# 2 big improvements to the Postman Secret Scanner At Postman, we take our commitment to security very seriously. The several product updates we've made to [keep your data safe](https://blog.postman.com/tag/company-news+security/) and help you [build secure and compliant APIs](https://blog.postman.com/tag/product-updates+security/) serve as a testament to this. Earlier this year, we introduced the [Postman Secret Scanner](https://blog.postman.com/postman-security-scans/) in order to help you stay on top of any excessive data exposure when working with Postman [public workspaces](https://blog.postman.com/introducing-postman-public-workspaces/) and [public documentation](https://learning.postman.com/docs/publishing-your-api/publishing-your-docs/). Since then, we've made two big improvements to help you keep a stricter watch on these popular public elements of the [Postman API Platform](https://www.postman.com/api-platform/). ## 1. Scanning more tokens In addition to the [14 tokens](https://blog.postman.com/postman-security-scans/) already being scanned, the Postman Secret Scanner will now scan four more tokens by default: - Airtable API Key - GitHub Personal Access Token - Telegram Bot Access Token - Twilio API Key In addition to these default tokens, you can also now add [custom tokens](https://learning.postman.com/docs/api-security/token-scanner/#custom-alerts) if you have a [Postman Enterprise](https://www.postman.com/postman-enterprise/) plan. Check out more information about the secret scanner on our [Learning Center page](https://learning.postman.com/docs/api-security/token-scanner/). ## 2. In-app notifications Until now, the Postman Secret Scanner relied on the use of emails to inform you whenever a sensitive token was identified in a public documentation or a public workspace owned by you or your team. Here is an example email: ![](https://blog.postman.com/wp-content/uploads/2021/09/Reference-email.png)*Alert email sent by the Postman Secret Scanner* With the latest feature improvements, you will now also be informed using notifications *within* Postman, thereby removing the need to constantly check your mailboxes for emails from security.notifications@postman.com. As soon as the secret scanner identifies a sensitive token, Postman will alert you using notifications as shown below: ![](https://blog.postman.com/wp-content/uploads/2021/09/Toast-notification-message.gif)*Postman notification informing about token exposures* You can opt to turn off the in-app notifications of the secret scanner from your [notification preferences](https://go.postman.co/settings/me/notifications) (as shown below) if you prefer to stick with just the email notifications for sensitive token exposures. ![](https://blog.postman.com/wp-content/uploads/2021/09/Notification-preferences.gif)*Enabling/disabling notifications for the Postman Secret Scanner* The [Postman Security public workspace](https://www.postman.com/postman/workspace/postman-security-workspace/overview) contains more resources that can help you institute better security practices for your team. Feel free to check it out. Stay tuned to the Postman blog for more [security-related posts](https://blog.postman.com/tag/security/) and exciting product updates.