API Key Authorization

Note: API key authorization requires Tenable Security Center 5.13.x or later. For earlier versions of Tenable Security Center, use the authentication token as described in Token in the Tenable Security Center API Guide.

You can generate a unique set of API keys for each user account. These keys allow your application to authenticate to the Tenable Security Center API without a user authentication token.

To authorize your application to use the Tenable Security Center API, you must include the x-apikey header element in your HTTP request messages.

Before submitting a request, configure the user account you want to use to submit the requests, as follows:

  • Enable API key authentication, as described in Enable API Key Authentication in the Tenable Security Center User Guide.
  • Generate API keys for a user with sufficient permissions for your request, as described in Generate API Keys Keys in the Tenable Security Center User Guide.

For more information about Tenable Security Center API keys, see API Key Authentication in the Tenable Security Center User Guide.

x-apikey Header Element

The x-apikey header element has the following format:

x-apikey: accesskey=ACCESS_KEY; secretkey=SECRET_KEY;

The ACCESS_KEY and SECRET_KEY parameters correspond to the API keys that Tenable Security Center generates for each system user. For more information, see Generate API Keys in the Tenable Security Center User Guide.

Example HTTP Request

curl -X GET -k --header "x-apikey: accesskey=4def6bc216f14c1ab86dfba8738ff4a5; secretkey=a47d1d3a071443449a75821129526b96" https://Tenable.sc/rest/currentUser

Error States

Code Status Description
400 Bad Request Returned if your request specified both an authentication token and API keys.
Returned if your request specified API keys, but API key authentication is disabled for your Tenable Security Center. For more information, see Enable API Key Authentication in the Tenable Security Center User Guide.

Returned if your request specified invalid API keys. API keys are invalid if they meet any of the following criteria:

  • The access key and secret key do not have a combined length of 64 characters.
  • The access key does not exist in the Tenable Security Center database (for example, the access key has been deleted).
  • The user associated with the API key is locked from exceeding the maximum number of login attempts.
  • The user associated with the API key has insufficient permissions for the request.
  • The secret key does not match the specified access key.

Returned if Tenable Security Center encounters any database errors during the API key recognition process.

Note: If you encounter this error, resubmit your request. If the error does not resolve on resubmit, contact Tenable Support.