Recently Viewed Topics
Tenable.io performs rate limiting on API requests to ensure that all customers experience the same level of service. Based on current processing load, Tenable.io calculates the number of API requests it can accept from a single user per minute. Individual users are identified by the API key used in each API request. An individual user can have only one valid API key at a time.
If you submit an API request after the processing limit is reached, Tenable.io returns an HTTP response message with a
429 (Too Many Requests) status code. The response also includes a
retry-after header element that specifies the number of seconds to wait before retrying.
Example Response Header
connection:keep-alive content-length:580 content-type:text/html date:Wed, 24 Oct 2018 17:13:43 GMT
retry-after:30server:tenable.io strict-transport-security:max-age=63072000; includeSubDomains x-content-type-options:nosniff x-gateway-site-id:nginx-router-b-eng-us-east-1.dcld x-path-handler:tenable-io-plugins-plugin
- Handling 429 messages with pyTenable module
- Handling 429 messages without pyTenable module
- Retry logic (does not use
Recommendations to Avoid Rate Limits
Do not multi-thread your requests. As long as you are using the appropriate APIs, you should be able to export data from Tenable.io without reaching rate limits.
If your process regularly reaches the API request rate limit, review your code to ensure that you are not co-processing requests.
Always use a unique user account for each API integration you enable or create. This approach ensures proper tracking of who is accessing which data and allows Tenable.io to enforce rate limits for each API user.