Weāve built out our documentation using Postman and are publishing it to a custom domain. Is there a way to only allow certain people to access the documentation?
Hi @amanda! At this time no, this is not possible. Hereās a statement from @abhinav, our CEO, about it:
Documentation is not a static HTML/CSS page that we can publish. There are several other systems that will complement docs as part of the full SaaS offering for Pro/Enterprise (annotations, versioning, real-time collaboration etc.). Weāll re-open this thread if plans change. Iād recommend using an external library for converting and hosting docs privately if needed.
If anything changes, weāll be sure to publish it here and on our public roadmap! 
We have the same need.
But I failed to get the reasoning here. āDocumentation is not a static HTML/CSS page that we can publishā does not implies āIt can not be password-protectedā.
That would be a very valuable feature for our company.
Would it be possible, at least, to create postman users with doc-only access. These users should not be charged has they are not really team users.
2 Likes
@amanda did you find a solution? There is a feature request (Documentation Password Protection) but it is stuck. We are thinking to move from Postman for the lack of this feature.
Guys I fixed it with some NGINX configuration and BasicAuth, I set TXT RECORD that provided by Postman for my domain in DNS resolver (Bind, Route53, ā¦) and handle CNAME Record redirection with NGINX.
for example if you have a sub domain (ex: docs.example.com) that you want to show your Postman Published collections you should set a CNAME record which point to your host instead of
phs.getpostman.com so we can handle it with NGINX rather than DNS resolver.
So Now create an NGINX conf in /etc/nginx/conf.d or anywhere you install NGINX:
you can check these configuration on my Github gist Add BasicAuth to Postman Published Collection on Custom Domains Ā· GitHub
# IF you want to Setup ON SSL Configuration
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name docs.example.com;
# SSL Configuration
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5;
auth_basic "Restricted Area";
auth_basic_user_file /path/to/.htpasswd;
location / {
proxy_pass https://phs.getpostman.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_intercept_errors on;
}
}
# IF you want to Setup ON non-SSL Configuration
server {
listen 80;
listen [::]:80;
server_name docs.example.com;
auth_basic "Restricted Area";
auth_basic_user_file /path/to/.htpasswd;
location / {
proxy_pass https://phs.getpostman.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_intercept_errors on;
}
}
Hope it helps someone.
@alshf89 Thanks for sharing this! Greatly appreciated!
We weāre looking at the exact same thing. Iāve made a docker image to make it a bit easier to deploy (Iāll share the image when everything is working).
Howeverā¦ I just published the documentation and I noticed something in the success message in Postman. Perhaps youāve also seen this?
Besides the custom URL, Postman is also showing a public URL like so:
https://documenter.getpostman.com/view/12345678/ABCX1235
Iāve Googled the domain and these are definitely getting indexed so that would be defeating the authentication purpose.
Soā¦ question is: what now?
Iāve been also experimenting with a way to export the collection json to HTML using various tools:
But that means you would need to rebuild the documentation every time you make a change. Of course that could be automated too, but still it makes everything more cumbersome.
In addition, hereās where I first noticed the link (of course after doing all the work firstā¦), itās tucked away in the pop-over notification which only appears for a brief moment. You should see it after publishing or re-publishing:
āpublic documentationā has the https://documenter.getpostman.com/ā¦ link.
Does this still occur?? If so, then thereās no point publishing to custom URL.
It behooves me why postman wonāt allow published documentation to be private, either by some simple Basic Auth or by authenticating the users existing Postman token and that they have access to the workspace.
The private āView Documentationā page for a Workspace looks very different than the public Published version. We have a private API that we do not want to expose to the public. Why postman doesnāt see this as valuable I cannot understand. There are many post with folks asking this same question, postman should take a hint @claire
1 Like
totally agree, the published docs look a lot better, but we cant publish for the world to see, would just be nice to share with a private link to parties that do need accesā¦
Hello, any news about this feature? It will be great to have a basic auth on the documentation.