A Postman Workspace is a cloud space where you can store collections, OpenAPI, tests, and other elements. Think of a Postman Workspace as a GitHub repository, but specifically for APIs, providing a place you can organize collections, OpenAPIs, monitors, tests, and other ways to automate API operations and integrations. Workspaces can be public, private, or partner access only, helping you organize your APIs into individual spaces that are isolated for different audiences.

Also known as: Postman Workspace, Public Workspace, Team Workspace, Partner Workspace

Standards

• Postman (vendor) Postman Workspaces (product documentation)
• Postman (vendor) Postman API — Workspaces
• Postman (vendor) Postman API Network
• Postman (de facto) Postman Collection Format v2.1.0 (artifact stored in workspaces)
• OpenAPI Initiative OpenAPI 3.x (artifact stored in workspaces)

Governance Rules

• workspace-visibility-reviewed (Convention) — Public-workspace visibility changes should be reviewed before publication.
• workspace-no-private-environments-public (Convention) — Environments containing secrets must not be published to a public workspace.
• workspace-ownership-assigned (Convention) — Every workspace should have a named owner / team.
• workspace-publishing-checklist (Convention) — Use a release checklist before flipping a workspace from private to public.

Risk & Compliance

OWASP:

• OWASP API Security Top 10: API8:2023 Security Misconfiguration — public workspaces have leaked tokens, internal URLs, and PII
• OWASP API Security Top 10: API9:2023 Improper Inventory Management — shadow workspaces drift from canonical APIs

Compliance:

• SOC 2 CC6.1 — workspace ACLs are an access-control surface
• GDPR — example bodies in public workspaces have historically exposed personal data

Security: Workspaces are a publishing surface. Treat going public as a release; scan all collections, environments, and example responses for secrets and PII; review who has edit rights; and prefer Partner workspaces over Public when sharing with named third parties.

Tools

• Postman — Platform
• Postman API — Management API
• Postman CLI — CLI
• Newman — Collection runner (consumes workspace artifacts) (Apache-2.0)

Suggested Metrics

• workspace_visibility — Whether a workspace is private, team, partner, or public.
• workspace_collection_count — Number of collections in the workspace.
• workspace_view_count — Public-workspace view count, exposed via Postman analytics.
• workspace_fork_count — Number of times collections in the workspace have been forked.
• workspace_last_activity_days — Days since any artifact in the workspace was updated.

Example Implementations

• Twilio — Maintains a public Twilio workspace on the Postman API Network.
• Stripe — Stripe Developers public workspace.
• Salesforce — Salesforce Developers workspace.
• PayPal — PayPal public workspace on the Postman API Network.

Related Properties

• Postman collection
• Openapi

Tags

• Workspaces

All Community Properties