Postman · Capability

Postman Secret Scanner API — Secret Scanner

Postman Secret Scanner API — Secret Scanner. 5 operations. Lead operation: Postman Get detected secrets. Self-contained Naftiko capability covering one Postman business surface.

Run with Naftiko PostmanSecret Scanner

What You Can Do

GET
Getdetectedsecrets — Postman Get detected secrets
/v1/secret-scanner/detected-secrets
GET
Getdetectedsecret — Postman Get a detected secret
/v1/secret-scanner/detected-secrets/{secretid}
PUT
Resolvedetectedsecret — Postman Resolve a detected secret
/v1/secret-scanner/detected-secrets/{secretid}
GET
Getsecretlocations — Postman Get locations of a detected secret
/v1/secret-scanner/detected-secrets/{secretid}/locations
GET
Getsecrettypes — Postman Get supported secret types
/v1/secret-scanner/secret-types

MCP Tools

postman-get-detected-secrets

Postman Get detected secrets

read-only idempotent
postman-get-detected-secret

Postman Get a detected secret

read-only idempotent
postman-resolve-detected-secret

Postman Resolve a detected secret

idempotent
postman-get-locations-detected-secret

Postman Get locations of a detected secret

read-only idempotent
postman-get-supported-secret-types

Postman Get supported secret types

read-only idempotent

Capability Spec

secret-scanner-secret-scanner.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Postman Secret Scanner API — Secret Scanner
  description: 'Postman Secret Scanner API — Secret Scanner. 5 operations. Lead operation: Postman Get detected secrets. Self-contained
    Naftiko capability covering one Postman business surface.'
  tags:
  - Postman
  - Secret Scanner
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    POSTMAN_API_KEY: POSTMAN_API_KEY
capability:
  consumes:
  - type: http
    namespace: secret-scanner-secret-scanner
    baseUri: https://api.getpostman.com
    description: Postman Secret Scanner API — Secret Scanner business capability. Self-contained, no shared references.
    resources:
    - name: secret-scanner-detected-secrets
      path: /secret-scanner/detected-secrets
      operations:
      - name: getdetectedsecrets
        method: GET
        description: Postman Get detected secrets
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: cursor
          in: query
          type: string
          description: Pagination cursor for the next page.
        - name: limit
          in: query
          type: integer
          description: Maximum number of results to return.
        - name: since
          in: query
          type: string
          description: Return secrets detected after this date (ISO 8601).
        - name: until
          in: query
          type: string
          description: Return secrets detected before this date (ISO 8601).
        - name: statuses
          in: query
          type: string
          description: Filter by resolution status (comma-separated).
        - name: resourceTypes
          in: query
          type: string
          description: Filter by resource type (comma-separated).
        - name: workspaceIds
          in: query
          type: string
          description: Filter by workspace IDs (comma-separated).
        - name: secretTypes
          in: query
          type: string
          description: Filter by secret type (comma-separated).
    - name: secret-scanner-detected-secrets-secretId
      path: /secret-scanner/detected-secrets/{secretId}
      operations:
      - name: getdetectedsecret
        method: GET
        description: Postman Get a detected secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: resolvedetectedsecret
        method: PUT
        description: Postman Resolve a detected secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: secret-scanner-detected-secrets-secretId-locations
      path: /secret-scanner/detected-secrets/{secretId}/locations
      operations:
      - name: getsecretlocations
        method: GET
        description: Postman Get locations of a detected secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: cursor
          in: query
          type: string
        - name: limit
          in: query
          type: integer
    - name: secret-scanner-secret-types
      path: /secret-scanner/secret-types
      operations:
      - name: getsecrettypes
        method: GET
        description: Postman Get supported secret types
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    authentication:
      type: apikey
      key: x-api-key
      value: '{{env.POSTMAN_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: secret-scanner-secret-scanner-rest
    port: 8080
    description: REST adapter for Postman Secret Scanner API — Secret Scanner. One Spectral-compliant resource per consumed
      operation, prefixed with /v1.
    resources:
    - path: /v1/secret-scanner/detected-secrets
      name: secret-scanner-detected-secrets
      description: REST surface for secret-scanner-detected-secrets.
      operations:
      - method: GET
        name: getdetectedsecrets
        description: Postman Get detected secrets
        call: secret-scanner-secret-scanner.getdetectedsecrets
        with:
          cursor: rest.cursor
          limit: rest.limit
          since: rest.since
          until: rest.until
          statuses: rest.statuses
          resourceTypes: rest.resourceTypes
          workspaceIds: rest.workspaceIds
          secretTypes: rest.secretTypes
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/secret-scanner/detected-secrets/{secretid}
      name: secret-scanner-detected-secrets-secretid
      description: REST surface for secret-scanner-detected-secrets-secretId.
      operations:
      - method: GET
        name: getdetectedsecret
        description: Postman Get a detected secret
        call: secret-scanner-secret-scanner.getdetectedsecret
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: resolvedetectedsecret
        description: Postman Resolve a detected secret
        call: secret-scanner-secret-scanner.resolvedetectedsecret
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/secret-scanner/detected-secrets/{secretid}/locations
      name: secret-scanner-detected-secrets-secretid-locations
      description: REST surface for secret-scanner-detected-secrets-secretId-locations.
      operations:
      - method: GET
        name: getsecretlocations
        description: Postman Get locations of a detected secret
        call: secret-scanner-secret-scanner.getsecretlocations
        with:
          cursor: rest.cursor
          limit: rest.limit
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/secret-scanner/secret-types
      name: secret-scanner-secret-types
      description: REST surface for secret-scanner-secret-types.
      operations:
      - method: GET
        name: getsecrettypes
        description: Postman Get supported secret types
        call: secret-scanner-secret-scanner.getsecrettypes
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: secret-scanner-secret-scanner-mcp
    port: 9090
    transport: http
    description: MCP adapter for Postman Secret Scanner API — Secret Scanner. One tool per consumed operation, routed inline
      through this capability's consumes block.
    tools:
    - name: postman-get-detected-secrets
      description: Postman Get detected secrets
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: secret-scanner-secret-scanner.getdetectedsecrets
      with:
        cursor: tools.cursor
        limit: tools.limit
        since: tools.since
        until: tools.until
        statuses: tools.statuses
        resourceTypes: tools.resourceTypes
        workspaceIds: tools.workspaceIds
        secretTypes: tools.secretTypes
      outputParameters:
      - type: object
        mapping: $.
    - name: postman-get-detected-secret
      description: Postman Get a detected secret
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: secret-scanner-secret-scanner.getdetectedsecret
      outputParameters:
      - type: object
        mapping: $.
    - name: postman-resolve-detected-secret
      description: Postman Resolve a detected secret
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: secret-scanner-secret-scanner.resolvedetectedsecret
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: postman-get-locations-detected-secret
      description: Postman Get locations of a detected secret
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: secret-scanner-secret-scanner.getsecretlocations
      with:
        cursor: tools.cursor
        limit: tools.limit
      outputParameters:
      - type: object
        mapping: $.
    - name: postman-get-supported-secret-types
      description: Postman Get supported secret types
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: secret-scanner-secret-scanner.getsecrettypes
      outputParameters:
      - type: object
        mapping: $.