Use the Developer Portal
Our Tenable API Explorer (based on OpenAPI 3 specification) provides complete reference documentation for all available Tenable product API endpoints. It also allows you to try most of the API calls out of the box. You can run the calls against your own Tenable instance.
To try a Tenable API call using the the API Explorer, simply navigate to the endpoint, enter the API keys and the input parameters for the call, and click Try It.
Note
Testing calls in the API explorer with the Try It button requires API keys from your own Tenable instance. The Try It button for the Downloads API requires a bearer token instead of API keys. Additionally, you cannot use the Try It button if you use the GovCloud region to comply with the Federal Risk and Authorization Management Program (FedRAMP).
Here is an example of using the API Explorer to list the assets in your environment:
You can use the API Explorer for API reference information (for example, request parameters and response schemas), and also copy the generated code samples in the language of your choice. We currently provide samples in Python, cURL, Node, Ruby, JavaScript, Objective-C, Java, PHP, C#, Swift, and Go.
Use Any REST Client
The API Explorer can help you build a sufficient foundation so that you can then perform more complex requests with other tools such as cURL or Postman. As usual, authentication is necessary to make the requests for data work. Use your own API key.
Here is an example of how to upload a scan file:
curl -H "X-APIKeys: accessKey=<access_key>;secretKey=<secret_key>" -F "Filedata=@~/nessus.db" -X POST https://cloud.tenable.com/file/upload?no_enc=1
Once you have uploaded the file, import the scan:
curl -H "X-APIKeys: accessKey=<access_key>;secretKey=<secret_key>" -d '{"file":"nessus.db","folder_id":<int_folder_id>,"password":"SuperSecretP@ssw0rd"}' -X POST https://cloud.tenable.com/scans/import
Now launch the scan:
curl -H "X-APIKeys: accessKey=<access_key>;secretKey=<secret_key>" -X POST https://cloud.tenable.com/scans/<int_scan_id>/launch
These cURL requests can be easily modified for use in other REST clients or scripting languages.
Rate Limiting and Concurrency Limiting
Tenable performs rate limiting on API requests to ensure that all customers experience the same level of service. For more information, see Rate Limiting. Additionally, Tenable performs concurrency limiting on some API export requests to ensure expected performance levels. You can have a maximum of two or three active concurrent export requests per Tenable customer instance or container or depending on which endpoint you are using. Concurrency limits for specific endpoints are subject to change. For more information, see Concurrency Limiting.
Updated about 2 months ago