2 big improvements to the Postman Secret Scanner


At Postman, we take our commitment to security very seriously. The several product updates we’ve made to keep your data safe and help you build secure and compliant APIs serve as a testament to this. Earlier this year, we introduced the Postman Secret Scanner in order to help you stay on top of any excessive data exposure when working with Postman public workspaces and public documentation. Since then, we’ve made two big improvements to help you keep a stricter watch on these popular public elements of the Postman API Platform.

1. Scanning more tokens

In addition to the 14 tokens already being scanned, the Postman Secret Scanner will now scan four more tokens by default:

  • Airtable API Key
  • GitHub Personal Access Token
  • Telegram Bot Access Token
  • Twilio API Key

In addition to these default tokens, you can also now add custom tokens if you have a Postman Enterprise plan. Check out more information about the secret scanner on our Learning Center page.

2. In-app notifications

Until now, the Postman Secret Scanner relied on the use of emails to inform you whenever a sensitive token was identified in a public documentation or a public workspace owned by you or your team. Here is an example email:

Alert email sent by the Postman Secret Scanner

With the latest feature improvements, you will now also be informed using notifications within Postman, thereby removing the need to constantly check your mailboxes for emails from security.notifications@postman.com. As soon as the secret scanner identifies a sensitive token, Postman will alert you using notifications as shown below:

Postman notification informing about token exposures

You can opt to turn off the in-app notifications of the secret scanner from your notification preferences (as shown below) if you prefer to stick with just the email notifications for sensitive token exposures.

Enabling/disabling notifications for the Postman Secret Scanner

The Postman Security public workspace contains more resources that can help you institute better security practices for your team. Feel free to check it out. Stay tuned to the Postman blog for more security-related posts and exciting product updates.

What do you think about this topic? Tell us in a comment below. You can also give product feedback through our Community forum and GitHub repository.


Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.