Generate and use Postman API keys

The Postman API and Postman CLI use API keys for authentication. A Postman API key tells the server that the request came from you. You can use API keys to manage and access various resources and elements you create in Postman, which enables you to integrate Postman into your development toolchain.

Enterprise Team Admins can manage Postman API keys at scale with the Postman API key management dashboard. To learn more, see Managing API keys.

Generate a Postman API key

To generate a Postman API key, do the following:

  1. Select your avatar in the Postman header, then select Settings. In the account settings page, select API keys.

  2. If you don't have a key, you'll be prompted to create one. Select Generate API Key.

    Generate API Key

  3. Enter a name for your key and select Generate API Key.

  4. Copy your key.

    Copy your API key

Once you generate your API keys you can manage them in your workspace. Select the more actions icon More actions icon next to a key to regenerate, rename, or delete it.

View your API keys

Use API key settings to specify expiration periods for your keys.

API key settings

Use your Postman API key

After you have a Postman API key, you must authenticate your requests to the Postman API by sending your API key in the X-API-Key header of every request you make. Your API key provides access to any Postman data you have permissions for.

You can also store your API key as a postman-api-key variable. By doing this the Postman API collection will automatically use your API key for each call to the Postman API.

Generate a collection access key

With a collection access key you can securely grant other users read-only access to a single collection. You will generate a new collection access key every time you share a collection using the Postman API. To learn more, see Sharing using the Postman API.

Your API keys page displays all of your generated keys in the Collection access keys section. This section includes information about which collection the key belongs to, who created the key, and when it was created. This section also displays any collection access keys created by other members of the team that you are currently logged in to.

To revoke a collection access key, select Delete.

Deleting collection access keys

Last modified: 2024/05/20

Additional resources

Videos

Intro to the Postman API | Postman Level Up
User Info from the Postman API | Postman Level Up

Blog posts

Filtering and Sorting APIs Using the Postman API
Introducing an API to Access Mock Server Call Logs
Introducing APIs to Access and Manage Server-Level Responses on a Mock Server

Public workspaces

Postman API collection
Postman API definition
Postmanaut dancing. Illustration.