Navigate the APIs

Welcome to Tenable API Explorer! This API Explorer provides complete reference documentation for all available Vulnerability Management, Web App Scanning, Identity Exposure, Cloud Security, Container Security, PCI ASV, Attack Surface Management, MSSP, and Downloads API endpoints based on OpenAPI 3 (formerly known as Swagger) specification. You can try most of the API calls out of the box.

The available Tenable product APIs are organized into the following functional categories:

Scroll down the page to view the information for these APIs or use search to look for specific terms.

Tenable Platform & Settings

The Tenable Platform API includes the endpoints for authentication and access control.

For background information about user and group management, see the Access Control in the Tenable Vulnerability Management User Guide.

Vulnerability Management

The Tenable Vulnerability Management API enables you to programmatically manage assets, scans, and policies from the cloud. The endpoints provide actionable insight into your entire infrastructure's security risks, allowing you to quickly and accurately identify, investigate, and prioritize vulnerabilities and misconfigurations in your modern IT environment.

For more information about Tenable Vulnerability Management, see the Tenable Vulnerability Management User Guide.

Web App Scanning

The Tenable Web App Scanning API endpoints enable you to automate the security management for your web applications. You can safely and accurately scan web applications, providing deep visibility into vulnerabilities and context for prioritizing remediations.

For more information about Tenable Web App Scanning, see the Tenable Web App Scanning User Guide.

Identity Exposure

The Tenable Identity Exposure API enables you to secure your infrastructure by anticipating threats, detecting breaches, and responding to incidents and attacks. You can programmatically monitor indicators of attack and indicators of exposure to allow you to discover underlying issues affecting your Active Directory, identify dangerous trust relationships, and analyze in-depth details of attacks.

For more information about Tenable Identity Exposure, see the Tenable Identity Exposure User Guide.

Legacy Container Security

The Tenable Container Security API provides the endpoints for securing container images, for example, Docker. Using the API, you can you seamlessly and securely enable DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware, and policy violations – through integration with the build process.



Tenable Container Security API v1 is deprecated. Use Container Security API v2.

For more information about Tenable Container Security, see the Get Started with Tenable Container Security.


Tenable's PCI ASV streamlines the quarterly external vulnerability scan submission and dispute process as required by PCI. You can use the PCI ASV API to retrieve a list of PCI ASV attestations, disputes, and scans.

For more information about PCI ASV, see Get Started with PCI ASV Scanning in the Tenable Vulnerability Management User Guide.

Legacy Cloud Security v1

The Tenable Cloud Security API enables you to programmatically scan multi-cloud instances and the infrastructure-as-code (IaC) used to provision the environments. The Cloud Security endpoints can be used to onboard cloud accounts, manage projects and repositories, and retrieve scan results.

For more information about Tenable Cloud Security, see the Tenable Cloud Security User Guide.

Attack Surface Management

Tenable Attack Surface Management enables you to identify internet-accessible assets that may or may not be known to your organization. Attack Surface Management identifies assets using DNS records, IP addresses, and ASN, and includes more than 180 columns of metadata to help you organize and inventory your assets.

For more information about Tenable Attack Surface Management, see the Tenable Attack Surface Management User Guide.

Managed Security Service Provider (MSSP) Portal

The Tenable Managed Security Service Provider (MSSP) Portal API provides a secure and accessible way for MSSP administrators to manage and maintain multiple customer instances of Tenable products. Endpoints in the Tenable MSSP Portal API allow you to view and manage your MSSP customer accounts.

For more information about Tenable MSSP, see the Tenable Managed Security Service Provider User Guide.


The Downloads API enables you to access and download installation and update files for available Tenable products. You can use the API endpoints to list product pages, list downloads available for a specific product, and to download a file. The endpoints can also be used to determine and download the latest version of a file to facilitate the automation of an installation.