Manage organization and team resources in Postman
Resource management availability varies according to your Postman plan. Most of the features are available on Team and Enterprise plans. For more information, see the pricing page.
Resource settings let Super Admins and Admins control how members create, share, and interact with workspaces across the organization or team. These settings are configured per organization or team and apply to all members of that team.
If you have organization teams, do the following:
- Go to
Settings.
- Select Organization settings > Teams.
- Select your team.
- Click the Settings tab.
If you have a single team, do the following:
- Go to
Settings.
- Select Team settings > Team resources.
Add people to the team
This setting is available on organization teams only.
This setting controls how new members are added to the organization teams and whether they require approval.
When enabled, anyone joining the organization as a Developer will be a member of this team by default.
When enabled, Team Admins must approve new team members before they are added to the team.
When enabled, Team Admins must approve new collaborators before they are added to the team.
Create team-wide workspaces
This setting controls who can create internal workspaces that are visible across the team.
If you have an organization, you can also control creating organization-wide internal workspaces without approval. Go to Settings > Organization settings > Organization resources to manage organization-wide workspace creation.
- All team members — Any team member except partners and guests can create team-wide internal workspaces.
- Specific people or groups — Only designated people or groups can create team-wide workspaces. Other team members must request approval.
- Company systems handle workspace creation — Only selected people and groups can create workspaces directly in Postman. Use this for organizations that manage workspace provisioning through automated or administrative systems.
Share with guests
This setting controls how editors share collections with people outside the team.
When enabled, editors can share collections with people outside the team.
When enabled, editors and viewers are prevented from exporting collections. Enable this setting to protect sensitive API data from being downloaded outside of Postman.
Start live sessions
This setting controls whether team members can start live sessions to collaborate on collections, requests, and environments in real time.
When enabled, team members can start live sessions and invite others to collaborate on collections, requests, and environments in real time.
Use external packages
This setting controls whether team members can reference external packages in their pre-request and test scripts.
External package registries
When enabled, team members can reference external packages in their pre-request and test scripts. Select Allow all packages to permit any external package without restriction. Select Allow selected packages to permit only specific external packages. Select Don’t allow to prevent team members from using any external packages in their scripts.
If you select Allow selected packages, enter external packages from npm or JSR to enable for your organization or team. Team members who aren’t Admins can visit this page to view the external packages allowed in your team.
-
Enter an external package using the following syntax:
-
Public package —
registry-name:package-name@version-number -
Private npm package —
npm:@scope/package-name@version-number(for example,npm:ajv@8.12.0)Learn more about configuring access to private npm packages.
-
-
Click Add Package to add the external package to the list of allowed packages. You can also press the Return or Enter key to add the external package.
To remove an external package from the list of allowed packages, hover over the package and click Remove.
The following examples show how to specify allowed external packages. Postman supports glob pattern syntax for package names and version numbers.
-
To allow a package from a specific registry with an exact version number, you can use syntax like:
-
To allow a specific major version and any minor or patch version number, you can use syntax like:
-
To allow all external packages from a specific registry, you can use syntax like:
-
To allow all external packages in a scope, you can use syntax like:
Private npm packages
Configure access to private npm packages to allow team members to use them in their scripts.
The authentication token for your private npm registry. Required to give team members access to private npm packages.
Create an access token in npm that can access the scope with your private packages. Then provide your access token and scope to configure your private packages in Postman.
Your access token is encrypted in Postman and only Admins have permission to access and configure it. Postman only decrypts your access token to import the package in your scripts.
The npm scope associated with the private registry (for example, @your-org).
Learn more about supported external packages before configuring access to a private package.
Manage mock servers
This setting controls whether team members can create and manage mock servers.
When enabled, team members can create both public and private mock servers.
Export vault data
This setting controls whether team members can export their personal vault data from Postman.
When enabled, team members can export their personal vault data from Postman. Vault data may contain sensitive information such as API keys and tokens. Enable this setting only if your organization’s policy permits local storage of vault credentials.