Guidelines on using Postman¶
Lightweight API Client¶
- This is the default client before the user is logged in to Postman services.
- The lightweight API client only stores client save data locally.
- Our recommendation is to use the lightweight client unless you need features from the logged-in client.
Logging in with a user account enables most of the features within Postman, this however comes with some security caveats.
- When using workspaces, collections and environments you potentially expose data.
- Avoid storing sensitive data anywhere except in environments.
- Storing variable values only in the
Current valuefield, will ensure that the data is never shared with Postman.
- You should also use environment variables with a secret type to store sensitive data and credentials, including API keys and access tokens.
Resources to read more on Postman¶
Last update: October 12, 2023