API Key Authentication

You can enable API key authentication to allow users to use API keys as an authentication method for Tenable Security Center API requests. Without API keys, users must use the /token endpoint to log in to the Tenable Security Center API and establish a token for subsequent requests, as described in Token in the Tenable Security Center API Guide.

Tenable Security Center attributes actions performed with API keys to the user account associated with the API keys. You can only perform actions allowed by the privileges granted to the user account associated with the API keys.

You can enable the Allow API Keys toggle in your Security Settings to allow users to perform API key authentication. Then, users can generate API keys for themselves or for other users. API keys include an access key and secret key that must be used together for API key authentication. For more information, see Enable API Key Authentication and Generate API Keys.

A user can use API keys for Tenable Security Center API request authentication by including the x-apikey header element in your HTTP request messages, as described in API Key Authorization in the Tenable Security Center API Best Practices Guide.

Deleting API keys prevents users from authenticating Tenable Security Center API requests with the deleted keys. For more information, see Delete API Keys.

For more information about the Tenable Security Center API, see the Tenable Security Center API Guide and the Tenable Security Center API Best Practices Guide.