Beta feature
Repro mode data redactions
Postman Insights treats handling of user data seriously. This page describes the set of default fields and values that Postman Insights redacts, replacing with *REDACTED*, to help ensure compliance with security and privacy requirements.
-
Sensitive keys - Predefined, case-insensitive field names that are automatically redacted, such as
accessToken,auth-key, andx-api-key. These fields are considered sensitive and are masked to ensure data security. -
Sensitive value RegEx - Regular expressions applied to field values to identify and redact patterns matching sensitive information, such as tokens, private keys, and authentication details.
Postman Insights also allows users to define additional redacted fields and values. See the Insights Settings tab for instructions about how to redact additional fields.
Sensitive keys
Sensitive keys are not case sensitive. They include the following:
accessTokenapi-keyapi_keyauthauth-keyauthKeyclientSecretclientTokenconsumerSecretencryption_keypasswordpostman_sidprimarySecretproxy-authorizationsecondarySecretsecretKeysessionTokenset-cookiesso_jwt_keytokentokenSecretx-access-tokenx-amz-security-tokenx-api-keyx-auth-tokenx-csrf-tokenx-support-secret
Sensitive value RegEx
Sensitive value regular expressions include the following:
\bPMAK-[a-f0-9]{24}\b(?i)https:\/\/creator\.zoho\.com\/api\/[A-Za-z0-9\/\-_\.]+\?authtoken=[A-Za-z0-9]+\bt1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}\b\b(live|test)_[a-f0-9]{35}\b(?i)https:\/\/[\w-]*\.?zoom\.us\/(j|my)\/[\d\w?=-]+\b\bb\.AAAAAQ[0-9a-zA-Z_-]{156}\b(?i)\beyJhbGciOi[a-z0-9_\-\.]{2,1000}\b\bpypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}\b\bFLWSECK_TEST[a-h0-9]{12}\b\bnpm_[a-zA-Z0-9]{36}\b\b[0-9]{15,25}-[a-zA-Z0-9]{20,40}\b\bSSWS [a-zA-Z0-9=_\-]{42}\b\bEZAK[a-zA-Z0-9]{54}\b\b(?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20}\b\bico-[a-zA-Z0-9]{32}\b\bflb_live_[0-9a-zA-Z]{20}\b\b[0-9a-f]{32}-us[0-9]{1,2}\b\bdp\.audit\.[a-zA-Z0-9]{40,44}\b(?i)\bduffel_live_[a-zA-Z0-9_-]{43}\b\b(amqp|amqps):\/\/[\d\w\:?=-]+\b\b[A-Za-z0-9]{14}\.atlasv1\.[A-Za-z0-9]{67}\b(?i)\bsk-ant-api[0-9]{2}-[0-9a-z\-\_]{95}\b\bdp\.pt\.[a-zA-Z0-9]{40,44}\b\bAQVN[A-Za-z0-9_\-]{35,38}\b(?i)\bsk_live_[0-9a-z]{24}\b'[-]{5}BEGIN EC PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END EC PRIVATE KEY[-]{5}'\bhttps:\/\/[\w-]*\.?alchemyapi\.io\/v2\/[\d\w?=-]+\b\bNRBR-[a-fA-F0-9]{19}\b\b\d{15,16}(?:\||%)[0-9a-zA-Z_-]{27,40}\b\bpscale_tkn_[A-Za-z0-9_]{43}\b\btfp_[0-9A-Za-z-_]{59}\b\bhttps:\/\/discord\.com\/api\/webhooks\/([0-9]{18,20})\/([0-9a-zA-Z_-]+)\b(?i)\blin_api_[a-zA-Z0-9]{40}\b\bdp\.sa\.[a-zA-Z0-9]{40,44}\b\bdnkey-[a-zA-Z0-9=\-]{26}-[a-zA-Z0-9=\-]{52}\b\b(pk|dk)(prod|test)[a-zA-Z0-9]{28}\b\bglsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8}\b(?i)\bhttps:\/\/api\.hubapi\.com\/webhooks\/v1\/[a-zA-Z0-9]+\/\bhttps://[a-f0-9]{8}:[a-f0-9]{8}@(?:gems\\.contribsys\\.com|enterprise\\.contribsys\\.com)Bearer xoxe.xox[bp]-\d-[a-zA-Z0-9]{163,166}\bPMAK-[a-f0-9]{24}-[a-f0-9]{34}\b\bSK[A-Fa-f0-9]{32}\b(?i)\bshpat_[a-fA-F0-9]{32}\b(?i)\bshppa_[a-fA-F0-9]{32}\b(?i)\bfigd_[0-9a-z_-]{40}\b\bp8e\-[a-zA-Z0-9\-]{32}\bBearer xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+- (
?i)[0-9]+-[0-9a-z_]{32}\.apps\.googleusercontent\.com (?i)https:\/\/(?:www.)?hooks\.zapier\.com\/hooks\/catch\/[a-z0-9]+\/[a-z0-9]+\/\b(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}\b\brzp_live_[0-9a-zA-Z-_]+\b(?i)\bpk_[0-9a-z]{34}\b(?i)\bshippo_test_[a-fA-F0-9]{40}\b\b(pscale_pw_[a-zA-Z0-9=\-_\.]{32,64})\b\bAIza[0-9a-zA-Z-_]{35}\b'[-]{5}BEGIN OPENSSH PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END OPENSSH PRIVATE KEY[-]{5}''[-]{5}BEGIN RSA PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END RSA PRIVATE KEY[-]{5}'(?i)\bduffel_test_[a-zA-Z0-9_-]{43}\b(?i)\br8_[0-9a-z-_]{37}\b(?i)\bhf_[0-9a-z]{34}\b\b[a-f0-9]{8}:[a-f0-9]{8}\b\bakaa[0-9a-z-]{15,1000}\b(?i)\bghr_[0-9a-zA-Z]{36}\b(?i)\bshippo_live_[a-fA-F0-9]{40}\b\bglptt-[0-9a-f]{40}\b\bdapi([a-hA-H0-9]{32})\b\bpscale_app_secret_[a-zA-Z0-9=\-_\.]{43}\bBearer xox[os]-\d+-\d+-\d+-[a-fA-F\d]+\bdt0c01\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{64}\b\b(glc_[A-Za-z0-9+\/]{32,400}={0,2})\b(?i)\brubygems_[a-f0-9]{48}\b(?i)\bCCIPAT_[0-9a-z]{22}_[0-9a-z]{40}\b\bNRII-[a-zA-Z0-9-]{32}\bBearer xoxb-[0-9]{10,13}\-[0-9]{10,13}[a-zA-Z0-9-]*(?i)\bghp_[A-Z0-9]{36}\b\bakab-[a-zA-Z0-9]{16}-[a-zA-Z0-9]{16}\b(?i)\bgh[us]_[0-9a-zA-Z]{36}\b\bGR1348941[0-9a-zA-Z\-\_]{20}\b\bdp\.ct\.[a-zA-Z0-9]{40,44}\b\bapi_org_[a-zA-Z]{34}\b\beyJrIjoi[A-Za-z0-9]{70,400}={0,2}\b\btk-us-[a-zA-Z0-9-_]{48}\b\bAGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}\b\bsu[a-zA-Z0-9]{12}\b(?i)\bBasic [A-Z0-9+/]{8,1000}[=]{0,2}'[-]{5}BEGIN DSA PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END DSA PRIVATE KEY[-]{5}'\bdG9rO[0-9a-zA-Z]{54}\=\bphc_[a-zA-Z0-9_]{43}\b\bBearer [A-Za-z0-9\-._~+/]{8,1000}[=]{0,2}(?i)\bNRAK-[0-9a-z-_]{27}\b(?i)\bgho_[0-9a-zA-Z]{36}\b(?i)\bpul-[a-fA-F0-9]{40}\b(?i)\bhttps:\/\/chat\.twilio\.com\/v2\/Services\/[a-zA-Z0-9]{32}\b\bpub-c-[0-9a-z]{8}-[0-9a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}\b\baio\_[a-zA-Z0-9]{28}\b\b(live|test)_[a-f0-9]{35}\b\bpk\.[a-zA-Z0-9]{60,70}\.[a-zA-Z0-9]{22}\b'[-]{5}BEGIN PGP PRIVATE KEY BLOCK[-]{5}([\s\S]{128,}?)[-]{5}END PGP PRIVATE KEY BLOCK[-]{5}'\bsk_[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b(?i)\bdo[por]v1[a-f0-9]{64}\b\bey[a-zA-Z0-9]{17,512}\.ey[a-zA-Z0-9/-]{17,512}\.[a-zA-Z0-9/-]{17,512}={0,2}\b\bLTAI[a-zA-Z0-9]{20}\b\brdme_[a-zA-Z0-9]{70}\b\bsecret_[0-9a-zA-Z-_]{43}\b(?i)\bpk_[0-9]{7,8}_[0-9a-z]{32}\bBearer [0-9]{15,25}-[a-zA-Z0-9]{20,40}\bpnu_[a-zA-Z0-9]{36}\b\bsub-c-[0-9a-z]{8}-[a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}\b\bfio-u-[a-zA-Z0-9\-_=]{64}\b(?i)\brk_live_[0-9a-z]{24}\b\bion_[a-zA-Z0-9]{42}\b\bkey[a-zA-Z0-9]{14}\bhttps:\/\/www\.google\.com\/calendar\/embed\?src=[A-Za-z0-9%\@&;=\-_\.\/]+\bpdct\.1\.1\.[0-9A-Z]{16}\.[0-9a-z]{16}\.[0-9a-z]{40}\b\bYC[a-zA-Z0-9_\-]{38}\b\bBBFF-[0-9a-zA-Z]{30}\b(?i)\bpscale_tkn_[a-zA-Z0-9\-_\.]{43}\b\bEZTK[a-zA-Z0-9]{54}\b\bapify\api\[a-zA-Z-0-9]{36}\b\bEAACEdEose0cBA[0-9A-Za-z]{5,1000}\b\bPMAT-[0-9A-Z]{26}\b(?i)\bshpca_[a-fA-F0-9]{32}\bBearer xoxb-[0-9]{8,14}\-[a-zA-Z0-9]{18,26}\bdp\.scim\.[a-zA-Z0-9]{40,44}\b\bsk\.[a-zA-Z-0-9\.]{80,240}\b\bpscale_oauth_[a-zA-Z0-9=\-_\.]{43}\b\bsk_test_[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b(?i)\bKEY[0-9A-Z_-]{55}\b(?i)\bhttps:\/\/hooks\.slack\.com\/(services|workflows)\/[a-z0-9_+\/]{43,46}\b(?i)\bsbp_[a-f0-9]{40}\b(?i)\bsk-[0-9a-z]{20}T3BlbkFJ[0-9a-z]{20}\b\bgithub_pat_[0-9a-zA-Z_]{82}\b\bFLWSECK_TEST-[a-h0-9]{32}-X\b\bsl\.[a-zA-Z0-9\-=_]{135,}\bBearer xoxe-\d-[a-zA-Z0-9]{146}(?i)\bglpat-[0-9a-zA-Z_\-]{20}\b\bhttps://[a-zA-Z0-9\\-]{0,63}\\.webhook\\.office\\.com/webhookb2/[a-z0-9-]{36}@[a-z0-9-]{36}/IncomingWebhook/[a-z0-9]{32}/[a-z0-9-]{36}\b\d{15,16}\|[0-9a-zA-Z\-_]{27}\bsb_secret_[-_a-zA-Z0-9]{27}\bLTAI[a-zA-Z0-9]{17,21}\b(?i)\beyJhbGciOi[a-z0-9_\-\.]{2,1000}\b
Last modified: 2025/05/30
