Postman Integration

The Postman integration lets you import Aikido API security findings into Postman.

You can review vulnerabilities next to the collection you are testing. This is useful when your team already works in Postman and wants scan results in the same place.

This integration works best when your API is already set up for scanning in Aikido. If you still need that, see REST API & Web App Scanning.

Use a staging or test environment for active API scanning. Avoid running API fuzzing against production systems.

Use Cases

Review Aikido API findings without leaving Postman
Triage issues while testing or updating a collection
Share findings with API owners who work in Postman
Check recent scan results before release

Setup

Install the app in Postman

In Postman, go to Settings and open Installed Apps.

Add Aikido as an installed app.

Approve the install when Postman asks for permission.

Generate an API key in Aikido

Open the Postman integration settings in Aikido.

Generate an API key.

Paste the API key into Postman

Go back to Postman and paste the Aikido API key.

Copy the Postman credentials into Aikido

Copy the Client ID and Client Secret from Postman.

Paste both values into the Aikido integration settings.

Save the settings to finish the connection.

Import findings into a collection

Open a Postman collection.

Click the three-dot menu and select Import Vulnerabilities.

The imported issues appear in the side panel.

Data handling

This integration exchanges vulnerability data only.

It does not transfer source code. It does not rely on stored exploitation data.

Last updated 3 hours ago

Was this helpful?

hashtagUse Cases

hashtagSetup

hashtagInstall the app in Postman

hashtagGenerate an API key in Aikido

hashtagPaste the API key into Postman

hashtagCopy the Postman credentials into Aikido

hashtagImport findings into a collection

hashtagData handling