Announcing the new lightweight Postman API client and sunsetting Scratch Pad

The world has changed dramatically in the last decade. Today, cloud technology is the norm for small and large organizations to deploy software. As a result, the flexibility and elasticity of SaaS software with low-maintenance cost is the preferred way for businesses to buy applications. More recently, generative AI is rapidly becoming the next evolutionary leap in the interaction between computing and humans.

Postman is also evolving to keep pace with these trends, and we’re continuously working to power the next generation of capabilities for our products. Postman started as a tiny Chrome extension to send API calls. Developers love the simplicity of the API client over writing code or making curl calls. However, as we added more capabilities to the Postman API Platform, we saw that the Postman UI became confusing for beginners. So, last month, we launched a simplified baseline workspace experience in response to feedback we heard from a section of our users who just want a simple API client. I wrote about how our users and customers find value in my earlier blog post.

The second problem we saw with the evolution of Postman was the split between the capabilities we provide as part of our cloud-based services vs. the capabilities we provide locally.

Every month, there are hundreds of thousands of users who sign up with an account on Postman and enjoy the full set of capabilities that we offer. Thousands of companies buy Postman for our team-collaboration features as well as our Enterprise capabilities—all powered by the cloud. So far, we have continued to maintain offline collections through the Scratch Pad and collections through cloud-powered workspaces.

However, maintaining two separate architectures—one with the Scratch Pad and the other with workspaces—for the same set of features has meant that we spend 2x-4x the amount of time in developing or improving the product. In some cases, with feature requests like autosaving requests, the technical implications are even bigger.

As we added support for new protocols like GraphQL, gRPC, and WebSockets, this problem became harder. Building these new clients and allowing for a full-lifecycle workflow through collections in two separate architectures was increasingly just not feasible.

With our recently introduced capabilities—like public workspaces and universal search, Postman Live Collections (March 15), Postman Flows (March 22), and now Postbot and soon-to-be-released autosave—we’ve realized that it is now time to announce the end for offline capabilities built with the Scratch Pad mode. Starting May 15, 2023, Scratch Pad mode will no longer be available in the latest version of the Postman app for new downloads.

In place of the Scratch Pad, we are excited to launch a brand-new lightweight API client that is designed for single users who just want to make quick API calls through the Postman UI. It supports HTTP as well as our newest UIs for GraphQL, gRPC, and WebSocket. The API client maintains a history of API calls so you can go back to the requests you use often.

For sharing and collaborating with your coworkers, we recommend workspaces and one of our paid plans that come with robust features. Of course, you can get started with workspaces for up to three users for free.

For users currently using the Scratch Pad mode, it will continue working in deprecated mode until September 15, 2023. We recommend migrating to workspaces through our migration tool, which enables you to pick up right where you left off with your collections, environments, and history. Simply sign in to Postman from the Scratch Pad, select the Settings icon in the header, and click Settings. Next, select the Data tab, followed by Migrate Data:

To complete the migration, select the workspace where you want to migrate your data and select Move Data:

We know this is a change for many users, and we’re here to help. Feel free to email us with questions at [email protected]. You can also read the Learning Center documentation for more information about migrating to workspaces.

Over the past few months, this focus and clear separation has allowed us to deliver new capabilities at a rapid pace, whether it is solving for about 150 GitHub issues, performance improvements, and our new VS Code extension that we are announcing today, as well.

That’s not all. As we’ve introduced new features for end users, we have also invested in ensuring that your data is secure and safe. We have launched secret scanning, SCIM, SSO, and a whole bunch of other security-focused capabilities to ensure that companies can deploy Postman Enterprise with confidence.

Postman is home to more than 25 million developers to build and use APIs. With this change, we believe we will be serving our different segments better in the ways they have grown to love Postman. Thank you for your support!

FAQ

Why did Postman choose a single architecture instead of maintaining two separate ones?
By consolidating into a single architecture, we can focus on delivering a seamless user experience and faster feature development. This change enables us to better support new protocols and streamlines every aspect of Postman’s functionality, resulting in enhanced efficiency and a smoother user experience. In recent months, we’ve closed 380 feature requests and continue to improve Postman’s performance. We’ve also introduced the Postman CLI, API performance testing, and the Postman VS Code extension—along with low-code Postman Flows and the beta release of our AI assistant, Postbot.

What does the end of life of the Scratch Pad entail?
Scratch Pad is no longer available starting with the September 15, 2023 release. We recommend migrating data from the Scratch Pad to a Postman account, and using Postman workspaces to ensure that you continue to gain new capabilities and get up-to-date support on bug fixes, security patches, and performance improvements.

How can I migrate my data from the Scratch Pad to a Postman account?
To migrate your data, select Create Account (located on the right-end corner) or click Switch to a workspace (on the yellow banner at the top of the Postman desktop application), and then follow the prompts to either create a new Postman account or sign in to your existing one. Your data will be seamlessly transferred to your Postman account.

Does the lightweight Postman API client save data only locally?
Yes, all of your data in the lightweight API client is stored locally and isn’t synced online with Postman.

Can I create environments, import collections, and export collections from my local machine without a Postman account?
No, environments and collections features require you to be signed in to a Postman account. This enables you to have seamless access to your collections across the Postman desktop app, Postman for the web, and the Postman VS Code extension via your Postman workspaces.

What features are included in the lightweight API client?
The lightweight API client is designed to let you effortlessly build and send requests, supporting various protocols like HTTP, WebSocket, gRPC, and GraphQL.

You’ll be able to continue to authenticate your requests, add tests to requests, and troubleshoot your requests.
I can’t view my collections after signing up for an account.

Select Settings > Data > Migrate Data. Then, select the workspace where you want to migrate your data and select Move Data. You can also create a new personal workspace for your data.

Can I recover my collection, environments, or any other Postman elements if I move to the lightweight API client from the Scratch Pad without migrating my data or creating a Postman account?
No, you can’t. You must migrate your data to a Postman account in order to recover the data created in the Scratch Pad.

Is there a way to use Postman without syncing data to the cloud or without being signed in?
Yes, you can use the lightweight API client. It stores data locally and isn’t synced online with Postman.

Where can I access the lightweight API client?
To use the lightweight API client, download the Postman app from the download page. The lightweight API client is available from Postman v10.14. When you open the app, select Switch to lightweight API client.

My company’s security standards don’t allow me to use Postman cloud services. What are my options?
For more extensive needs of Postman, our technical architects and solution engineers can assist you in understanding your problem and assisting you better. Reach out to [email protected] for further assistance.

How does Postman protect my data?
Postman uses cryptographic methods and industry standards to protect customer data in transit between Postman clients, the cloud, and at rest. Sensitive data is further protected at the application layer by encrypting on the server side before storage using individual keys per customer. Committed to user privacy, Postman does not read user data or share it with third-party companies for any reason. See our Security & Trust Portal to learn more about our product security, privacy, compliance, and reliability information. We comply with global industry standards on data security and privacy, including the European Union’s General Data Protection Regulation and the California Consumer Privacy Act. We also undergo annual compliance assessments to validate our practices, including the System and Organization Controls (SOC 2) and Microsoft’s Supplier Security and Privacy Assurance (SSPA). These assessments cover our company’s security, availability, and confidentiality practices. We have controls at every layer and phase to secure the Postman API Platform as best as possible.

Security is a top priority in every stage of our product development, enabling us to layer protections early and often. We protect our applications during the software development lifecycle, deployment, and operation phases. We also minimize risks to our applications by isolating them through containerization, which keeps software in safe containers. And we set architectural security guidelines and perform code reviews.

Furthermore, we use security frameworks and industry standards throughout our software development lifecycle, uncovering any OWASP vulnerabilities during software security testing. In addition, Postman’s product ecosystem’s security is validated annually by working with third-party firms. We also have a private bug bounty program, in which security researchers can report potential software vulnerabilities in our services.

It is important to remember that data security is a shared responsibility between Postman and our customers; view our shared responsibility model to learn how you can secure data and credentials in Postman.

In addition, you can also access our Security & Trust FAQ to find answers to our company’s most common security questions.

Where and how is data stored by Postman?
Postman has no in-house data centers and uses Amazon Web Services (AWS) to manage its data centers’ physical and environmental security; our company’s product data and backups are hosted in the U.S. on AWS servers. We leverage several security and privacy-focused features.

We strongly recommend that users review our assurance reports available on the Postman Security & Trust Portal. Such reports validate our company’s practices through rigorous third-party evaluations.

What are user best practices for securing my data in Postman?
Follow safe practices with your data and credentials when using your Postman account. Some best practices include:

• Be careful to avoid accidental data exposure when making a Postman element public, such as workspaces, collections, and environments.

• We strongly recommend you avoid storing sensitive data anywhere except within Postman environments.

• You should also use environment variables with a secret type to store sensitive data and credentials, including API keys and access tokens.

• Learn more by reading our shared responsibility model.