments, and members.
| Field | Type | Notes |
|---|
id | uuid | |
name | string | Unique |
active | boolean | |
plan_tier | string | e.g. community |
vendor_limit | integer | Tracked-vendor cap for the plan |
assessment_expiry_alert_lead_days | integer | Days before expiry to start reminding |
internal_email_domains | string[] | Domains treated as internal |
User & membership
| Object | Field | Notes |
|---|
User | id, email, name, onboarded | Global user |
AccountUser | account, user, role | Role: owner | admin | member | viewer |
Vendor & profile
| Object | Field | Notes |
|---|
Vendor | id, name, website_url | Global directory entry |
VendorProduct | id, vendor, name, source | source: enriched | custom |
VendorProfile | id, vendor, industry, company_description, founded_year, employee_count | Enriched dossier |
VendorProfile | security_rating, risk_score, risk_categories, breach_history | Scores; security_rating higher is better, risk_score = 100 − adjusted |
VendorProfile | data_collected, website_url, headquarters_location | |
GRC assessment (scoring)
VendorGrcAssessment — a scoring snapshot.
| Field | Type | Notes |
|---|
assessed_at | datetime | |
vendor_category | string | Category used for scoring |
integration_depth | string | DEEP | MODERATE | LIGHT |
raw_score | integer | Aggregate (sum of domain points) |
adjusted_score | integer | After integration-depth adjustment |
risk_tier | string | e.g. Low |
recommendation | string | Approve | Conditional | Do Not Approve |
floor_rules_triggered | array | Guardrail rules that fired |
Vendor list & membership
| Object | Field | Notes |
|---|
VendorList | id, name, account | master-list by default |
VendorListVendor | vendor_list, vendor, vendor_product | Membership |
VendorListVendor | alerts_enabled, dependency_tier | Tier drives portfolio weighting |
Assessment
VendorAssessment — your review record.
| Field | Type | Notes |
|---|
compliance_approval_status | enum | not-started, in-progress, on-hold, approved, conditional approval, rejected |
conditional_approval_condition | string | For conditional approvals |
sponsor_business_department | string | |
sponsor_contact | string | |
notify_sponsor_on_update | boolean | |
security_comment | string | |
compliance_comment | string | |
compliance_contact | string | |
submission_date | date | |
approval_date | date | |
data_collected | string[] | Data categories |
use_case | string | |
Related objects: VendorAssessmentDocument (evidence: name, document_type, s3_key, file_size, expiration_date) and VendorAssessmentLogs (audit entries: field, old_value, new_value, submitted_by, event_id).
History snapshots
| Object | Purpose |
|---|
VendorProfileGrcMonthly | Frozen monthly aggregate per vendor (year_month, raw_score) |
VendorListPostureMonthly | Monthly tier-weighted list posture (overall_posture) |
This is a working reference, not an exhaustive schema. Field names follow the objects returned by the API; see the endpoint pages for request/response specifics.