Inventory Import – Populate API Inventory Using Postman Collections
Last updated: September 18, 2025
Overview
Inventory Import is a feature that allows you to import well maintained, runnable Postman collections to automatically populate your API Inventory. This serves as the foundation for running DAST (Dynamic Application Security Testing) scans by executing requests from your Postman file, capturing their request/response data, and indexing the reachable endpoints.
Why Import API Endpoints?
To run an effective DAST scan, you need a list of known, working API endpoints. These should:
Reflect real, authenticated traffic
Include request payloads, headers, and methods
Instead of manually discovering or documenting every endpoint, Inventory Import
lets you leverage your existing Postman collections to auto-populate the API Inventory.
How Inventory Import Works
Upload a runnable Postman Collection (and optional environment file) for a target
The system executes the collection just like Postman’s "Run Collection" feature
As requests execute, their request & response metadata is captured
All 2XX & 3XX responses (successful calls) are populated to the API Inventory
Once imported, you can launch a DAST scan using the discovered endpoints
Requirements
The Postman collection must be runnable, i.e. it should work via “Run Collection” in Postman desktop or web
Auth flows, variables, and environments should be properly configured
Failing requests (4XX or 5XX) will be shown with error details so you can fix them
How to Trigger Inventory Import
🔹 Option 1: During Target Setup
Upload your Postman collection and optional environment file
Complete the remaining target setup steps
You will now see that we are automatically importing your postman collection
You can click the hyperlink in the message displayed to see the sitemap once inventory is imported OR you can open the Inventory Import option under API Security menu
🔹 Option 2: On-Demand Inventory Import
Open the Inventory Import option under API Security menu
Click on Import Inventory present at the right top
Select your workspace and target. Ensure that postman collection is uploaded. Click on Import Inventory button at the bottom right corner.
Viewing Import Progress & Errors
🔹Where to See Import Results
In order to see Import result per request
Go to API Security > Inventory Import
You’ll see all targets with their import status:
In ProgressCompletedCancelled
Click on a target for which import is completed to view:
List of executed requests
HTTP method, URL, and status code for each
🔹 Handling 4XX / 5XX Failures
Some requests may fail due to:
Invalid tokens
Missing parameters
Incorrect environments
🔹Action Items:
Click on failed requests
In the right-side sheet, review:
Response body
Status code
Error message
Fix these issues in your Postman collection or environment file
Re-run your collection in local Postman to validate
Re-upload fixed collection and re-trigger inventory import
Viewing Imported Endpoints
After a successful import:
Go to API Security > API Endpoints
You’ll see all 2XX-successful requests imported as endpoints
The API Endpoints page is only available in selected plans. If you don’t see it, please check your subscription tier.
Summary
Feature | Details |
Purpose | Populate API Inventory for DAST scans using runnable Postman collections |
Requirement | Postman collection must be executable via “Run Collection” |
How It Works | Executes each request and captures request/response |
Error Handling | View and fix 4XX/5XX requests, then re-run |
Next Step After Import | Launch DAST scan for the target for which API Inventory was Imported |