Create an API token in the Vanta dashboard under Integrations or Developer Settings; store it as YOUR_TOKEN in your secrets manager
Authenticate requests with the token in the Authorization header; consult the Vanta API documentation for the current base URL and authentication scheme as these may evolve
Identify the resource types and test IDs relevant to your compliance controls in the Vanta UI; each automated test or evidence item has a unique identifier used in API calls
Push evidence by calling the appropriate Vanta API endpoint for the resource type (for example, an endpoint accepting evidence payloads or test results); include timestamps, pass/fail status, and any supporting metadata required by the schema
Automate evidence collection by running your integration on a scheduled basis (daily or per-deployment) and submitting updated evidence so that Vanta always reflects the current state of controls
Verify that submitted evidence appears correctly in the Vanta UI under the relevant control and that the test status updates as expected after each push
Known gotchas
Vanta's API surface is smaller than its UI capabilities; some evidence types can only be provided through native integrations or manual uploads rather than the API — verify API coverage for your specific controls before designing an automated workflow
Evidence payloads must conform exactly to the expected schema; a missing required field will silently fail to update the control status in some API versions
Vanta's API versioning and endpoint structure may change as the product evolves; pin to a documented API version and monitor the changelog to avoid unexpected breakage
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp