For teams managing dozens, or even hundreds, of tenants, API access quickly becomes operational overhead. Managed Security Service Providers and large enterprises often find themselves maintaining separate credentials for every environment, adding friction to automation, reporting, and day-to-day operations.
To address this, we are excited to announce multi-tenant API access, a new authentication capability designed to drive operational efficiency and consistent security outcomes across all your customers or environments.
Whether you are a MSSP or an enterprise managing multiple tenants, this new capability transforms how you programmatically access and manage data, allowing you to focus on security outcomes rather than script maintenance.
Managing API keys across multiple tenants to eliminate key sprawl
Without multi-tenant capabilities, a security team managing 50 tenants requires 50 unique credentials that need to be generated, named, and stored. This key sprawl creates overhead for rotation, increased risk of credential leakage, and makes cross-tenant reporting a challenge to automate effectively.
Meaning basic tasks, such as creating a consolidated compliance report, could turn into a multi-day integration project involving brittle scripts and large configuration files.
A centralized approach to multi-tenant API access
Multi-tenant API access introduces a centralized way to programmatically access data across all managed tenants with a single API key. Instead of maintaining individual tenant-specific credentials, you can use one key for many tenants.
At Rapid7, we’re introducing new multi-tenant admin keys that enable access to all current and future tenants, ensuring that new tenants require zero additional API configuration - saving security teams valuable time and effort.
Reducing operational overhead with multi-tenant API access
By removing the authentication bottleneck, our multi-tenant API keys enable security engineers to build a single integration that "loops" through tenants automatically, reducing the time they would otherwise have spent manually configuring API keys per tenant and the maintenance overhead that comes with this.
Using one key to provide seamless access to all tenant data, operations are simplified and the impact on efficiency is measurable: teams reclaim days of effort onboarding new tenants and rotating credentials experiencing 98% time savings overall.
Strengthening API security and compliance across tenants
Beyond efficiency, multi-tenant API access improves security visibility, reducing an organization’s attack surface by utilizing a single multi-tenant key. Fewer keys mean fewer opportunities for developers to accidentally hardcode credentials or leave orphaned keys active after a tenant is decommissioned.
This feature also streamlines compliance. It allows teams to run a single script to pull critical vulnerabilities or alerts across hundreds of tenants into a single dashboard, and enables efficient exports of audit logs across all tenants.
Simplifying cross-tenant automation and reporting
Multi-tenant API access is about freeing security teams to focus on what matters. By centralizing credential control and simplifying automation, we are empowering analysts and engineers to act faster and reduce risk.
Want to see how multi-tenant API access can streamline your operations? Administrators can leverage this new capability by utilizing the new multi-tenant API key type and our new managed organizations API to retrieve details of your managed tenants, enabling you to create or update automation scripts to retrieve or manage data for any (or all) of your managed tenants via existing Rapid7 APIs.
