Generate API Keys

Required Tenable Vulnerability Management User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

Required Tenable Web App Scanning User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

The API keys associated with your user account enable you to access the API for all Tenable Web App Scanning products for which your organization is licensed.

Note: Tenable Web App Scanning API access and secret keys are required to authenticate with the Tenable Web App Scanning API.

Note: The API keys associated with your user account enable you to access the API for all Tenable Vulnerability Management products for which your organization is licensed. You cannot set separate keys for individual products. For example, if you generate API keys in Tenable Vulnerability Management, this action also changes the API keys for Tenable Web App Scanning and Tenable Container Security.

Note: Be sure to use one API key per application. Examples include, but are not limited to:

  • Tenable Web App Scanning integration
  • Third-party integration
  • Other custom applications, including those from Tenable Professional Services

The method to generate API keys varies depending on the role assigned to your user account. Administrators can generate API keys for any user account. For more information, see Generate Another User's API Keys. Other roles can generate API keys for their own account.

To generate API keys for your own account:

  1. Access the My Account page.
  2. Click the API Keys tab.

    The API Keys section appears.

  3. Click Generate.

    The Generate API Keys window appears with a warning.

    Caution: Any existing API keys are replaced when you click the Generate button. You must update the applications where the previous API keys were used.

  4. Review the warning and click Generate.

    Tenable Web App Scanning generates new access and secret keys, and displays the new keys in the Custom API Keys section of the page.

    Tip: If the Generate button is inactive, contact your administrator to ensure they've enabled API access for your account. For more information, see Edit a User Account.
  5. Copy the new access and secret keys to a safe location.

    Caution: Be sure to copy the access and secret keys before you close the API Keys tab. After you close this tab, you cannot retrieve the keys from Tenable Web App Scanning.