2 Big Improvements to the Postman Token Scanner
At Postman, we take our commitment to security very seriously. The several product updates we’ve made to keep your data safe and help you build secure and compliant APIs serve as a testament to this. Earlier this year, we introduced the Postman Token Scanner in order to help you stay on top of any excessive data exposure when working with Postman public workspaces and public documentation. Since then, we’ve made two big improvements to help you keep a stricter watch on these popular public elements of the Postman API Platform.
1. Scanning more tokens
In addition to the 14 tokens already being scanned, the Postman Token Scanner will now scan four more tokens by default:
- Airtable API Key
- GitHub Personal Access Token
- Telegram Bot Access Token
- Twilio API Key
2. In-app notifications
Until now, the Postman Token Scanner relied on the use of emails to inform you whenever a sensitive token was identified in a public documentation or a public workspace owned by you or your team. Here is an example email:
Alert email sent by the Postman Token Scanner
With the latest feature improvements, you will now also be informed using notifications within Postman, thereby removing the need to constantly check your mailboxes for emails from [email protected] As soon as the token scanner identifies a sensitive token, Postman will alert you using notifications as shown below:
Postman notification informing about token exposures
You can opt to turn off the in-app notifications of the token scanner from your notification preferences (as shown below) if you prefer to stick with just the email notifications for sensitive token exposures.
Enabling/disabling notifications for the Postman Token Scanner
The Postman Security public workspace contains more resources that can help you institute better security practices for your team. Feel free to check it out. Stay tuned to the Postman blog for more security-related posts and exciting product updates.