x-cpod-domain: vendor
Vendor
Vendor lifecycle — scorecards, certifications, insurance, contacts, onboarding.
Try in explorer
client.vendorScorecard
A periodic performance scorecard for a vendor.
REST path
/api/v1/vendor/scorecardsOperations
listgetcreateupdatedeleteSDK
// list — returns only your records; add filters/search:
await client.vendor.scorecards.list()
// create:
await client.vendor.scorecards.create({
id: "rec_01HXEXAMPLE",
tenant_id: "example tenant_id",
created_at: "2026-01-01T00:00:00Z",
updated_at: "2026-01-01T00:00:00Z",
vendor_id: "example vendor_id",
period: "example period",
})| Field | Type | Description |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | Where the write originated. Defaults to 'api'.frontendbackendserversystemapi |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| vendor_id* | string | Id of the vendor this scorecard rates (e.g. 'sup_01HXABC'). |
| period* | string | Review period this scorecard covers (e.g. '2026-Q2'). |
| overall_score | number | Composite score across all dimensions (e.g. 85). |
| quality_score | number | Quality dimension score (e.g. 90). |
| delivery_score | number | On-time delivery dimension score (e.g. 80). |
| responsiveness | number | Responsiveness dimension score (e.g. 85). |
| notes | string | Free-form reviewer notes. |
| reviewer_id | uuid | Id of the user who authored this scorecard (e.g. 'usr_01HXABC'). |
| status | enum | Lifecycle status. Defaults to 'draft'.draftsubmittedapproved |
Certification
A compliance or security certification held by a vendor.
REST path
/api/v1/vendor/certificationsOperations
listgetcreateupdatedeleteSDK
// list — returns only your records; add filters/search:
await client.vendor.certifications.list()
// create:
await client.vendor.certifications.create({
id: "rec_01HXEXAMPLE",
tenant_id: "example tenant_id",
created_at: "2026-01-01T00:00:00Z",
updated_at: "2026-01-01T00:00:00Z",
vendor_id: "example vendor_id",
type: "soc2_type1",
})| Field | Type | Description |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | Where the write originated. Defaults to 'api'.frontendbackendserversystemapi |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| vendor_id* | string | Id of the vendor that holds this certification (e.g. 'sup_01HXABC'). |
| type* | enum | Certification type.soc2_type1soc2_type2iso27001iso9001iso14001hipaapci_dssfedramphitrustgdprother |
| status | enum | Certification status. Defaults to 'current'.currentexpiredin_progressnot_applicablerevoked |
| issued_date | date-time | ISO 8601 date the certification was issued. |
| expiration_date | date-time | ISO 8601 date the certification expires. |
| auditor | string | Auditor or certifying body (e.g. 'Deloitte'). |
| scope | string | Scope covered by the certification (e.g. 'All production services'). |
| findings | string | Summary of audit findings. |
| qualified_opinion | boolean | Whether the audit resulted in a qualified opinion. Defaults to false. |
| document_url | string | URL of the certification document. |
| verified_at | date-time | When the certification was last verified. |
Insurance
An insurance policy carried by a vendor.
REST path
/api/v1/vendor/insuranceOperations
listgetcreateupdatedeleteSDK
// list — returns only your records; add filters/search:
await client.vendor.insurance.list()
// create:
await client.vendor.insurance.create({
id: "rec_01HXEXAMPLE",
tenant_id: "example tenant_id",
created_at: "2026-01-01T00:00:00Z",
updated_at: "2026-01-01T00:00:00Z",
vendor_id: "example vendor_id",
type: "general_liability",
})| Field | Type | Description |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | Where the write originated. Defaults to 'api'.frontendbackendserversystemapi |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| vendor_id* | string | Id of the vendor that carries this policy (e.g. 'sup_01HXABC'). |
| type* | enum | Insurance coverage type.general_liabilityprofessional_liabilitycyberworkers_compeplpropertyother |
| carrier | string | Insurance carrier (e.g. 'AIG'). |
| policy_number | string | Policy number (e.g. 'POL-2026-12345'). |
| coverage_amount | number | Coverage limit (e.g. 5000000). |
| effective_date | date-time | ISO 8601 policy effective date. |
| expiration_date | date-time | ISO 8601 policy expiration date. |
| status | enum | Policy status. Defaults to 'active'.activeexpiredpendingcancelled |
| document_url | string | URL of the certificate of insurance. |
Contact
A point of contact at a vendor.
REST path
/api/v1/vendor/contactsOperations
listgetcreateupdatedeleteSDK
// list — returns only your records; add filters/search:
await client.vendor.contacts.list()
// create:
await client.vendor.contacts.create({
id: "rec_01HXEXAMPLE",
tenant_id: "example tenant_id",
created_at: "2026-01-01T00:00:00Z",
updated_at: "2026-01-01T00:00:00Z",
vendor_id: "example vendor_id",
name: "example name",
})| Field | Type | Description |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | Where the write originated. Defaults to 'api'.frontendbackendserversystemapi |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| vendor_id* | string | Id of the vendor this contact belongs to (e.g. 'sup_01HXABC'). |
| name* | string | Contact full name (e.g. 'John Doe'). |
| Contact email (e.g. 'john@vendor.com'). | ||
| phone | string | Contact phone number (e.g. '+1-555-0123'). |
| role | string | Contact role or title (e.g. 'Account Manager'). |
| department | string | Department the contact works in (e.g. 'Sales'). |
| is_primary | boolean | Whether this is the primary contact for the vendor. Defaults to false. |
| status | enum | Contact status. Defaults to 'active'.activeinactive |
Onboarding
An onboarding workflow record for a vendor.
REST path
/api/v1/vendor/onboardingOperations
listgetcreateupdatedeleteSDK
// list — returns only your records; add filters/search:
await client.vendor.onboarding.list()
// create:
await client.vendor.onboarding.create({
id: "rec_01HXEXAMPLE",
tenant_id: "example tenant_id",
created_at: "2026-01-01T00:00:00Z",
updated_at: "2026-01-01T00:00:00Z",
vendor_id: "example vendor_id",
app_id: "example app_id",
})| Field | Type | Description |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | Where the write originated. Defaults to 'api'.frontendbackendserversystemapi |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| vendor_id* | string | Id of the vendor being onboarded (e.g. 'sup_01HXABC'). |
| status | enum | Onboarding status. Defaults to 'pending'.pendingin_progresscompletedcancelled |
| started_at | date-time | When onboarding started. |
| completed_at | date-time | When onboarding completed. |
| assignee_id | uuid | Id of the user driving onboarding (e.g. 'usr_01HXABC'). |
| steps_completed | json | Array of completed onboarding step identifiers. |
| current_step | string | Current step in the onboarding workflow (e.g. 'security_review'). |
| notes | string | Free-form onboarding notes. |
| priority | enum | Onboarding priority. Defaults to 'medium'.lowmediumhigh |