API Security with Pynt Using Postman

Pynt is an API security solution that generates automated security tests based on your existing functional test collection. Before executing Pynt’s security tests, ensure that Docker is available and running on your machine, and also ensure that the functional test collection is available in the workspace. Additionally, ensure that Python is installed.

Verify your readiness by running your functional test collection against your target before executing Pynt’s security tests.

1. Open your workspace in the Postman app

2. Search for the pynt collection on postman and fork it your workspace

3. Download Pynt CLI by executing the following Python command from the command line or Mac terminal: python3 -m pip install pyntcli.

4. After successfully downloading I encountered error messages.
Next, run the command: pynt postman.
I received the error ‘command not found: pynt’.

5. To resolve the issue, enter this command: nano ~/.bash_profile.
It will open an editor.

6. Enter this command in the text editor:

export PATH=”<path-to-installed-python-version/bin:$PATH”>
Save the file and exit the text editor.

7. enter this command:source ~/.bash_profile

Then server is up and running

8. next step is to configure the pynt collection in postman
Click on the ‘Variables’ tab of the ‘Pynt’ collection and fill in the values of the required parameters, in the ‘CURRENT VALUE’ column:

https://postman.co/settings/me/api-keys to generate or regenerate your API key
Click on your functional test collection for the security test and copy the collection ID, then click “Save.”

9.Click Save then Run the ‘Pynt’ collection to get the security results:

10. Visualize report on browser

11. You can also view the results via Postman by copying the generated scan ID, then pasting it into the Pynt collection variable’s current value. Save it, then run the ‘show report’ endpoint using the GET method.
Step 1:

Step 2:

Step 3 :