2 Big Improvements to the Postman Token Scanner

Avatar
Tirthankar Saha
· 3 mins

At Postman, we take our commitment to security very seriously. The several product updates we’ve made to keep your data safe and help you build secure and compliant APIs serve as a testament to this. Earlier this year, we introduced the Postman Token Scanner in order to help you stay on top of any excessive data exposure when working with Postman public workspaces and public documentation. Since then, we’ve made two big improvements to help you keep a stricter watch on these popular public elements of the Postman API Platform.

1. Scanning more tokens

In addition to the 14 tokens already being scanned, the Postman Token Scanner will now scan four more tokens by default:

  • Airtable API Key
  • GitHub Personal Access Token
  • Telegram Bot Access Token
  • Twilio API Key

In addition to these default tokens, you can also now add custom tokens if you have a Postman Enterprise plan. Check out more information about the token scanner on our Learning Center page.

2. In-app notifications

Until now, the Postman Token Scanner relied on the use of emails to inform you whenever a sensitive token was identified in a public documentation or a public workspace owned by you or your team. Here is an example email:

Alert email sent by the Postman Token Scanner

With the latest feature improvements, you will now also be informed using notifications within Postman, thereby removing the need to constantly check your mailboxes for emails from security.notifications@postman.com. As soon as the token scanner identifies a sensitive token, Postman will alert you using notifications as shown below:

Postman notification informing about token exposures

You can opt to turn off the in-app notifications of the token scanner from your notification preferences (as shown below) if you prefer to stick with just the email notifications for sensitive token exposures.

Enabling/disabling notifications for the Postman Token Scanner

The Postman Security public workspace contains more resources that can help you institute better security practices for your team. Feel free to check it out. Stay tuned to the Postman blog for more security-related posts and exciting product updates.

Tags:
Avatar

Tirthankar Saha

Tirthankar Saha is a product manager at Postman. View all posts by Tirthankar Saha.

What do you think about this topic? Tell us in a comment below. You can also give product feedback through our Community forum and GitHub repository.

Comment

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

You might also like

Updates to the Postman Secret Scanner

Avatar
· 6 mins

In today’s fast-paced and interconnected world, we must prioritize data security to protect our sensitive information from potential threats. Here at Postman,…

Read more →

Introducing Atlassian’s ASAP authentication in Postman

Giridhar
· 2 mins

In the ever-evolving landscape of API development and testing, Postman aims to consistently ensure you have the right set of tools for…

Read more →

Manage exposed secrets with the Postman Enterprise Essentials plan

Avatar
· 2 mins

Sensitive data and credentials pose significant challenges to an organization’s security. Without proper safeguards in place, organizations are at risk of compromising…

Read more →

Postman's annual user conference

Gain new skills through hands-on workshops, hear from industry leaders, and join conversations about innovation, APIs, and the future of software.

Learn More