Tenable.io API Rate Limit Enforcement Notice

To ensure a great experience for all our customers, Tenable will introduce request rate limits to all our REST API endpoints that communicate with the Tenable.io platform. These changes will ensure over extensive API calls from one customer won't have any impact on the overall experience of others.

Tenable.io will calculate the number of API calls it accepts from a single user per minute based on current processing load. Individual users are identified by the API key used in each request. If you send a request after the processing limit is reached, Tenable.io returns an HTTP response message with a 429 (Too Many Requests) code and a Retry-After header element that specifies the number of seconds to wait before retrying.

The new limits will go in the effect on Wednesday, November 14th, 2018.

We strongly encourage customers who use the REST API to modify their code to be able to handle these new sets of restrictions gracefully. Customers using the tenbale.io SDK or PyTenable don’t need to take further actions.

Customers not using either library need to handle rate limits in their code. In python, for example, this can be done as follows:

import requests

from requests.packages.urllib3.util.retry import Retry

retries = Retry(

   total=3,

   status_forcelist=[429, 501, 502, 503, 504],

   backoff_factor=1,

   respect_retry_after_header=True

)

adapter = requests.adapters.HTTPAdapter(max_retries=retries)

session = requests.Session()

session.mount('https://', adapter)

Please refer to our documentation for more details at https://cloud.tenable.com/api#/ratelimiting

For more information, please contact support@tenable.com or log a Case.