Google Vault API

Name: Google Vault API API
Brand: Google Vault API
Availability: InStock

✓ Official Vendor SpecSecurityComplianceoauth232 EndpointsREST

For Agents

Manage legal matters, holds, searches, and exports across Google Workspace so an agent can automate eDiscovery and retention workflows without manual console clicks.

Quickstart

Get started with Google Vault API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"create a vault matter and place a legal hold"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Google Vault API API.

Open and close matters that scope an eDiscovery investigation

Place legal holds on specific accounts or entire organizational units across Workspace services

Run domain-wide searches across Gmail, Drive, Chat, Voice, and Groups within a matter

Export held data with metadata for review in third-party eDiscovery platforms

GET STARTED

Start building with Google Vault API API

Explore with Jentic

View OpenAPI Document

Use Cases

Patterns agents use Google Vault API API for, with concrete tasks.

★ Departing Employee Legal Hold

When an employee departs under disputed circumstances, Workspace administrators automate a legal hold across the user's Gmail, Drive, and Chat data so messages and files cannot be permanently deleted. The Google Vault API creates a matter, attaches a hold scoped to the user account, and reports back when retention is in effect. This replaces a manual console workflow that typically takes a compliance analyst 20-30 minutes per departure.

Create a matter named Departure-Smith, place a hold on user smith@example.com covering MAIL and DRIVE, and confirm the hold is active

eDiscovery Search and Export

Legal teams responding to a litigation request use the Vault API to scope a search by custodian list, date range, and keyword query, then export the matching messages and files for outside counsel review. The API exposes the full lifecycle: create matter, add accounts to a hold, run a saved query, kick off an export, and poll until the export bundle is ready for download. Exports include metadata required for chain-of-custody documentation.

Create a matter, run a search for emails containing project-falcon between 2026-01-01 and 2026-03-31, and start an MBOX export

Compliance Audit Reporting

Compliance and security teams enumerate active matters and holds to produce monthly audits showing which custodians are under preservation. The Vault API returns matters paginated by state and exposes hold metadata including affected services, reducing audit prep from a multi-hour manual exercise to a scripted report. Combined with Workspace admin reporting, this gives a single source of truth for regulators.

List every matter in OPEN state, enumerate its holds, and write a CSV of custodian-to-service mappings

AI Agent Compliance Assistant

An AI agent integrated through Jentic responds to compliance prompts like 'preserve everything from user X for the next 90 days' by discovering the Vault hold operations via intent search, loading the relevant request schemas, and executing them with the right matter and account scope. Because Vault uses OAuth 2.0 with admin scopes, Jentic isolates the consent token in the MAXsystem vault so the agent never holds the raw credential.

Search Jentic for create a matter and place a hold, then chain those operations for a named user

Key Endpoints

32 endpoints — the google vault api provides programmatic retention and ediscovery for google workspace data including gmail, drive, chat, meet, voice, and groups.

METHOD

PATH

DESCRIPTION

POST

/v1/matters

Create a new eDiscovery matter

GET

/v1/matters

List matters filtered by state

POST

/v1/matters/{matterId}/holds

Add a hold to a matter

GET

/v1/matters/{matterId}/holds

List holds in a matter

POST

/v1/matters/{matterId}/exports

Start an export of held data

GET

/v1/matters/{matterId}/exports

List exports for a matter

POST

/v1/matters/{matterId}/savedQueries

Create a saved search query

POST

/v1/matters

Create a new eDiscovery matter

GET

/v1/matters

List matters filtered by state

POST

/v1/matters/{matterId}/holds

Add a hold to a matter

GET

/v1/matters/{matterId}/holds

List holds in a matter

POST

/v1/matters/{matterId}/exports

Start an export of held data

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Google Vault OAuth tokens with the ediscovery scope are stored encrypted in the Jentic vault (MAXsystem). Agents receive scoped access tokens — raw OAuth tokens never enter the agent's context, which matters because the ediscovery scope grants broad legal-hold powers.

Intent-based discovery

Agents search Jentic with natural-language intents like 'place a hold on a user' and Jentic returns the create-hold operation with its full input schema, including the corpus enum and accounts array, so the agent can construct a valid request without reading Google's discovery doc.

Time to first call

Direct Vault integration: 3-5 days for OAuth domain-wide delegation setup, scope review, and matter sharing logic. Through Jentic: under 1 hour — search, load schema, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Admin SDK API

Manage the Workspace users and org units that Vault holds and searches operate against

Choose Admin SDK when an agent needs to enumerate or modify the user accounts before scoping a Vault hold.

Complementary

Google Drive API

Access live Drive content; Vault preserves and exports a frozen copy for compliance

Choose Drive when an agent needs to read or modify current files; choose Vault when the requirement is preservation, hold, or export.

Complementary

Sensitive Data Protection (DLP) API

Classify and redact sensitive data discovered during a Vault export

Choose DLP when an exported corpus needs PII or PHI scanning before being shared with reviewers.

Complementary

Gmail API

Direct access to mailbox contents that Vault holds preserve

Choose Gmail for live mailbox automation; choose Vault for retention, legal hold, and discovery export workflows.

FAQs

Specific to using Google Vault API API through Jentic.

What authentication does the Google Vault API use?

The Google Vault API uses OAuth 2.0 with the ediscovery scope family (https://www.googleapis.com/auth/ediscovery and ediscovery.readonly). Through Jentic, the OAuth token is stored encrypted in the MAXsystem vault and only a scoped reference is exposed to the agent at execution time.

Can I place a legal hold on a Workspace user with the Google Vault API?

Yes. Use POST /v1/matters/{matterId}/holds with a corpus of MAIL, DRIVE, GROUPS, HANGOUTS_CHAT, or VOICE and an accounts list. The same endpoint accepts an orgUnit object to hold an entire organizational unit instead of named accounts.

What are the rate limits for the Google Vault API?

Vault uses standard Workspace per-project quotas with a default of around 1,500 requests per minute per project. Long-running operations like exports do not count against per-minute quotas but are bounded by daily export size limits documented in the Vault admin help center.

How do I run an eDiscovery export through Jentic with the Google Vault API?

Install Jentic with pip install jentic, search for create vault export, load the schema for POST /v1/matters/{matterId}/exports, then execute with the matter ID, query, and export format (MBOX, PST, or individual files for Drive). Poll GET /v1/matters/{matterId}/exports/{exportId} until status is COMPLETED to retrieve the download URLs.

Does the Google Vault API support exporting Drive and Chat data, not just Gmail?

Yes. The corpus field on a search or hold accepts MAIL, DRIVE, GROUPS, HANGOUTS_CHAT, and VOICE. Exports return data in service-specific formats — MBOX or PST for mail, individual files plus metadata for Drive, and Chat conversation archives.

Why does my Vault API call return PERMISSION_DENIED even with a valid token?

Vault enforces matter-level access on top of OAuth scopes. The authenticated account must either own the matter, have it shared, or hold the View All Matters privilege at the Workspace admin level. Share the matter with the service account or grant the privilege in the admin console.