Introducing the API: Your Gateway to Cyber Exposure Management

Overview, the world’s leading Cyber Exposure platform, provides comprehensive network visibility and effective management of your ever-evolving attack surface. With the API, users of all experience levels can harness the full power of Vulnerability Management through a robust and user-friendly interface. Whether you prefer the convenience of the web UI or the automation capabilities of utilities like cURL or Postman, the API has you covered^1^.

API Landing Page

Getting Started with the API

The API web UI allows you to unleash the API’s potential without having to delve into the intricacies of crafting API queries or using specialized utilities like cURL or Postman^2^. It’s the perfect option for users who prefer a straightforward approach.

To access the API via the web UI, make sure you are authenticated by having two separate windows or tabs open: one with your authenticated session and another with the API. This enables the API to utilize your authenticated session and seamlessly perform queries. Failure to authenticate before running API queries may result in error messages, but fear not – simply refresh the API page after authentication and the issue will be resolved^3^.

Authentication Error

Exploring the Possibilities

The API accepts queries against 19 different data types, offering over a hundred methods along with various filters and parameters. The API serves a multitude of purposes, empowering you to create and manage scans, configure permissions, modify scan policies, and much more. While scripting API queries for automation is efficacious, a solid understanding of the API is essential^4^.

See also  Freshdesk API Key

Discovering Assets in Your Container

Building familiarity with the API UI is an excellent way to grasp the functionalities of different methods, requests, and parameters. Let’s take a look at how to obtain a comprehensive list of assets in your container:

  1. Ensure that you are authenticated in and have the API UI open.
  2. Click on “Workbenches” in the left sidebar, then select “Assets”.

Workbenches: Assets

  1. Scroll down to the bottom of the webpage to find the “Test” section.


As you can see, optional parameters are available for filtering the query results. For now, let’s stick with the defaults and click “Send”. After the request is complete, you will receive a JSON-formatted list of your assets and detailed information about each^5^.

Assets List

Gathering Vulnerability Insights

Similarly, the “Workbenches > Vulnerabilities” query lets you explore vulnerabilities with more configurability using additional parameters. These filters enable you to tailor your results to meet specific requirements.

A quick tip regarding the “filters” field: you can define an array of filters that will be logically connected using “and” or “or” operations, as indicated in the “filter.search_type” field. An example filter is displayed in grayed-out text within the filter field. Although this particular example filter is not applied when the query is executed, any filter you enter will be used accordingly. Refer to the Filters section higher up the webpage for more filter-related details^6^.

Vulns Test

Keep in mind that the response to the vulnerabilities query provides a list without individual plugin or vulnerability result details. However, you can extract a plugin ID from the list and employ it in other queries. Use the plugin ID in the “Workbenches > Vulnerability-Info” query to retrieve more information about the plugin. Alternatively, use the plugin ID in the “Workbenches > Vulnerability-Output” query to obtain vulnerability results, including the affected assets^7^.

See also  Unlock the Potential of Web Applications with Bubble's API Connector


Advanced API Utilities

The API UI serves as a foundation for facilitating more intricate requests through additional API utilities like cURL or Postman. Authentication is required before data queries can be successfully executed using these utilities. To acquire the session token needed for data queries, send a POST request to with your credentials in the request body. Here’s an example cURL request to obtain your authenticated session token (note: your credentials are not transmitted in the clear, as this is a POST request to an HTTPS URL):

curl -X POST -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{"username":"[email protected]", "password":"YourPasswordHere"}' ""

Once you possess the session token, you can execute queries to perform any task available via the API UI. To retrieve a list of scans and their details, use a query similar to this:

curl -X GET -H "X-Cookie: token=YourSessionTokenHere" -H "Cache-Control: no-cache" ""

To obtain your list of target groups, deploy the following request:

curl -X GET -H "X-Cookie: token=YourSessionTokenHere" -H "Cache-Control: no-cache" ""

Finally, to conclude your session, send this request:

curl -X DELETE -H "X-Cookie: token=YourSessionTokenHere" -H "Cache-Control: no-cache" ""

Feel free to adapt these cURL requests for use in Postman or for scripting in various programming languages^8^.

Explore the API Today

Even if you’re not a Tenable customer yet, you can explore the API directly in your browser. The API is publicly available and fully documented. Once you become a Tenable customer, you’ll have access to the complete capabilities of Vulnerability Management through the API. This includes accurate asset tracking, vulnerability states, workbenches, reports, and more. API is also equipped for use in various API utilities and scripting languages, enabling you to leverage the data you require in an automated manner^9^.

See also  Introduction to the Anthropic API Key

Start your free 60-day trial of Vulnerability Management[^10^] now!

[^10^]: Start free trial.