This is a pretty complex topic.
Typically VR works in a "pull" mode. i.e., SN VR "pulls" the vulnerabilities from the scanner. SN VR pulls the vulnerabilities in a batch, attaches the batch as a file, and then processes the file through the VR framework.
At the very core of all this is the concept of a Configuration Item [cmdb_ci] and a Vulnerability [sn_vul_nvd_entry]. These two things are mandatory and comprise a vulnerable item (forget Detections... a similar and more complete topic).
Back to your question, can you create a VIT via REST? Yes, you can. I have done this before. You have two choices (actually three... but the other one is not a good option): Scripted REST API or Import Set API. I recommend you use the Import Set API because you are going to want a record of the incoming data.
Create a Transform map with a Transform Script. You will need to transform the incoming host into a Configuration Item and the incoming vulnerability into an actual vulnerability.
You should create a "default" vulnerability in the Third-Party Entry table that you can use in case the incoming vulnerability does not match for whatever reason.

This is a more complex topic, but you can use the VR Framework / CI Lookup Rules to look up incoming hosts. I have an example here:

https://gist.github.com/cmcdevitt/72033b66335c2ab00af30214f76e4c2e