Please advice if we have exposed our API credentials when we tested an Api inside the public workspace

Ask the Experts and Postman Tips
,
1

Hi All,

One of my colleagues singed in to PostMan online and were redirected to the Public workspace

Now he though the he is connected to his private workspace, so he tested some APIs and he provided our API username and password… so we are not sure if those credentials were exposed in a way or another? no the user tried to save the request, but we are not sure if the API request were saved to the public workspace or not? how we can check this.?
here are screen shots of the actions he took

Screenshot 2025-03-16 030239
Screenshot 2025-03-16 0302391021×462 22.3 KB

Screenshot 2025-03-16 030418
Screenshot 2025-03-16 0304181055×561 30.6 KB

Screenshot 2025-03-16 025355
Screenshot 2025-03-16 025355728×335 11 KB

Screenshot 2025-03-16 024622
Screenshot 2025-03-16 0246221892×513 45.9 KB

Screenshot 2025-03-16 024602
Screenshot 2025-03-16 0246021954×952 116 KB

2

Hey @security-astronaut10 :waving_hand:t3:

Welcome to the Postman Community :postman:

No one will be able to see any requests that you have made in that Public Workspace.

The members who are part of the team that own the workspace, would be able to see some of the requests made by their team but that’s it.

1000014187
10000141871075×1792 144 KB

If you were not part of the team, you wouldn’t see any of the history apart from your own.

As you also have no permissions on that Workspace, you wouldn’t be able to save anything in there.

3

@Danny Dainton Hi,

Thanks for the quick and clear reply. thanks