Any prospect of revisiting local API storage? - (company forcing uninstall!)

I work for a large company that used Postman extensively. We have recently been ordered to remove Postman in lieu of a client that does NOT store data in the cloud due to security concerns.

Are there any plans to restore this (local storage) functionality? My team and many others would prefer the Postman tooling over alternatives like Bruno, but cannot justify given our security posturing.

Hey @bartnike

Welcome to the Postman Community! :postman:

The signed out Lightweight API Client is our local version, it has limited functionality but give you the ability to build requests from many different protocols, to test your APIs.

For all the all features you would need to be signed in to an account.

At the most basic level, I would recommend that you’re not storing or hardcoding any sensitive data in your Collections. Make full use of the variables and store information in the Current Values so that it’s only available on your machine.

Additional, the Postman Vault should be used to store your sensitive data, it’s your own locally encrypted data store.


What are the security concerns that the company has, have they tried reaching out to us to walkthrough these and provide more information?

We have very large customers across multiple sectors and industries that we have been working with for a number of years - Each of these have their own concerns in those areas and working with our team has provided them with the details around the storage of data.

We not only have the Security and Trust section on our website - we also have our Trust Center which contains all the information of our product security, regulatory compliance and standards which we are audited against.

If you’re working for a large company, it feels like moving on to a higher tier of license would provide your team with more advanced security and API Governance capabilities that come with those.