Skip to main content
Vendor Document API
curl --request GET \
  --url https://api.pazy.io/v1.0/vendor/:id/documents

Authentication

All requests require an API key in the request headers. Headers: 
Authorization: Api-Key YOUR_API_KEY

Request

Content-Type: application/json

Path Parameters

ParameterTypeRequiredDescription
idstringYesThe unique identifier of the Vendor to retrieve

Code Examples

curl -X GET https://api.pazy.io/v1.0/vendor/vendor_identifier/documents \
  -H "Authorization: Api-Key YOUR_API_KEY"

Success Response

HTTP Status: 200 OK Response Fields:
FieldTypeDescription
okbooleanIndicates whether the request was successful
dataobjectContains the vendor document response data
data.vendorDocumentsarrayList of document entries associated with the vendor
data.vendorDocuments[].idstringThe unique identifier for the document
data.vendorDocuments[].createdOnstringThe date when the document entry was created (ISO 8601 format)
data.vendorDocuments[].namestringThe name of the document
data.vendorDocuments[].sizestringThe size of the document
data.vendorDocuments[].typestringThe type of the document. Like: GENERAL, PAN_CERTIFICATE, REIMBURSEMENT_ITEM
data.vendorDocuments[].extensionstringThe file extension of the document
data.vendorDocuments[].downloadUrlstringThe URL to download the document
data.vendorDocuments[].userobjectInformation about the user who made the comment
data.vendorDocuments[].user.idstringUnique identifier for the user
data.vendorDocuments[].user.namestringName of the user
data.contextobjectAdditional context for the document
data.context.countnumberThe total number of document

Response Example

{
  "ok": true,
  "data": {
    "vendorDocuments": [
      {
        "id": "6df61445-a081-4bb8-be61-ce758c7be89b.png",
        "name": "2.png",
        "size": "422141",
        "type": "GENERAL",
        "createdOn": "2026-03-28T08:12:25.088Z",
        "extension": "PNG",
        "downloadUrl": "https://app.pazy.io/v1.0/download/vendor?fileKey=6df61445-a081-4bb8-be61-ce758c7be89b.png",
        "user": {
          "id": "udEuCWNptqAF7881",
          "name": "John Doe"
        }
      }
    ],
    "context": {
      "count": 1
    }
  }
}

Error Responses

Missing Vendor ID

HTTP Status: 400 Bad Request 
{
  "ok": false,
  "error": {
    "code": "MISSING_REQUIRED_FIELD",
    "message": "Vendor ID is required"
  }
}

Vendor Not Found

HTTP Status: 404 Not Found 
{
  "ok": false,
  "error": {
    "code": "VENDOR_NOT_FOUND",
    "message": "Vendor not found"
  }
}

Access Denied

HTTP Status: 403 Forbidden 
{
  "ok": false,
  "error": {
    "code": "ACCESS_DENIED",
    "message": "Access denied: You can only view your own vendors or vendors where you are the vendor owner"
  }
}

Authentication Errors

HTTP Status: 401 Unauthorized 
{
  "ok": false,
  "error": {
    "code": "MISSING_CREDENTIALS",
    "message": "Missing Credentials"
  }
}

{
  "ok": false,
  "error": {
    "code": "INVALID_API_KEY",
    "message": "Invalid API Key"
  }
}

Permission Errors

HTTP Status: 403 Forbidden 
{
  "ok": false,
  "error": {
    "code": "INSUFFICIENT_PERMISSIONS",
    "message": "Permission check failed - PERMISSION_CHECK_FAILED"
  }
}

Best Practices

Access Control

  • Only vendors you created or where you are the vendor owner are accessible (unless you have admin or auditor role)
  • Use the vendor id returned from the vendor creation endpoint to retrieve document