What’s new in Postman: Secrets management built in

Postman now detects and vaults API secrets automatically at runtime. Learn how Local Secrets Protection, Shared Vault, and Secrets Resolution keep your credentials safe.

Postman Passport: Secure API access for the Agentic Era

Postman Passport gives agents and developers credential references instead of real API keys, keeping secrets inside your VPC and eliminating secret sprawl.

What is a Bearer Token? Understanding API Authentication

Quick answer Bearer tokens authenticate API requests by granting access to whoever possesses the token, passed in the Authorization header as Authorization:…

Choose the right Postman plan for your organization

Update: Postman plans are changing in early 2026. For the latest information, visit our pricing page. When it comes to API development…

Postman (Free) is secure by design

As Postman’s Head of Security, I am dedicated to ensuring that all Postman users (paying or not) benefit from enterprise-grade security baked…

What is API encryption?

API encryption is the process of encoding data that is sent between a client and an API in order to prevent unauthorized…

Third-party library encryption with Mastercard and Postman

This is guest post written by Tarric Sookdeo, senior content strategy analyst at Mastercard. When an API is handling sensitive data such…

The 3 fundamental checks of API governance rules

API definitions, such as OpenAPI documents, are often inspected to perform automated API governance checks. As an API definition aims to describe…

5 ways to reduce exposure to API security risks

API security has become a significant concern as insecure APIs may provide attackers with access to sensitive customer data. In recent years,…

OWASP API Security Top 10 2023 and GraphQL

This is a guest post by Antoine Carossio, ex-Apple, cofounder & CTO at Escape – GraphQL Security. The OWASP API Security Top…

APIs to enhance application security

As the number of mobile and web apps continues to grow, so does the need for effective security measures to protect them…

Use the Postman and APIsec EthicalCheck Integration for Better Security Practices

This is a guest post written by Intesar Shannan Mohammed, founder and CTO at APIsec. EthicalCheck from APIsec is a free and…