Skip to main content

Postman integration with Snapsec VM

Use the Postman integration to automatically send API test results or exported Postman Collections into Snapsec VM for vulnerability parsing, API discovery, and assessment-level organization. This integration allows security teams to reuse existing Postman workflows while enriching Snapsec VM with structured API data and security insights.

Prerequisites

Before integrating Postman with Snapsec VM, ensure you have:
  • A Postman workspace with one or more Collections.
  • Ability to export a Postman Collection (v2.1 recommended).
  • Snapsec VM:
    • Assessment ID for storing imported API requests.
    • API Key for authentication.
  • Optional: Postman API key (if using automated sync via Postman API).
You can use this integration manually (file upload) or automatically (Postman API).

Import Postman Collections into Snapsec VM

Snapsec VM supports 2 modes:

Mode A — Manual Upload (Simplest Method)

  1. In Postman, open the collection.
  2. Click … → Export.
  3. Choose Collection v2.1.
  4. Save the JSON file locally.
Now upload it to Snapsec VM:
  1. In Snapsec, go to VM → Integrations.
  2. Select PostmanUpload Collection.
  3. Choose the exported .json file.
  4. Select the Assessment where requests should be imported.
  5. Click Import.
Snapsec will:
  • Parse all API requests
  • Extract endpoints and methods
  • Identify authentication patterns
  • Detect potential vulnerabilities using built-in rules
  • Populate the API catalog inside VM

Mode B — Automated Sync (Using Postman API)

If you prefer continuous imports:
  1. Go to Postman: Settings → API Keys → Generate API Key.
  2. Copy the key.
In Snapsec:
  1. Open VM → Integrations → Postman.
  2. Enter:
    • Postman API Key
    • Collection UID
    • Workspace ID (optional, depending on configuration)
  3. Click Connect.
Snapsec will periodically fetch updates from Postman and re-import new or changed requests.

How Snapsec Processes Postman Collections

Once imported, Snapsec automatically:
  • Extracts all REST, GraphQL, and SOAP requests
  • Maps endpoints to assets
  • Identifies sensitive parameters
  • Detects authentication or authorization patterns
  • Flags potential misconfigurations or risky request flows
  • Populates API data into:
    • Assessments
    • API Catalog
    • Vulnerability Scanner (if connected)
Combined with scanning engines, this creates a complete API security workflow.

Use Cases

API Discovery

Automatically extract all endpoints used by developers and sync them into Snapsec.

Security Testing

Combine Postman requests with Snapsec VM scanning to detect API vulnerabilities.

CI/CD Automation

Sync updated Postman collections on each deployment.

Developer Collaboration

Developers keep using Postman; security teams get structured, enriched insight in Snapsec.

Troubleshooting

  • Collection not importing?
    Ensure the file is exported as Postman Collection v2.1.
  • Incorrect endpoints displayed?
    Some workflows require setting the correct Postman environment during export.
  • Auth values missing?
    Snapsec only imports authentication if included in the file (check “export with values”).
  • Sync failing via Postman API?
    • Validate Postman API key
    • Verify Collection UID
    • Ensure Postman workspace permissions
If issues continue, share the request ID with Snapsec support.

Next Steps

Explore the API Catalog

View all imported API endpoints and linked vulnerabilities.