Vendors API
Third-party vendor risk management โ track vendors, run assessments, manage questionnaires, and map data flows. All endpoints require JWT authentication.
Vendor CRUD
POST
/api/v1/vendors ๐
Add a new vendor to your inventory.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Vendor name |
category | string | No | Vendor category (e.g. cloud, analytics, payments) |
website | string | No | Vendor website |
contactEmail | string | No | Vendor contact |
dataTypes | string[] | No | Types of data shared with vendor |
riskLevel | string | No | low, medium, high, critical |
curl -X POST https://api.privabase.com/api/v1/vendors \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "AWS",
"category": "cloud",
"website": "https://aws.amazon.com",
"dataTypes": ["personal_data", "usage_data"],
"riskLevel": "high"
}'
GET
/api/v1/vendors ๐
List all vendors.
GET
/api/v1/vendors/:id ๐
Get vendor details including assessments and risk score.
PUT
/api/v1/vendors/:id ๐
Update vendor information.
DELETE
/api/v1/vendors/:id ๐
Remove a vendor from your inventory.
Questionnaires
GET
/api/v1/vendors/questionnaire-templates ๐
List available vendor assessment questionnaire templates.
GET
/api/v1/vendors/questionnaire-templates/:id ๐
Get a specific questionnaire template with all questions.
POST
/api/v1/vendors/:id/assessments ๐
Start a new vendor assessment using a questionnaire template.
Request Body
{ "templateId": "template-uuid", "dueDate": "2026-04-15" }
GET
/api/v1/vendors/:id/assessments ๐
List assessments for a vendor.
PUT
/api/v1/vendors/:id/assessments/:assessmentId ๐
Update assessment responses.
POST
/api/v1/vendors/:id/assessments/:assessmentId/send ๐
Send an assessment questionnaire to the vendor for self-assessment.
POST
/api/v1/vendors/:id/assessments/:assessmentId/score ๐
Score a completed assessment and generate a risk rating.
Data Flows
POST
/api/v1/vendors/flows ๐
Create a data flow mapping โ track what data goes to which vendor and why.
Request Body
{
"vendorId": "vendor-uuid",
"dataTypes": ["email", "name", "usage_data"],
"purpose": "Analytics and user tracking",
"legalBasis": "legitimate-interest",
"transferMechanism": "standard-contractual-clauses"
}
GET
/api/v1/vendors/flows ๐
List all data flow mappings.
PUT
/api/v1/vendors/flows/:flowId ๐
Update a data flow mapping.
DELETE
/api/v1/vendors/flows/:flowId ๐
Delete a data flow mapping.