Beta feature
Postman Insights treats handling of user data seriously. This page describes the set of default fields and values that Postman Insights redacts, replacing with *REDACTED*
, to help ensure compliance with security and privacy requirements.
Sensitive keys - Predefined, case-insensitive field names that are automatically redacted, such as accessToken
, auth-key
, and x-api-key
. These fields are considered sensitive and are masked to ensure data security.
Sensitive value RegEx - Regular expressions applied to field values to identify and redact patterns matching sensitive information, such as tokens, private keys, and authentication details.
Postman Insights also allows users to define additional redacted fields and values. See the Insights Settings tab for instructions about how to redact additional fields.
Sensitive keys are not case sensitive. They include the following:
accessToken
api-key
api_key
auth
auth-key
authKey
clientSecret
clientToken
consumerSecret
encryption_key
password
postman_sid
primarySecret
proxy-authorization
secondarySecret
secretKey
sessionToken
set-cookie
sso_jwt_key
token
tokenSecret
x-access-token
x-amz-security-token
x-api-key
x-auth-token
x-csrf-token
x-support-secret
Sensitive value regular expressions include the following:
\bPMAK-[a-f0-9]{24}\b
(?i)https:\/\/creator\.zoho\.com\/api\/[A-Za-z0-9\/\-_\.]+\?authtoken=[A-Za-z0-9]+
\bt1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}\b
\b(live|test)_[a-f0-9]{35}\b
(?i)https:\/\/[\w-]*\.?zoom\.us\/(j|my)\/[\d\w?=-]+\b
\bb\.AAAAAQ[0-9a-zA-Z_-]{156}\b
(?i)\beyJhbGciOi[a-z0-9_\-\.]{2,1000}\b
\bpypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}\b
\bFLWSECK_TEST[a-h0-9]{12}\b
\bnpm_[a-zA-Z0-9]{36}\b
\b[0-9]{15,25}-[a-zA-Z0-9]{20,40}\b
\bSSWS [a-zA-Z0-9=_\-]{42}\b
\bEZAK[a-zA-Z0-9]{54}\b
\b(?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20}\b
\bico-[a-zA-Z0-9]{32}\b
\bflb_live_[0-9a-zA-Z]{20}\b
\b[0-9a-f]{32}-us[0-9]{1,2}\b
\bdp\.audit\.[a-zA-Z0-9]{40,44}\b
(?i)\bduffel_live_[a-zA-Z0-9_-]{43}\b
\b(amqp|amqps):\/\/[\d\w\:?=-]+\b
\b[A-Za-z0-9]{14}\.atlasv1\.[A-Za-z0-9]{67}\b
(?i)\bsk-ant-api[0-9]{2}-[0-9a-z\-\_]{95}\b
\bdp\.pt\.[a-zA-Z0-9]{40,44}\b
\bAQVN[A-Za-z0-9_\-]{35,38}\b
(?i)\bsk_live_[0-9a-z]{24}\b
'[-]{5}BEGIN EC PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END EC PRIVATE KEY[-]{5}'
\bhttps:\/\/[\w-]*\.?alchemyapi\.io\/v2\/[\d\w?=-]+\b
\bNRBR-[a-fA-F0-9]{19}\b
\b\d{15,16}(?:\||%)[0-9a-zA-Z_-]{27,40}\b
\bpscale_tkn_[A-Za-z0-9_]{43}\b
\btfp_[0-9A-Za-z-_]{59}\b
\bhttps:\/\/discord\.com\/api\/webhooks\/([0-9]{18,20})\/([0-9a-zA-Z_-]+)\b
(?i)\blin_api_[a-zA-Z0-9]{40}\b
\bdp\.sa\.[a-zA-Z0-9]{40,44}\b
\bdnkey-[a-zA-Z0-9=\-]{26}-[a-zA-Z0-9=\-]{52}\b
\b(pk|dk)(prod|test)[a-zA-Z0-9]{28}\b
\bglsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8}\b
(?i)\bhttps:\/\/api\.hubapi\.com\/webhooks\/v1\/[a-zA-Z0-9]+\/
\bhttps://[a-f0-9]{8}:[a-f0-9]{8}@(?:gems\\.contribsys\\.com|enterprise\\.contribsys\\.com)
Bearer xoxe.xox[bp]-\d-[a-zA-Z0-9]{163,166}
\bPMAK-[a-f0-9]{24}-[a-f0-9]{34}\b
\bSK[A-Fa-f0-9]{32}\b
(?i)\bshpat_[a-fA-F0-9]{32}\b
(?i)\bshppa_[a-fA-F0-9]{32}\b
(?i)\bfigd_[0-9a-z_-]{40}\b
\bp8e\-[a-zA-Z0-9\-]{32}\b
Bearer xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+
?i)[0-9]+-[0-9a-z_]{32}\.apps\.googleusercontent\.com
(?i)https:\/\/(?:www.)?hooks\.zapier\.com\/hooks\/catch\/[a-z0-9]+\/[a-z0-9]+\/
\b(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}\b
\brzp_live_[0-9a-zA-Z-_]+\b
(?i)\bpk_[0-9a-z]{34}\b
(?i)\bshippo_test_[a-fA-F0-9]{40}\b
\b(pscale_pw_[a-zA-Z0-9=\-_\.]{32,64})\b
\bAIza[0-9a-zA-Z-_]{35}\b
'[-]{5}BEGIN OPENSSH PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END OPENSSH PRIVATE KEY[-]{5}'
'[-]{5}BEGIN RSA PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END RSA PRIVATE KEY[-]{5}'
(?i)\bduffel_test_[a-zA-Z0-9_-]{43}\b
(?i)\br8_[0-9a-z-_]{37}\b
(?i)\bhf_[0-9a-z]{34}\b
\b[a-f0-9]{8}:[a-f0-9]{8}\b
\bakaa[0-9a-z-]{15,1000}\b
(?i)\bghr_[0-9a-zA-Z]{36}\b
(?i)\bshippo_live_[a-fA-F0-9]{40}\b
\bglptt-[0-9a-f]{40}\b
\bdapi([a-hA-H0-9]{32})\b
\bpscale_app_secret_[a-zA-Z0-9=\-_\.]{43}\b
Bearer xox[os]-\d+-\d+-\d+-[a-fA-F\d]+
\bdt0c01\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{64}\b
\b(glc_[A-Za-z0-9+\/]{32,400}={0,2})\b
(?i)\brubygems_[a-f0-9]{48}\b
(?i)\bCCIPAT_[0-9a-z]{22}_[0-9a-z]{40}\b
\bNRII-[a-zA-Z0-9-]{32}\b
Bearer xoxb-[0-9]{10,13}\-[0-9]{10,13}[a-zA-Z0-9-]*
(?i)\bghp_[A-Z0-9]{36}\b
\bakab-[a-zA-Z0-9]{16}-[a-zA-Z0-9]{16}\b
(?i)\bgh[us]_[0-9a-zA-Z]{36}\b
\bGR1348941[0-9a-zA-Z\-\_]{20}\b
\bdp\.ct\.[a-zA-Z0-9]{40,44}\b
\bapi_org_[a-zA-Z]{34}\b
\beyJrIjoi[A-Za-z0-9]{70,400}={0,2}\b
\btk-us-[a-zA-Z0-9-_]{48}\b
\bAGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}\b
\bsu[a-zA-Z0-9]{12}\b
(?i)\bBasic [A-Z0-9+/]{8,1000}[=]{0,2}
'[-]{5}BEGIN DSA PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END DSA PRIVATE KEY[-]{5}'
\bdG9rO[0-9a-zA-Z]{54}\=
\bphc_[a-zA-Z0-9_]{43}\b
\bBearer [A-Za-z0-9\-._~+/]{8,1000}[=]{0,2}
(?i)\bNRAK-[0-9a-z-_]{27}\b
(?i)\bgho_[0-9a-zA-Z]{36}\b
(?i)\bpul-[a-fA-F0-9]{40}\b
(?i)\bhttps:\/\/chat\.twilio\.com\/v2\/Services\/[a-zA-Z0-9]{32}\b
\bpub-c-[0-9a-z]{8}-[0-9a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}\b
\baio\_[a-zA-Z0-9]{28}\b
\b(live|test)_[a-f0-9]{35}\b
\bpk\.[a-zA-Z0-9]{60,70}\.[a-zA-Z0-9]{22}\b
'[-]{5}BEGIN PGP PRIVATE KEY BLOCK[-]{5}([\s\S]{128,}?)[-]{5}END PGP PRIVATE KEY BLOCK[-]{5}'
\bsk_[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b
(?i)\bdo[por]v1[a-f0-9]{64}\b
\bey[a-zA-Z0-9]{17,512}\.ey[a-zA-Z0-9/-]{17,512}\.[a-zA-Z0-9/-]{17,512}={0,2}\b
\bLTAI[a-zA-Z0-9]{20}\b
\brdme_[a-zA-Z0-9]{70}\b
\bsecret_[0-9a-zA-Z-_]{43}\b
(?i)\bpk_[0-9]{7,8}_[0-9a-z]{32}\b
Bearer [0-9]{15,25}-[a-zA-Z0-9]{20,40}
\bpnu_[a-zA-Z0-9]{36}\b
\bsub-c-[0-9a-z]{8}-[a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}\b
\bfio-u-[a-zA-Z0-9\-_=]{64}\b
(?i)\brk_live_[0-9a-z]{24}\b
\bion_[a-zA-Z0-9]{42}\b
\bkey[a-zA-Z0-9]{14}\b
https:\/\/www\.google\.com\/calendar\/embed\?src=[A-Za-z0-9%\@&;=\-_\.\/]+
\bpdct\.1\.1\.[0-9A-Z]{16}\.[0-9a-z]{16}\.[0-9a-z]{40}\b
\bYC[a-zA-Z0-9_\-]{38}\b
\bBBFF-[0-9a-zA-Z]{30}\b
(?i)\bpscale_tkn_[a-zA-Z0-9\-_\.]{43}\b
\bEZTK[a-zA-Z0-9]{54}\b
\bapify\api\[a-zA-Z-0-9]{36}\b
\bEAACEdEose0cBA[0-9A-Za-z]{5,1000}\b
\bPMAT-[0-9A-Z]{26}\b
(?i)\bshpca_[a-fA-F0-9]{32}\b
Bearer xoxb-[0-9]{8,14}\-[a-zA-Z0-9]{18,26}
\bdp\.scim\.[a-zA-Z0-9]{40,44}\b
\bsk\.[a-zA-Z-0-9\.]{80,240}\b
\bpscale_oauth_[a-zA-Z0-9=\-_\.]{43}\b
\bsk_test_[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b
(?i)\bKEY[0-9A-Z_-]{55}\b
(?i)\bhttps:\/\/hooks\.slack\.com\/(services|workflows)\/[a-z0-9_+\/]{43,46}\b
(?i)\bsbp_[a-f0-9]{40}\b
(?i)\bsk-[0-9a-z]{20}T3BlbkFJ[0-9a-z]{20}\b
\bgithub_pat_[0-9a-zA-Z_]{82}\b
\bFLWSECK_TEST-[a-h0-9]{32}-X\b
\bsl\.[a-zA-Z0-9\-=_]{135,}\b
Bearer xoxe-\d-[a-zA-Z0-9]{146}
(?i)\bglpat-[0-9a-zA-Z_\-]{20}\b
\bhttps://[a-zA-Z0-9\\-]{0,63}\\.webhook\\.office\\.com/webhookb2/[a-z0-9-]{36}@[a-z0-9-]{36}/IncomingWebhook/[a-z0-9]{32}/[a-z0-9-]{36}
\b\d{15,16}\|[0-9a-zA-Z\-_]{27}\b
sb_secret_[-_a-zA-Z0-9]{27}
\bLTAI[a-zA-Z0-9]{17,21}\b
(?i)\beyJhbGciOi[a-z0-9_\-\.]{2,1000}\b
Last modified: 2025/05/30