# Postman Integration

The Postman integration lets you import Aikido API security findings into Postman.

You can review vulnerabilities next to the collection you are testing. This is useful when your team already works in Postman and wants scan results in the same place.

This integration works best when your API is already set up for scanning in Aikido. If you still need that, see [REST API & Web App Scanning](/dast-surface-monitoring/api-scanning/rest-api-scanning.md).

{% hint style="info" %}
Use a staging or test environment for active API scanning. Avoid running API fuzzing against production systems.
{% endhint %}

### Use Cases

* Review Aikido API findings without leaving Postman
* Triage issues while testing or updating a collection
* Share findings with API owners who work in Postman
* Check recent scan results before release

<figure><img src="/files/YtuE0SGo8leHRxvxHd02" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/vWTzS4oDU8Jph9OCGsTM" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/puUc5EYOCCDCCrFj1UVE" alt=""><figcaption></figcaption></figure>

### Setup

{% stepper %}
{% step %}
**Install the app in Postman**

In Postman, go to **Settings** and open **Installed Apps**.

Add **Aikido** as an installed app.

<figure><img src="/files/W1rmu2myOgdXEQJp29rg" alt=""><figcaption></figcaption></figure>

Approve the install when Postman asks for permission.

<figure><img src="/files/Q7kEcZffxL2TSqUralj2" alt="" width="563"><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Generate an API key in Aikido**

Open the [Postman integration settings](https://app.aikido.dev/settings/integrations/postman) in Aikido.

Generate an API key.

<figure><img src="/files/jkfAdkLk7XCXI2oj0nIO" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Paste the API key into Postman**

Go back to Postman and paste the Aikido API key.

<figure><img src="/files/Q2Av0oceB21HfMtAa5WV" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Copy the Postman credentials into Aikido**

Copy the **Client ID** and **Client Secret** from Postman.

Paste both values into the Aikido integration settings.

<figure><img src="/files/Q8T9V9dQ2H67vCEWEKgU" alt=""><figcaption></figcaption></figure>

Save the settings to finish the connection.

<figure><img src="/files/mzmgnAnLwgSTo7tA2gVX" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Import findings into a collection**

Open a Postman collection.

Click the three-dot menu and select **Import Vulnerabilities**.

<figure><img src="/files/DOpvgjtuKiuIXhni5bR7" alt=""><figcaption></figcaption></figure>

The imported issues appear in the side panel.

<figure><img src="/files/PKGRAHAXmRHXYwZlZhJi" alt=""><figcaption></figcaption></figure>
{% endstep %}
{% endstepper %}

### Data handling

This integration exchanges vulnerability data only.

It does not transfer source code. It does not rely on stored exploitation data.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.aikido.dev/dast-surface-monitoring/postman-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.