search
Changelog NotificationsAPIAikido login

Postman Integration

hashtag
Seamless API Security with Postman x Aikido

We’re teaming up with our friends at Postman to bring API security even closer to where developers already work. With the upcoming Aikido Security + Postman integration, you’ll be able to view recent security scans for your API collections—without ever leaving Postman. No new tabs. No switching tools. Just quick, clear security insights as you’re building.

It’s never been easier to build and scale secure APIs as your organization grows.

hashtag
Why This Matters

APIs are one of the most common ways attackers get in. But let’s be real: security checks often come too late (or get skipped altogether) because they’re hard to access, or out of sync with the rest of your tools.

This integration is here to change that.

With just a couple of clicks, you’ll be able to:

  • Ask Aikido for the latest scan of your API collection

  • See the results directly in Postman’s UI

  • Catch potential issues early, before they ever hit production

hashtag
Why Now?

Postman is the world’s most widely used API platform—trusted by over 40 million developers and 98% of the Fortune 500. It’s where teams design, test, and manage their APIs day in and day out.

Bringing Aikido into that flow means you get security exactly where it makes sense, while you’re building, not just after the fact.

This is another step toward our bigger goal: becoming the default security layer for developers. From your repos, to your APIs, to your cloud infrastructure—Aikido helps you secure everything you build, host, and run. So you can get back to building.

hashtag
Scope of Security Testing

Described as an "all-in-one" application security platform, Aikido's covers the entire Software Development Lifecycle (SDLC), including: static application security testing (SAST), dynamic application security testing (DAST), infrastructure-as-code (IaC), container scanning, secrets detection, open source license scanning, cloud posture management (CSPM), runtime protection, and more.

More information on how our DAST (and other) scanning works can be found in our Help Centerarrow-up-right. All checks can be found inside the Aikido platform on this pagearrow-up-right.

hashtag
Installation and Setup

Step 1. Log in into Postman > Settings and go to Installed App

Step 2. Add Aikido as installed app

Step 3. You will be prompted to Install the Aikido App. Click Allow

Step 4. Head over to the Postman Integrationarrow-up-right page in your Aikido Workspace and Generate API Key

Step 5. Go back to Postman, and paste this API key.

Step 6. Copy / paste Postman’s Client ID and Client Secret in your Aikido Workspace.

Step 7. Press Save Settings to finalise the integration setup.

Step 8. Go back to a workspace, click the triple dots on a collection and click Import Vulnerabilities

Step 9. See all imported issues in the sidepanel.

hashtag
Data Handling and Security

This integration only exchanges data related to vulnerabilities. It does not exchange any code or exploitation info. It does not store any sensitive information - any code is fetched real-time from the source code managers.

Aikido is both ISO 27001:2022 & AICPA's SOC 2 Type II compliant.

Aikido is in full compliance of the General Data Protection Regulation (GDPR).

Last updated

Was this helpful?