If someone with an environment editor role updates that initial value to v2 of the API like, the updated initial value is shared with the team:Ĭurrent values are restricted to your session within your Postman app. For example, if you want to share information like a base URL of for your API, those initial values will be accessible to the team. Initial values are accessible to your team in the workspace. Share the environment with your team by moving it to a team workspace: Let’s walk through an example in which I share an environment with my team without sharing my personal API key. The current value is never synced to your account or shared with your team-unless you choose to persist it-which keeps it more secure. If you log out of Postman, those values will disappear. The current value is local to your session within your Postman app. This also ensures that you don’t override the team’s value.įor global, collection, and environment variables, you can distinguish between an initial and current value. If you’re sharing an environment with your team, keep your tokens private by only updating the current value. Variables can also be referenced in script fields, such as by using pm.environment.get(): #2: Do not share your API keys with your team Hover over the variable name to inspect the variable’s value and scope. Variables can be referenced in text fields with double curly braces, as you can see here with the Authorization tab. You can also access all environments from Environments in the sidebar and select the set active icon next to an environment to make it the active environment. Postman displays the active environment in the environment selector, located in the top right of the workbench. Using Postman environments allows you to decouple specific variables so they can be used alongside different collections and shared separately with other team members and collaborators.Ĭreate an environment and add an environment variable called api_key, and Save your changes. Let’s follow an example to store an API key as an environment variable. There are different variable scopes to suit different use cases. Storing your API key as a variable allows you to revoke, or refresh, the value in a single spot. In the same way you use variables for parameterized data, you can also use variables to decouple your secrets from the rest of your code. Instead of hard-coding your API keys, you can store them as variables in Postman. #1: Do not embed your API keys directly in code Fork the example environment: Securely using API keys in Postman.Fork the example collection: Securely using API keys in Postman.Build your own example by following this step-by-step tutorial, or fork the example collection and environment in this workspace to follow along. Let’s look at three ways to securely work with API keys. If you want to join along in Postman with more detailed explanations, import the full tutorial here and follow the step-by-step documentation. I’m going to reference the Postman tutorial called Securely Using API Keys. To help you use API keys as effectively as possible, let’s walk through some common pitfalls we see come up, and learn how to handle sensitive data in Postman. If you work with APIs, then you already know there’s many ways to prove your identity and gain access to an API, such as API keys.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |