Since Postman is committed to easing collaboration across stakeholders in the API development process, the Postman API Platform provides a bunch of tools—including workspaces, collections, API Builder, and the API Network—for all stakeholders to collaborate and develop APIs seamlessly.
Recently, we’ve seen initiatives by Postman users spanning organizations across the globe shifting their security left. This means solving for security issues before they arise in the first place by making API producers aware of these risks at the earliest stage possible.
To support users in this effort, we’ve released several features this year to help you build secure APIs, and our most recent update proves that we’re committed more than ever to keeping security top of mind.
Note: The following feature is in beta phase, and will only be available to users signing up for the beta program for this feature. This can be done using the Google form here or by contacting email@example.com with your request.
Although Postman provides extensive security warnings for OpenAPI definitions, we understand that this provides limited value in identifying misses that are associated with the implementation of an API. With the latest Postman update, you can now identify if an API endpoint follows some of the commonly enforced best practices when it comes to the domain of security.
Whenever you send a request, the Postman API Platform will automatically keep an eye out for these and populate the results in the Warnings section of the right side-pane. You can pop over to that and have a look at how your most recent API call performs on a scale of security.
Postman’s Warnings pane showing security warnings
API producers are now informed about such best practices right at the time of API development. All you need is a local implementation of your API endpoint so that Postman can be used to send a request to the same. This will also help reduce surprises at the time of security reviews, streamlining API development and helping you deploy secure APIs faster.
Once an issue is identified, you can use the Possible Fix link added to understand more about the issue highlighted and identify ways to resolve it:
Using the Warnings pane in Postman to figure out impact and next steps
You can see the full list of security checks performed in the Warnings pane in our Learning Center.
Don’t forget to check out the Postman Security public workspace for more resources to help you implement better security practices for your team. Stay tuned to the Postman blog for more product updates supporting heightened security.