Repro mode data redactions
Postman Insights treats handling of user data seriously. This page describes the set of default fields and values that Postman Insights redacts, replacing with *REDACTED*, to help ensure compliance with security and privacy requirements.
-
Default keys - Predefined, case-insensitive field names that are automatically redacted, such as
accessToken,auth-key, andx-api-key. These fields are considered sensitive and are masked to ensure data security. -
Default regular expressions - Regular expressions applied by default to field values to identify and redact patterns matching sensitive information, such as tokens, private keys, and authentication details.
-
Optional regular expressions - Optional regular expressions applied to field values to identify and redact patterns matching other sensitive data, such as credit cards, emails, and phone numbers. You can edit these regular expressions to fit your needs.
Postman Insights also allows users to define additional redacted fields and values. See the Settings tab for instructions.
Default keys
Sensitive keys are not case sensitive. They include the following:
accessTokenapi-keyapi_keyauthauth-keyauthKeyclientSecretclientTokenconsumerSecretencryption_keypasswordpostman_sidprimarySecretproxy-authorizationsecondarySecretsecretKeysessionTokenset-cookiesso_jwt_keytokentokenSecretx-access-tokenx-amz-security-tokenx-api-keyx-auth-tokenx-csrf-tokenx-support-secret
Default regular expressions
Default regular expressions include the following:
\bPMAK-[a-f0-9]{24}\b(?i)https:\/\/creator\.zoho\.com\/api\/[A-Za-z0-9\/\-_\.]+\?authtoken=[A-Za-z0-9]+\bt1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}\b\b(live|test)_[a-f0-9]{35}\b(?i)https:\/\/[\w-]*\.?zoom\.us\/(j|my)\/[\d\w?=-]+\b\bb\.AAAAAQ[0-9a-zA-Z_-]{156}\b(?i)\beyJhbGciOi[a-z0-9_\-\.]{2,1000}\b\bpypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}\b\bFLWSECK_TEST[a-h0-9]{12}\b\bnpm_[a-zA-Z0-9]{36}\b\b[0-9]{15,25}-[a-zA-Z0-9]{20,40}\b\bSSWS [a-zA-Z0-9=_\-]{42}\b\bEZAK[a-zA-Z0-9]{54}\b\b(?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20}\b\bico-[a-zA-Z0-9]{32}\b\bflb_live_[0-9a-zA-Z]{20}\b\b[0-9a-f]{32}-us[0-9]{1,2}\b\bdp\.audit\.[a-zA-Z0-9]{40,44}\b(?i)\bduffel_live_[a-zA-Z0-9_-]{43}\b\b(amqp|amqps):\/\/[\d\w\:?=-]+\b\b[A-Za-z0-9]{14}\.atlasv1\.[A-Za-z0-9]{67}\b(?i)\bsk-ant-api[0-9]{2}-[0-9a-z\-\_]{95}\b\bdp\.pt\.[a-zA-Z0-9]{40,44}\b\bAQVN[A-Za-z0-9_\-]{35,38}\b(?i)\bsk_live_[0-9a-z]{24}\b'[-]{5}BEGIN EC PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END EC PRIVATE KEY[-]{5}'\bhttps:\/\/[\w-]*\.?alchemyapi\.io\/v2\/[\d\w?=-]+\b\bNRBR-[a-fA-F0-9]{19}\b\b\d{15,16}(?:\||%)[0-9a-zA-Z_-]{27,40}\b\bpscale_tkn_[A-Za-z0-9_]{43}\b\btfp_[0-9A-Za-z-_]{59}\b\bhttps:\/\/discord\.com\/api\/webhooks\/([0-9]{18,20})\/([0-9a-zA-Z_-]+)\b(?i)\blin_api_[a-zA-Z0-9]{40}\b\bdp\.sa\.[a-zA-Z0-9]{40,44}\b\bdnkey-[a-zA-Z0-9=\-]{26}-[a-zA-Z0-9=\-]{52}\b\b(pk|dk)(prod|test)[a-zA-Z0-9]{28}\b\bglsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8}\b(?i)\bhttps:\/\/api\.hubapi\.com\/webhooks\/v1\/[a-zA-Z0-9]+\/\bhttps://[a-f0-9]{8}:[a-f0-9]{8}@(?:gems\\.contribsys\\.com|enterprise\\.contribsys\\.com)Bearer xoxe.xox[bp]-\d-[a-zA-Z0-9]{163,166}\bPMAK-[a-f0-9]{24}-[a-f0-9]{34}\b\bSK[A-Fa-f0-9]{32}\b(?i)\bshpat_[a-fA-F0-9]{32}\b(?i)\bshppa_[a-fA-F0-9]{32}\b(?i)\bfigd_[0-9a-z_-]{40}\b\bp8e\-[a-zA-Z0-9\-]{32}\bBearer xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+- (
?i)[0-9]+-[0-9a-z_]{32}\.apps\.googleusercontent\.com (?i)https:\/\/(?:www.)?hooks\.zapier\.com\/hooks\/catch\/[a-z0-9]+\/[a-z0-9]+\/\b(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}\b\brzp_live_[0-9a-zA-Z-_]+\b(?i)\bpk_[0-9a-z]{34}\b(?i)\bshippo_test_[a-fA-F0-9]{40}\b\b(pscale_pw_[a-zA-Z0-9=\-_\.]{32,64})\b\bAIza[0-9a-zA-Z-_]{35}\b'[-]{5}BEGIN OPENSSH PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END OPENSSH PRIVATE KEY[-]{5}''[-]{5}BEGIN RSA PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END RSA PRIVATE KEY[-]{5}'(?i)\bduffel_test_[a-zA-Z0-9_-]{43}\b(?i)\br8_[0-9a-z-_]{37}\b(?i)\bhf_[0-9a-z]{34}\b\b[a-f0-9]{8}:[a-f0-9]{8}\b\bakaa[0-9a-z-]{15,1000}\b(?i)\bghr_[0-9a-zA-Z]{36}\b(?i)\bshippo_live_[a-fA-F0-9]{40}\b\bglptt-[0-9a-f]{40}\b\bdapi([a-hA-H0-9]{32})\b\bpscale_app_secret_[a-zA-Z0-9=\-_\.]{43}\bBearer xox[os]-\d+-\d+-\d+-[a-fA-F\d]+\bdt0c01\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{64}\b\b(glc_[A-Za-z0-9+\/]{32,400}={0,2})\b(?i)\brubygems_[a-f0-9]{48}\b(?i)\bCCIPAT_[0-9a-z]{22}_[0-9a-z]{40}\b\bNRII-[a-zA-Z0-9-]{32}\bBearer xoxb-[0-9]{10,13}\-[0-9]{10,13}[a-zA-Z0-9-]*(?i)\bghp_[A-Z0-9]{36}\b\bakab-[a-zA-Z0-9]{16}-[a-zA-Z0-9]{16}\b(?i)\bgh[us]_[0-9a-zA-Z]{36}\b\bGR1348941[0-9a-zA-Z\-\_]{20}\b\bdp\.ct\.[a-zA-Z0-9]{40,44}\b\bapi_org_[a-zA-Z]{34}\b\beyJrIjoi[A-Za-z0-9]{70,400}={0,2}\b\btk-us-[a-zA-Z0-9-_]{48}\b\bAGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}\b\bsu[a-zA-Z0-9]{12}\b(?i)\bBasic [A-Z0-9+/]{8,1000}[=]{0,2}'[-]{5}BEGIN DSA PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END DSA PRIVATE KEY[-]{5}'\bdG9rO[0-9a-zA-Z]{54}\=\bphc_[a-zA-Z0-9_]{43}\b\bBearer [A-Za-z0-9\-._~+/]{8,1000}[=]{0,2}(?i)\bNRAK-[0-9a-z-_]{27}\b(?i)\bgho_[0-9a-zA-Z]{36}\b(?i)\bpul-[a-fA-F0-9]{40}\b(?i)\bhttps:\/\/chat\.twilio\.com\/v2\/Services\/[a-zA-Z0-9]{32}\b\bpub-c-[0-9a-z]{8}-[0-9a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}\b\baio\_[a-zA-Z0-9]{28}\b\b(live|test)_[a-f0-9]{35}\b\bpk\.[a-zA-Z0-9]{60,70}\.[a-zA-Z0-9]{22}\b'[-]{5}BEGIN PGP PRIVATE KEY BLOCK[-]{5}([\s\S]{128,}?)[-]{5}END PGP PRIVATE KEY BLOCK[-]{5}'\bsk_[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b(?i)\bdo[por]v1[a-f0-9]{64}\b\bey[a-zA-Z0-9]{17,512}\.ey[a-zA-Z0-9/-]{17,512}\.[a-zA-Z0-9/-]{17,512}={0,2}\b\bLTAI[a-zA-Z0-9]{20}\b\brdme_[a-zA-Z0-9]{70}\b\bsecret_[0-9a-zA-Z-_]{43}\b(?i)\bpk_[0-9]{7,8}_[0-9a-z]{32}\bBearer [0-9]{15,25}-[a-zA-Z0-9]{20,40}\bpnu_[a-zA-Z0-9]{36}\b\bsub-c-[0-9a-z]{8}-[a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}\b\bfio-u-[a-zA-Z0-9\-_=]{64}\b(?i)\brk_live_[0-9a-z]{24}\b\bion_[a-zA-Z0-9]{42}\b\bkey[a-zA-Z0-9]{14}\bhttps:\/\/www\.google\.com\/calendar\/embed\?src=[A-Za-z0-9%\@&;=\-_\.\/]+\bpdct\.1\.1\.[0-9A-Z]{16}\.[0-9a-z]{16}\.[0-9a-z]{40}\b\bYC[a-zA-Z0-9_\-]{38}\b\bBBFF-[0-9a-zA-Z]{30}\b(?i)\bpscale_tkn_[a-zA-Z0-9\-_\.]{43}\b\bEZTK[a-zA-Z0-9]{54}\b\bapify\api\[a-zA-Z-0-9]{36}\b\bEAACEdEose0cBA[0-9A-Za-z]{5,1000}\b\bPMAT-[0-9A-Z]{26}\b(?i)\bshpca_[a-fA-F0-9]{32}\bBearer xoxb-[0-9]{8,14}\-[a-zA-Z0-9]{18,26}\bdp\.scim\.[a-zA-Z0-9]{40,44}\b\bsk\.[a-zA-Z-0-9\.]{80,240}\b\bpscale_oauth_[a-zA-Z0-9=\-_\.]{43}\b\bsk_test_[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b(?i)\bKEY[0-9A-Z_-]{55}\b(?i)\bhttps:\/\/hooks\.slack\.com\/(services|workflows)\/[a-z0-9_+\/]{43,46}\b(?i)\bsbp_[a-f0-9]{40}\b(?i)\bsk-[0-9a-z]{20}T3BlbkFJ[0-9a-z]{20}\b\bgithub_pat_[0-9a-zA-Z_]{82}\b\bFLWSECK_TEST-[a-h0-9]{32}-X\b\bsl\.[a-zA-Z0-9\-=_]{135,}\bBearer xoxe-\d-[a-zA-Z0-9]{146}(?i)\bglpat-[0-9a-zA-Z_\-]{20}\b\bhttps://[a-zA-Z0-9\\-]{0,63}\\.webhook\\.office\\.com/webhookb2/[a-z0-9-]{36}@[a-z0-9-]{36}/IncomingWebhook/[a-z0-9]{32}/[a-z0-9-]{36}\b\d{15,16}\|[0-9a-zA-Z\-_]{27}\bsb_secret_[-_a-zA-Z0-9]{27}\bLTAI[a-zA-Z0-9]{17,21}\b(?i)\beyJhbGciOi[a-z0-9_\-\.]{2,1000}\b
Optional regular expressions
Optional regular expressions include the following:
-
US SSN:
^(?P<usssn>[0-9]{3}-[0-9]{2}-[0-9]{4})$ -
10-digit phone number:
^(?P<phone>(\+\d{1,2}\s?)?\(?\d{3}\)?[\s.-]?\d{3}[\s.-]?\d{4}$) -
Email addresses:
(?P<email>(?:[a-z0-9!#$%&'*+/=?^_\x60{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_\x60{|}~-]+)*|\"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*\")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9]))\.){3}(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9])|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])) -
American Express card:
^(?P<amexcard>3[47][0-9]{2}[\s,-]?[0-9]{6}[\s,-]?[0-9]{5})$ -
BCGlobal card:
^(?P<bcglobalcard>(?:6541|6556)(?:[\s,-]?[0-9]{4}){3})$ -
Carte Blanche card:
^(?P<carteblanchecard>389[0-9][\s,-]?[0-9]{6}[\s,-]?[0-9]{4})$ -
Diners Club card:
^(?P<dinersclubcard>3(?:0[0-5][0-9]|[68][0-9]{2})[\s,-]?[0-9]{6}[\s,-]?[0-9]{4})$ -
Discover card:
^(?P<discovercard>(?:65[4-9][0-9]|64[4-9][0-9]|6011)[\s,-]?(?:[0-9]{4}[\s,-]?){3}|(?:622(?:1[\s,-]?2[6-9]|1[\s,-]?[3-9][0-9]|[2-8][\s,-]?[0-9][0-9]|9[\s,-]?[01][0-9]|9[\s,-]?2[0-5]))(?:[0-9]{2}[\s,-]?[0-9]{4}[\s,-]?[0-9]{4}))$ -
Insta Payment card:
^(?P<instacard>63[7-9][0-9](?:[\s,-]?[0-9]{4}){3})$ -
JCB card:
^(?P<jcbcard>35[0-9]{2}(?:[\s,-]?[0-9]{4}){3})$ -
Korean Local card:
^(?P<koreanlocalcard>9[0-9]{3}(?:[\s,-]?[0-9]{4}){3})$ -
Laser card:
^(?P<lasercard>(?:6304|6706|6709|6771)(?:[\s,-]?[0-9]{4}){3})$ -
Maestro card:
^(?P<maestrocard>(?:5018|5020|5038|6304|6759|6761|6763)(?:[\s,-]?[0-9]{4}[\s,-]?[0-9]{5}|[\s,-]?[0-9]{6}[\s,-]?[0-9]{5}|(?:[\s,-]?[0-9]{4}){3}(?:[\s,-]?[0-9]{3})?))$ -
Mastercard:
^(?P<mastercard>(?:5[1-5][0-9]{2}|2(?:22[1-9]|2[3-9][0-9]|[3-6][0-9]{2}|7[0-1][0-9]|720))(?:[\s,-]?[0-9]{4}){3})$ -
Solo card:
^(?P<solocard>(?:6334|6767)(?:[\s,-]?[0-9]{4}){3}(?:[\s,-]?[0-9]{3})?)$ -
Switch card:
^(?P<switchcard>(?:4903|4905|4911|4936|6333|6759)(?:[\s,-]?[0-9]{4}){3}|5641[\s,-]?82[0-9]{2}(?:[\s,-]?[0-9]{4}){2}|6331[\s,-]?10[0-9]{2}(?:[\s,-]?[0-9]{4}){2})$ -
Union Pay card:
^(?P<unionpaycard>62[0-9]{2}(?:[\s,-]?[0-9]{4}){3})$ -
Visa card:
^(?P<visacard>4[0-9]{3}(?:[\s,-]?[0-9]{4}){3})$ -
Visa Master card:
^(?P<visamastercard>5[1-5][0-9]{2}(?:[\s,-]?[0-9]{4}){3})$
Last modified: 2025/07/16
