Navigate the APIs

Welcome to Tenable API Explorer! This page provides complete reference documentation for all available, Tenable.cs (Cloud Security), Attack Surface Management, MSSP, and Downloads API endpoints based on OpenAPI 3 (formerly known as Swagger) specification. You can try most of the API calls out of the box.

The available APIs are organized into the following functional categories:

Scroll down the page to view the information for these APIs or use search to look for specific terms.

Tenable Platform

Tenable Platform API includes the endpoints for authentication and access management.

For background information about user and group management, see the documentation site.

Vulnerability Management

Vulnerability Management API allows you to programmatically manage assets, scans, and policies from the cloud. The endpoints provide actionable insight into your entire infrastructure’s security risks, allowing you to quickly and accurately identify, investigate, and prioritize vulnerabilities and misconfigurations in your modern IT environment.

For background information about Vulnerability Management, see the documentation site.

Container Security

Container Security API provides the endpoints for securing container images, for example, Docker. Using the API, you can you seamlessly and securely enable DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.



Tenable Container Security API v1 is deprecated. Use Container Security API v2.

For background information about managing container security, see the documentation site.

Web Application Scanning

Web Application Scanning API endpoints enable you to automate the security management for your web applications. You can safely and accurately scan web applications, providing deep visibility into vulnerabilities and context for prioritizing remediations.

The Web Application Scanning API v1 uses the same REST routes as the Vulnerability Management API. However, the resource representations include additional fields specific to Web Application Scanning.



Tenable recommends that you use Web Application Scanning API v2 for any new development. You can continue to use existing integrations that are based on Web Application Scanning API v1. Tenable will provide advance notice and migration guidance prior to deprecating Web Application Scanning API v1. To keep up to date on product announcements, subscribe to our RSS feed or check the API Changelog.

For background information about web application scanning, see the Web Application Scanning User Guide.

Managed Security Service Provider (MSSP) Portal

The Managed Security Service Provider (MSSP) Portal API provides a secure and accessible way for MSSP administrators to manage and maintain multiple customer instances of Tenable products. Endpoints in the MSSP Portal API allow you to view and manage your MSSP customer accounts.

For background information about the MSSP Portal, see the MSSP Portal User Guide.