API Key Authentication

You can enable API key authentication to allow users to use API keys as an authentication method for Tenable.sc API requests. Without API keys, users must use the /token endpoint to log in to the Tenable.sc API and establish a token for subsequent requests, as described in Token in the Tenable.sc API Guide.

Tenable.sc attributes actions performed with API keys to the user account associated with the API keys. You can only perform actions allowed by the privileges granted to the user account associated with the API keys.

You must enable the Allow API Keys toggle in your Security Settings to allow users to perform API key authentication. Then, users can generate API keys for themselves or for other users. API keys include an access key and secret key that must be used together for API key authentication. For more information, see Enable API Key Authentication and Generate API Keys.

A user's API keys can be used for Tenable.sc API request authentication by including the x-apikey header element in your HTTP request messages, as described in API Key Authorization in the Tenable.sc API Best Practices Guide.

Deleting API keys prevents users from authenticating Tenable.sc API requests with the deleted keys. For more information, see Delete API Keys.

For more information about the Tenable.sc API, see the Tenable.sc API Guide and the Tenable.sc API Best Practices Guide.