Postman API Key for Team

Help
#1

I’d like to run a collection from a Team workspace via newman in a CI job. I am able to generate a postman API key to run newman, but this API key seems to allow everyone to see my personal collections as well. Is there a way to generate an API key just for a team rather than for an individual?

I tried looking here and following along, but it seems to not be updated with the latest changes to the postman web experience: https://learning.postman.com/docs/developer/intro-api/

#2

Hi @mrdotson! Welcome to the community :wave:

Sorry for the confusion - we are working on updating docs and should be updated soon :wink:

To answer your question, API key is tied to each user account, but not to a team, so I am afraid that there is no way to generate API key for a team instead of a user.

Having said that suggested workaround would be to share environment but without sharing API key and use individual API key for each user. To do so, please place your API key in “Current Value” but not in “Initial Value” in the shared environment.

  • The Initial Value is synced to your account via the Postman servers and shared with any collaborators who have access to the environment.
  • The Current Value is local to your Postman app, and is never synced to your account or shared with your team— unless you choose to persist it .

For more info: https://learning.postman.com/docs/sending-requests/managing-environments/#adding-environment-variables

I hope this helps a bit.
Let me know if you have further questions :grin:

#3

Hi @taehoshino

Unfortunately that doesn’t answer my question specifically about running newman in a CI job with a postman API key. If I have to put an individual’s API key for use in a CI job, we have several issues:

  1. If I ever leave the postman team, my organization’s CI jobs will all suddenly stop working and need to be updated with a new key. This point alone makes it not feasible to use in a CI environment.
  2. Anyone can see my API key and use it maliciously. When my organization’s security team finds out, they will shut this down quick.

Do you have any alternative approaches?

#4

Thanks for getting back to me @mrdotson!

I understand your concerns.
Currently there is no feature that allows to generate Postman API key linked to a team rather than a user.

We track our issues publicly on GitHub and would love for you to file this request there so other customers can also weigh in. Our product managers use that feedback to prioritize and add items to our development roadmap :rocket:

Thanks again for reaching out. Let me know if you have further questions :slightly_smiling_face: