Tenable's cloud platform generates a unique set of API keys for each user account. These keys allow your application to authenticate to Tenable's API without creating a session.

To authorize your application to use the Tenable's API, you must include the X-ApiKeys header element in your HTTP request messages.

X-ApiKeys Header Element

The X-ApiKeys header element has the following format:

X-ApiKeys: accessKey=ACCESS_KEY; secretKey=SECRET_KEY;

The ACCESS_KEY and SECRET_KEY parameters correspond to the API keys that Tenable generates for each system user. For more information, see Generate an API Key in the Tenable Vulnerability Management User Guide.


curl -H "X-ApiKeys: accessKey=2c935f507d0686382bb383e4daf92eef8b4a349b9b9de2bf85343c0f7e7265db;secretKey=0553ac5757e8e741d6ef034dc06618106e7855887428e662adcde8862d017cf9"