List all vendors
GET /vendors/all
Returns all vendors in the directory. Requires a valid user token.
Get a vendor
GET /vendor/{id_or_name}
Returns a vendor profile by UUID or canonical name.
latest_grc_assessment — the aggregate and per-domain scores, integration depth, recommendation, evidence summaries, and source citations. See Risk scoring.
Get a vendor’s security instances
GET /vendor/{id_or_name}/security-instances
Returns security-related instances (findings and signals) for the vendor.
Admin: enrichment & manual edits
POST /vendor/... (enrichment)
Runs enrichment for one or more vendors. Body includes
vendors (names), optional enrichmentSections (basic, additional, maturity, security, privacy, logo, scores), and options like createOnly. Omitting enrichmentSections runs the full pipeline.PATCH /vendor/{id_or_name}
Applies a partial, manual update (no model calls) to whitelisted profile, security, privacy, and business-maturity fields.
POST /vendors/incident-backfill
Backfills historical incidents for vendors. Returns
202 with a run_id.DELETE /vendor/{id_or_name}
Removes a vendor profile and related rows. Does not remove global directory entries or customer list memberships.
For most integrations you only need the read endpoints. Enrichment runs automatically when vendors are added through a vendor list.
