Public API updates for vendor reviews and questionnaire tracking

Customers using Drata's Public API for vendor management can now automate more of the vendor review lifecycle without falling back to manual UI checks and workarounds.

What's New

• Trust Center URL: trustCenterUrl is now writable on vendor create and update endpoints, making it possible to programmatically attach a Trust Center URL to a vendor profile.

• Vendor relation contact: vendorRelationshipContact.userId can now be set on vendor creation and update, so ownership can be assigned programmatically.

• List security reviews: A new security review list endpoint (GET /vendors/{vendorId}/security-reviews) makes it easier to track review state across vendors through the API.

• Questionnaire status: A questionnaire status endpoint (GET /vendors/:vendorId/security-reviews/:securityReviewId/security-questionnaires) returns completion state, recipient, and send date for questionnaires tied to a security review.

Notes

• The security review list endpoint supports cursor pagination, multi-value filters, and optional user expansion.

• vendorRelationContact: null clears the contact, and invalid userId values return a 400.

• These changes are backwards compatible.

Learn more in the Drata Developers API reference.