The Web Application Scanning v2 API has been updated to make targets a primary entity. You can now define target in the main body of your request instead of within the settings object. This change allows users to create a scan configuration with no settings block if they wish to use the default settings. Tenable recommends that you use the target parameter in the main body instead. This change affects the POST /was/v2/configs and PUT /was/v2/configs/{config_id} endpoints.

With scan routing, you can automatically dispatch scanning across multiple scanner groups according to the areas of your network that each group is configured to access. Scan routing reduces scan configuration and management overhead by eliminating the need to configure specific scanners for each individual scan. This feature can represent a significant benefit in large deployments. In addition, you can improve operational efficiency by tasking higher-privilege team members with managing scanner pools, which lower-privilege team members can then use in scan configuration.

Documentation is now available for the GET /plugins/plugin endpoint. This endpoint returns a paginated list of Tenable plugins with detailed plugin information. The response list is sorted by plugin ID.

The Tenable.io export API now returns the Asset Criticality Rating (ACR) and Asset Exposure Score (AES) if you have a Lumin license. The GET /assets/export/{export_uuid}/chunks/{chunk_id} endpoint returns the following attributes:

You can now filter Tenable.io vulnerability exports by plugin_id. The plugin_id body parameter accepts a list of plugin IDs for which you want to filter the vulnerabilities returned in the vulnerability export.

You can now use the Tenable.io API to convert scan-specific credentials to managed credentials.

The Tenable.io Session API is deprecated. On August 1, 2020, documentation related to the session endpoints will be removed from the Tenable developer portal. If your organization's integrations with the Tenable.io API previously used session tokens, Tenable recommends that you use the PUT /users/{user_id}/keys endpoint to generate API keys instead. This deprecation also affects the POST /user/{user_id}/impersonate endpoint as well, as it is dependent on session tokens.

You can now use the Tenable.io Web Application Scanning v2 API to easily create a WAS scan configuration.

You can now use the Tenable.io Web Application Scanning v2 API to return a report of scan results. The scan results can be returned in JSON, CSV, or XML format.

You can now use the Tenable.io API to change which user in your organization owns a scan. You can change ownership for only those scans where you have OWNER [128] permissions for the scan.