# Postman Integration The Postman integration lets you import Aikido API security findings into Postman. You can review vulnerabilities next to the collection you are testing. This is useful when your team already works in Postman and wants scan results in the same place. This integration works best when your API is already set up for scanning in Aikido. If you still need that, see [REST API & Web App Scanning](https://help.aikido.dev/dast-surface-monitoring/api-scanning/rest-api-scanning). {% hint style="info" %} Use a staging or test environment for active API scanning. Avoid running API fuzzing against production systems. {% endhint %} ### Use Cases * Review Aikido API findings without leaving Postman * Triage issues while testing or updating a collection * Share findings with API owners who work in Postman * Check recent scan results before release

### Setup {% stepper %} {% step %} #### Install the app in Postman In Postman, go to **Settings** and open **Installed Apps**. Add **Aikido** as an installed app.

Approve the install when Postman asks for permission.

{% endstep %} {% step %} #### Generate an API key in Aikido Open the [Postman integration settings](https://app.aikido.dev/settings/integrations/postman) in Aikido. Generate an API key.

{% endstep %} {% step %} #### Paste the API key into Postman Go back to Postman and paste the Aikido API key.

{% endstep %} {% step %} #### Copy the Postman credentials into Aikido Copy the **Client ID** and **Client Secret** from Postman. Paste both values into the Aikido integration settings.

Save the settings to finish the connection.

{% endstep %} {% step %} #### Import findings into a collection Open a Postman collection. Click the three-dot menu and select **Import Vulnerabilities**.

The imported issues appear in the side panel.

{% endstep %} {% endstepper %} ### Data handling This integration exchanges vulnerability data only. It does not transfer source code. It does not rely on stored exploitation data.