Skip to main content

Postman API Key

Description

General

  • Documentation: https://www.postman.com/postman/workspace/postman-public-workspace/overview
  • Summary: Postman is a software that allows developers to build and test APIs. Access to online resources can be done through the API. This detectors aims at catching the API key used to access those resources.
  • IPs allowlist: This feature is not currently available.
  • Scopes: The API key has the same scope as the user who created it.

Revoke the secret

Keys can be revoked or temporarily deactivated from the API keys dashboard.

Check for suspicious activity

The last accessed date of a key can be inspected from the API keys dashboard.

Details for Postman api key

  • Family: Api

  • Category: Messaging system

  • Company: Postman

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 2.85

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator
patterns:
- pmak-

Examples

- text: |
PMAK-5dd543842789bd0036bf98c1-a5a9b8f1dfda8fbf18a4664ebe558b04ed
apikey: PMAK-5dd543842789bd0036bf98c1-a5a9b8f1dfda8fbf18a4664ebe558b04ed

# Fat-fingered secret
- text: XPMAK-5dd543842789bd0036bf98c1-a5a9b8f1dfda8fbf18a4664ebe558b04ed
apikey: PMAK-5dd543842789bd0036bf98c1-a5a9b8f1dfda8fbf18a4664ebe558b04ed

How can I help you ?