Postman provides a set of tools for sending API requests, managing sensitive data, and capturing live traffic for inspection and debugging. This section covers the core workflows for working with APIs in Postman.
The Postman request builder lets you construct and send HTTP requests to any API endpoint, inspect the response, and iterate quickly during development or testing. You can add parameters, headers, body data, and authentication to your requests, and organize them into collections for reuse. Postman also includes dedicated clients for protocols beyond HTTP, including GraphQL, gRPC, WebSocket, MQTT, and more.
To learn more, see Send API requests and get response data in Postman.
Postman Vault gives you a secure place to store sensitive values such as API keys and passwords as vault secrets. Secrets stored in your local vault stay on your machine and are never synced to Postman’s servers. You can also connect Postman Vault to external secret managers to reference managed secrets without storing them in Postman directly.
To learn more, see Store secrets in Postman Vault.
Postman can act as a proxy or use the Postman Interceptor browser extension to intercept HTTP and HTTPS traffic between a client and a server. Capturing traffic lets you record real requests as they happen, save them to a collection, and inspect or replay them for debugging. You can also use the proxy or Interceptor to capture and sync cookies to the Postman cookie jar.
To learn more, see Capture HTTP traffic and sync cookies in Postman.