You Do Not Need a Postman Account For Anything We Do
And if you use one, then the Postman people keep your stuff (I mean, our customer’s stuff) on their servers. Use Postman without an account unless you have a Really Good Reason to use an account, and then, clean up when you’re done.
Without an account, you’re limited to a “Scratch Pad” instead of a “Workspace” and you can only use “Collections” and not “APIs”. But you don’t nees a Workspace, and you’ll always work with a Collection, so you’re not losing anything.
If there actually is something you find useful or necessary about using a Postman account, please tell bbking so this information can be revised.
Postman is one of the more aggressive users of dark patterns - it’s hard to notice that not having an account is even an option, but it is. Look closely near the bottom of the window when it asks you to sign in and you’ll see gray-on-gray text that lets you skip the login step. You only have to do it once per installation.
Postman is an API Development Tool
- Intended for developers to help build and test APIs
- Can import OAS (Open API Spec, pka “Swagger Profile”) files and generate boilerplate requests for you. Do this.
- Can use Burp as a proxy. Do this.
- File > Settings (or
Ctrl-,) then go to the Proxy tab. - Can import the Burp CA on the “Certificates” tab or just disable “SSL certificate validation” in the “General” tab.
- Use Postman to generate valid baseline requests
- Use Burp Repeater and Intruder and friends to do your security testing like normal
- File > Settings (or