Custom API Action

Make an authenticated HTTP request to the Tenable Vulnerability Management API.

Options

Field	Definition	Type	Required
Request Type	Request Type (dropdown): This is one of the supported HTTP request methods, or HTTP verbs, in a custom API call (see HTTP request methods): GET - retrieves data from a web server based on your parameters. This method requests a representation of the specified resource. If a request is successful, you receive a 200 (OK) response message with the requested content. POST - sends data to a web server based on your parameters (for example, uploading a file). Multiple POST requests may result in a different outcome than a single POST, so you should be cautious about unintentionally sending multiple POST requests. If a request is successful, you receive a 200 (OK) response message. PUT - sends data to be stored at a specific location on a web server based on your parameters (for example, uploading a file). The difference between PUT and POST requests is that PUT is idempotent. This means that for successful requests, the result of a single PUT request is the same as many identical PUT requests. If a request is successful, you receive a 200 (OK), 201 (Created), or 204 (No Content) response message. PATCH - applies partial modifications to a resource on a web server based on your parameters. PATCH is not idempotent, which means that multiple PATCH requests could have unintended consequences. If a PATCH is successful, you receive a 200 (OK) or 204 (No Content) response message. DELETE - deletes the specified resource from the web server based on your parameters (if the resource exists). If a DELETE is successful, you receive a 200 (OK) response message.	Dropdown	TRUE

Input

Field	Definition	Type	Required
Request
Relative URL	The URL address of the web server that you're attempting to call. Specify the Relative URL as /{insert_remaining_URL}. To specify query parameters, you can either use ? in the Relative URL or specify them as key-value pairs in the Query input.	Text	TRUE
Headers	Specify any required headers in addition to X-ApiKeys, because this connector already handles this.	Object	FALSE
Query	Specify any additional query parameters that should be included in object format as key-value pairs.	Object	FALSE
Body	Specify a request body in JSON format. This input isn't available for GET requests.	Object	FALSE

Output

Field	Definition	Type
Outputs
Status Code	Result of the operation. The connector returns an HTTP status code that indicates whether the action taken by the card succeeded or failed. For example: A 201 Created status code indicates success where a resource was created. A 403 Forbidden error indicates that the HTTP request wasn't processed because the necessary permissions were missing. For a full list of possible status codes, see HTTP status codes.	Number
Headers	Detailed context for the status code, unrelated to the output body. Response headers depend on your selected HTTP request option. Not all headers are response headers. This is similar to {"Content-Type":"application/json"}.	Object
Body	Data that's returned from your selected HTTP request. For example, the data from a GET request.	Object

© 2026 Okta, Inc. All Rights Reserved. Various trademarks held by their respective owners.

Feedback