What Living Security needs
Scopes: Read access to assets and vulnerability exports
Required role: Basic, Scan Operator, Standard, Scan Manager, or Administrator with API access enabled
Prerequisites
- You must have one of the roles above in Tenable Vulnerability Management.
- Your administrator must have enabled API access for your user account.
Part A — In Tenable Vulnerability Management
Your Tenable administrator completes these steps.1
Navigate to API Keys
- Sign in to Tenable Vulnerability Management at cloud.tenable.com.
- Click your profile icon in the top-right corner, then select My Account.
- Click the API Keys tab.
2
Generate new API keys
- Click Generate.
- Review the warning, then click Generate to confirm.
3
Copy and save your keys
Copy both keys immediately and store them securely.
4
Identify your regional API host
Select the host that matches your Tenable environment:
Enter the host only — no
https:// prefix and no trailing slash.Part B — In the Living Security Platform
The program owner completes this step, or the system admin if using delegated setup.1
Troubleshooting
403 Forbidden
403 Forbidden
Your user account lacks permissions to export assets or vulnerabilities. Verify:
- Your account has a role of Basic or higher
- API access is enabled for your account (ask your Tenable administrator)
Keys rotated by another application
Keys rotated by another application
Tenable API keys are account-wide. If another application or team member generated new keys, your existing keys are invalidated. Coordinate key rotation with other applications using the same Tenable account.
Wrong regional host
Wrong regional host
Using the wrong host causes authentication to fail. Verify:
- US accounts use
cloud.tenable.com - EU accounts use
eu.cloud.tenable.com - FedRAMP accounts use
fedcloud.tenable.com

