Get Started

Welcome to API! is the world’s first Cyber Exposure platform, giving you complete visibility into your network and helping you to manage and measure your modern attack surface. All the capabilities of Vulnerability Management are available in the API, a robust platform for users of all experience levels. The platform is designed to support and visualize elastic IT assets, such as containers and web apps. Tenable offers pre-built integrations and allows developers to build new integrations quickly in order to improve their vulnerability management program. Architecture

Using the API, you can seamlessly integrate into your cybersecurity infrastructure, for example:

  • Automate asset data import into
  • Import third-party scan data.
  • Export scan results from into a workflow management system for remediation.

You can get started with API using our API Explorer. You can also use utilities like cURL or Postman to gather data and get additional details that may not be readily available in the API Explorer. Once you become familiar with the API, we provide libraries and SDKs to facilitate development.

Set up API access

To set up access to API:

  • Verify that you have a valid user account with appropriate permissions by logging into
  • Generate the API keys for the account. For more information, see Generate API Keys in the Vulnerability Management User Guide.

Use the API Explorer

Our API Explorer (based on OpenAPI 3 specification) provides complete reference documentation for all available API endpoints. It also allows you to try most of the API calls out of the box. You can run the calls against your environment.

To try a API call using the the API Explorer, simply navigate to the endpoint, enter the API keys and the input parameters for the call, and click Try It.



Testing calls in the API explorer with the Try It button requires API keys from your own instance. The Try It button for the Downloads API requires a bearer token instead of API keys. Additionally, you cannot use the Try It button if you use the GovCloud region to comply with the Federal Risk and Authorization Management Program (FedRAMP).

Here is an example of using the API Explorer to list the assets in your environment:

API Explorer API KeyAPI Explorer API Key

You can use the API Explorer for API reference information (for example, request parameters and response schemas), and also copy the generated code samples in the language of your choice. We currently provide samples in Python, cURL, Node, Ruby, JavaScript, Objective-C, Java, PHP, C#, Swift, and Go.

Use any REST client

The API Explorer can help you build a sufficient foundation so that you can then perform more complex requests with other tools such as cURL or Postman. As usual, authentication is necessary to make the requests for data work. Use your own API key.

Here is an example of how to upload a scan file:

curl -H "X-APIKeys: accessKey=<access_key>;secretKey=<secret_key>" -F "[email protected]~/nessus.db" -X POST

Once you have uploaded the file, import the scan:

curl -H "X-APIKeys: accessKey=<access_key>;secretKey=<secret_key>" -d '{"file":"nessus.db","folder_id":<int_folder_id>,"password":"[email protected]"}'  -X POST

Now launch the scan:

curl -H "X-APIKeys: accessKey=<access_key>;secretKey=<secret_key>" -X POST<int_scan_id>/launch

These cURL requests can be easily modified for use in other REST clients or scripting languages.

Use libraries and tools

The optimal way to develop with REST APIs is to use one of our client libraries or SDKs. We recommend that you use these libraries both for testing and in production because they provide standard interfaces that handle authentication and request construction for you. The GitHub repositories for these libraries provide detailed explanations for getting started.

  • Java SDK - The SDK provides a complete set of Java client interfaces for the REST services.
  • pyTenable Library - pyTenable is a great choice if you intend to develop against additional Tenable products such as Security Center. pyTenable is a lightweight library that allows you to interact with the APIs in a pythonic, unambiguous way.

Rate Limiting and Concurrency Limiting performs rate limiting on API requests to ensure that all customers experience the same level of service. For more information, see Rate Limiting. Additionally, performs concurrency limiting on some API export requests to ensure expected performance levels. You can have a maximum of two or three active concurrent export requests per customer instance or container or depending on which endpoint you are using. Concurrency limits for specific endpoints are subject to change. For more information, see Concurrency Limiting.

Get help: Tenable developer information ecosystem

  • Before using the APIs, we recommend that you familiarize yourself with the user documentation. There is a strong correlation between the business logic of UI and the API.
  • Use the Guides section of this site to find detailed step-by-step instructions for specific use cases, for example, importing asset data and exporting scan data.
  • Use the Expert Articles section for expert advice from Tenable developers, for example, about using our Python API tools.
  • Use the API Explorer to try the API calls and find reference information: Endpoint URLs, HTTP methods, input parameters, response schemas, etc. We also provide client request code samples in multiple languages to help your get started.
  • Use API documentation to find reference information for the latest version of REST API.
  • Use our Github project to get the code and documentation for libraries and tools, as well extensibility points for other Tenable products (for example, NASL for Nessus plugin development).
  • If you are unable to find the information that you are looking for, you may be able to get help in the Tenable Community portal. We encourage you to join our Community and participate in discussions.