Manage organization and team resources in Postman

View as Markdown

Resource management availability varies according to your Postman plan. Most of the features are available on Team and Enterprise plans. For more information, see the pricing page.

Resource settings let Super Admins and Admins control how members create, share, and interact with workspaces across the organization or team. These settings are configured per organization or team and apply to all members of that team.

If you have organization teams, do the following:

  1. Go to Setting icon Settings.
  2. Select Organization settings > Teams.
  3. Select your team.
  4. Click the Settings tab.

If you have a single team, do the following:

  1. Go to Setting icon Settings.
  2. Select Team settings > Team resources.

Add people to the team

This setting is available on organization teams only.

This setting controls how new members are added to the organization teams and whether they require approval.

All members of the Organization are automatically members of this team
Defaults to off

When enabled, anyone joining the organization as a Developer will be a member of this team by default.

New team members must be approved
Defaults to off

When enabled, Team Admins must approve new team members before they are added to the team.

New collaborators must be approved
Defaults to off

When enabled, Team Admins must approve new collaborators before they are added to the team.

Create team-wide workspaces

This setting controls who can create internal workspaces that are visible across the team.

If you have an organization, you can also control creating organization-wide internal workspaces without approval. Go to Setting icon Settings > Organization settings > Organization resources to manage organization-wide workspace creation.

Who can create team-wide internal workspaces?
Defaults to All team members
  • All team members — Any team member except partners and guests can create team-wide internal workspaces.
  • Specific people or groups — Only designated people or groups can create team-wide workspaces. Other team members must request approval.
  • Company systems handle workspace creation — Only selected people and groups can create workspaces directly in Postman. Use this for organizations that manage workspace provisioning through automated or administrative systems.

Share with guests

This setting controls how editors share collections with people outside the team.

Editors can share collections with guests
Defaults to on

When enabled, editors can share collections with people outside the team.

Block collection exports
Defaults to off

When enabled, editors and viewers are prevented from exporting collections. Enable this setting to protect sensitive API data from being downloaded outside of Postman.

Start live sessions

This setting controls whether team members can start live sessions to collaborate on collections, requests, and environments in real time.

Team members can start live sessions
Defaults to on

When enabled, team members can start live sessions and invite others to collaborate on collections, requests, and environments in real time.

Use external packages

This setting controls whether team members can reference external packages in their pre-request and test scripts.

External package registries

Organization (Team) members can use external packages

When enabled, team members can reference external packages in their pre-request and test scripts. Select Allow all packages to permit any external package without restriction. Select Allow selected packages to permit only specific external packages. Select Don’t allow to prevent team members from using any external packages in their scripts.

If you select Allow selected packages, enter external packages from npm or JSR to enable for your organization or team. Team members who aren’t Admins can visit this page to view the external packages allowed in your team.

  1. Enter an external package using the following syntax:

    • Public packageregistry-name:package-name@version-number

    • Private npm packagenpm:@scope/package-name@version-number (for example, npm:ajv@8.12.0)

  2. Click Add Package to add the external package to the list of allowed packages. You can also press the Return or Enter key to add the external package.

To remove an external package from the list of allowed packages, hover over the package and click Close icon Remove.

The following examples show how to specify allowed external packages. Postman supports glob pattern syntax for package names and version numbers.

  • To allow a package from a specific registry with an exact version number, you can use syntax like:

    npm:ajv@8.12.0
  • To allow a specific major version and any minor or patch version number, you can use syntax like:

    npm:lodash@4.*
  • To allow all external packages from a specific registry, you can use syntax like:

    jsr:*@*
  • To allow all external packages in a scope, you can use syntax like:

    npm:@types/*@*

Private npm packages

Configure access to private npm packages to allow team members to use them in their scripts.

Token
string

The authentication token for your private npm registry. Required to give team members access to private npm packages.

Create an access token in npm that can access the scope with your private packages. Then provide your access token and scope to configure your private packages in Postman.

Your access token is encrypted in Postman and only Admins have permission to access and configure it. Postman only decrypts your access token to import the package in your scripts.

Scope
string

The npm scope associated with the private registry (for example, @your-org).

Learn more about supported external packages before configuring access to a private package.

Manage mock servers

This setting controls whether team members can create and manage mock servers.

Team members can create public mock servers
Defaults to on

When enabled, team members can create both public and private mock servers.

Export vault data

This setting controls whether team members can export their personal vault data from Postman.

Team members can export their vault data
Defaults to off

When enabled, team members can export their personal vault data from Postman. Vault data may contain sensitive information such as API keys and tokens. Enable this setting only if your organization’s policy permits local storage of vault credentials.