Home
Guides
Start typing to search…

Telemetry API


Vendor Statistics API Documentation

Overview

The Vendor Stats API retrieves comprehensive statistics, risk profiles, and compliance information for vendors within a specific organization and workspace. The endpoint supports both a high-level summary of all vendors and a deep-dive analysis for a specific vendor.

Endpoint

GET /0/organisation/{organisation_uuid}/workspaces/{workspace_uuid}/vendors_stats

Authentication

Requires organization-level authentication. Header: ORG-API-Key: <your_api_key>

Request Parameters

Path Parameters

  • organisation_uuid (UUID, required): The unique identifier of the organization.
  • workspace_uuid (UUID, required): The unique identifier of the workspace.

Query Parameters

  • vendor_uuid (UUID, optional): If provided, returns detailed stats for a single vendor. If omitted, returns a paginated list of all vendors in the workspace.
  • page (int, default: 1): Page number for pagination (ignored if vendor_uuid is provided).
  • page_size (int, default: 10): Number of vendors per page (ignored if vendor_uuid is provided).

Response Data Structure

Basic Information

  • vendor_uuid: Unique identifier for the vendor.
  • vendor_name: Name of the vendor.
  • domain: Vendor domain.
  • risk_score: Overall risk score (float, nullable).
  • risk_status: Current risk status.
  • status: Vendor status.
  • tier: Vendor tier classification.
  • outsourced: Boolean indicating if vendor is outsourced.
  • created_at: Vendor creation timestamp (ISO 8601).

Contacts

  • spocs: List of Single Point of Contacts (client) with name, email, and department.
  • pocs: List of Points of Contacts (vendor) with name, email.

Assessments

  • assessments: List of assessment forms including:
  • form_name, status, sent_date, due_date, score (nullable), and associated pocs (vendor emails).

KYC Documents

  • kyc_documents: List of compliance documents including:
  • document_type (e.g., "Privacy Policy", "SOC2 Report", "ISO 27001 Certificate").
  • is_present (Boolean).
  • expiry_date (nullable).

Risk Register

  • risk_counts_by_level: Counts by severity (critical, high, medium, low, minimal, not_applicable).
  • risk_counts_by_status: Counts by workflow status (open, closed, accepted, unknown).
  • risks: Detailed list of all risks including description, status, type, level, remediation, classification, citation, created_at, remark, and case_created (boolean).
  • cases: List of risks converted to cases with additional fields:
  • is_escalated, case_status, priority, assigned_to, due_date, notes, resolution_notes, mitigation_plan, escalation_reason, case_metadata, and case_created_at.

Usage Examples

Get Stats for a Single Vendor

curl -X GET \
  "https://api.redacto.io/vendor/api/0/organisation/{organisation_uuid}/workspaces/{workspace_uuid}/vendors_stats?vendor_uuid={vendor_uuid}" \
  -H "accept: application/json" \
  -H "ORG-API-Key: <org-api-key>"

Get Paginated List of All Vendors

curl -X GET \
  "https://api.redacto.io/vendor/api/0/organisation/{organisation_uuid}/workspaces/{workspace_uuid}/vendors_stats?page=1&page_size=20" \
  -H "accept: application/json" \
  -H "ORG-API-Key: <org-api-key>"

Error Responses

  • 400 Bad Request: Invalid vendor UUID or malformed request parameters.
  • 401 Unauthorized: Invalid or missing Organization API Key.
  • 500 Internal Server Error: A server-side error occurred.

Implementation Notes

  • Ordering: Vendors are returned in descending order by creation date (newest first).
  • Formatting: All date and timestamp fields are returned in ISO 8601 format.

Updated 13 days ago