> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vendexlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Vendors

> Read the vendor directory and vendor profiles.

These endpoints read the vendor directory and individual vendor profiles. Reading is available to any authenticated user; creating and editing vendor *profiles* is a **platform-admin** operation, because profiles are global and shared across the platform.

## List all vendors

<ParamField path="GET /vendors/all">
  Returns all vendors in the directory. Requires a valid user token.
</ParamField>

```bash theme={null}
curl https://api.vendexlabs.com/vendors/all \
  -H "Authorization: Bearer <TOKEN>"
```

## Get a vendor

<ParamField path="GET /vendor/{id_or_name}">
  Returns a vendor profile by UUID or canonical name.
</ParamField>

```bash theme={null}
curl https://api.vendexlabs.com/vendor/1password \
  -H "Authorization: Bearer <TOKEN>"
```

The response includes the profile (company details, security posture, privacy, business maturity, scores) and, when available, the `latest_grc_assessment` — the aggregate and per-domain scores, integration depth, recommendation, evidence summaries, and source citations. See [Risk scoring](/concepts/risk-scoring).

## Get a vendor's security instances

<ParamField path="GET /vendor/{id_or_name}/security-instances">
  Returns security-related instances (findings and signals) for the vendor.
</ParamField>

## Admin: enrichment & manual edits

<Warning>
  The following require the platform **Admins** group, not just an organization role. They operate on global vendor data.
</Warning>

<ParamField path="POST /vendor/... (enrichment)">
  Runs enrichment for one or more vendors. Body includes `vendors` (names), optional `enrichmentSections` (`basic`, `additional`, `maturity`, `security`, `privacy`, `logo`, `scores`), and options like `createOnly`. Omitting `enrichmentSections` runs the full pipeline.
</ParamField>

<ParamField path="PATCH /vendor/{id_or_name}">
  Applies a partial, manual update (no model calls) to whitelisted profile, security, privacy, and business-maturity fields.
</ParamField>

<ParamField path="POST /vendors/incident-backfill">
  Backfills historical incidents for vendors. Returns `202` with a `run_id`.
</ParamField>

<ParamField path="DELETE /vendor/{id_or_name}">
  Removes a vendor profile and related rows. Does not remove global directory entries or customer list memberships.
</ParamField>

<Note>
  For most integrations you only need the read endpoints. Enrichment runs automatically when vendors are added through a [vendor list](/api/vendor-lists).
</Note>
