Postman

open source feature this feature is available in both trufflehog open source and trufflehog enterprise! alpha feature this feature is experimental truffle security would like to hear your feedback on it, but cannot guarantee any particular resolution timeline for feature requests or bug reports source integration for postman configuration options to generate a postman api key for use in the configuration file, log into your postman account and click on this link to bring you to the postman api key generation page once your api key expiration settings are set, you can click on the orange generate api key button on the page to find your postman workspace id, select your workspace and click on the ellipsis icon on the far right of the page postman workspace id access web configuration you can configure this integration via the web ui through the integrations tab or you can use a local configuration file as outlined below local configuration a valid postman api key is required multiple workspaces can be inside of the configuration file if no specific workspaces are included in the configuration, the scanner will enumerate and scan all the workspaces that the postman api key has access to sources \ connection '@type' type googleapis com/sources postman token pmak xxxxxxx # postman api key workspaces \# where to list workspace(s) that the postman api key can access \ \<my postman workspace id> \ \<my second postman workspace id> name postman example scanperiod 12h type source type postman verify true key description required token postman api key yes workspaces postman workspace ids no capabilities feature supported workspaces ✅ collection inside of workspace ✅ folder inside of workspace request inside of workspace saved responses inside of workspace environments inside of workspace basic auth, bearer tokens, api keys, aws, oauth2 authorization types globals environment workspace response history collection description ✅ ✅ ✅ ✅ ✅ ❌ ❌ ❌