API Key Authorization
Note: API key authorization requires Tenable Security Center 5.13.x or later. For earlier versions of Tenable Security Center, use the authentication token as described in Token in the Tenable Security Center API Guide.
You can generate a unique set of API keys for each user account. These keys allow your application to authenticate to the Tenable Security Center API without a user authentication token.
To authorize your application to use the Tenable Security Center API, you must include the x-apikey header element in your HTTP request messages.
Before submitting a request, configure the user account you want to use to submit the requests, as follows:
- Enable API key authentication, as described in Enable API Key Authentication in the Tenable Security Center User Guide.
- Generate API keys for a user with sufficient permissions for your request, as described in Generate API Keys Keys in the Tenable Security Center User Guide.
For more information about Tenable Security Center API keys, see API Key Authentication in the Tenable Security Center User Guide.
x-apikey Header Element
The x-apikey header element has the following format:
x-apikey: accesskey=ACCESS_KEY; secretkey=SECRET_KEY;
The ACCESS_KEY
and SECRET_KEY
parameters correspond to the API keys that Tenable Security Center generates for each system user. For more information, see Generate API Keys in the Tenable Security Center User Guide.
Example HTTP Request
curl -X GET -k --header "x-apikey: accesskey=4def6bc216f14c1ab86dfba8738ff4a5; secretkey=a47d1d3a071443449a75821129526b96" https://Tenable.sc/rest/currentUser
Error States
Code | Status | Description |
---|---|---|
400 | Bad Request | Returned if your request specified both an authentication token and API keys. |
Returned if your request specified API keys, but API key authentication is disabled for your Tenable Security Center. For more information, see Enable API Key Authentication in the Tenable Security Center User Guide. | ||
Returned if your request specified invalid API keys. API keys are invalid if they meet any of the following criteria:
|
||
Returned if Tenable Security Center encounters any database errors during the API key recognition process. Note: If you encounter this error, resubmit your request. If the error does not resolve on resubmit, contact Tenable Support. |