Model Context Protocol moderate risk

Postman

This MCP server provides access to the Postman API, enabling management of collections, environments, and APIs via an AI-friendly interface.

Connections & Capabilities

Connects To

GitHub

Capabilities

readwriteadmin

Quickstart

Install

npx -y @smithery/cli install postman-api-server --client claude

Config

{
  "mcpServers": {
    "postman": {
      "command": "node",
      "args": [
        "/path/to/postman-api-server/build/index.js"
      ],
      "env": {
        "POSTMAN_API_KEY": "CHANGEME"
      }
    }
  }
}

Exposed MCP Tools (12)

moderate

createCollection

Creates a new Postman collection.

Creates new resources, potentially leading to resource exhaustion or naming conflicts.

safe

getCollection

Retrieves a Postman collection.

Read-only operation with no side effects.

high

updateCollection

Updates an existing Postman collection.

Modifies existing resources, potentially disrupting workflows or causing data loss.

critical

deleteCollection

Deletes a Postman collection.

Destructive operation that permanently removes a resource.

moderate

createEnvironment

Creates a new Postman environment.

Creates new resources, potentially leading to resource exhaustion or naming conflicts.

safe

getEnvironment

Retrieves a Postman environment.

Read-only operation with no side effects.

high

updateEnvironment

Updates an existing Postman environment.

Modifies existing resources, potentially disrupting workflows or causing data loss.

critical

deleteEnvironment

Deletes a Postman environment.

Destructive operation that permanently removes a resource.

safe

getAPI

Retrieves a Postman API definition.

Read-only operation.

moderate

createAPI

Creates a new Postman API definition.

Creates a new API definition which could conflict with existing ones.

high

updateAPI

Updates an existing Postman API definition.

Modifies an existing API definition which could break integrations.

critical

deleteAPI

Deletes a Postman API definition.

Deletes an API definition which could break integrations.

Safety Assessment

This MCP server offers a moderate level of safety. While it provides API key authentication and role-based access control, the ability to perform write and delete operations introduces risks. It's safe to use for automating Postman workflows with proper API key management and access controls, but risky if API keys are exposed or access is not properly managed.

API Key authentication required
Role-Based Access Control at workspace and collection levels
No direct code execution capabilities
Focus on API interaction rather than system-level access
Clear separation of concerns between MCP server and Postman API

Write and delete operations are supported, posing a risk of unintended modifications
API key compromise could lead to unauthorized access
Lack of sandboxing for API calls
Potential for data exfiltration if API key is compromised
Reliance on Postman API's security posture