naftiko: 1.0.0-alpha2 info: label: Postman Secret Scanner API — Secret Scanner description: 'Postman Secret Scanner API — Secret Scanner. 5 operations. Lead operation: Postman Get detected secrets. Self-contained Naftiko capability covering one Postman business surface.' tags: - Postman - Secret Scanner created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: POSTMAN_API_KEY: POSTMAN_API_KEY capability: consumes: - type: http namespace: secret-scanner-secret-scanner baseUri: https://api.getpostman.com description: Postman Secret Scanner API — Secret Scanner business capability. Self-contained, no shared references. resources: - name: secret-scanner-detected-secrets path: /secret-scanner/detected-secrets operations: - name: getdetectedsecrets method: GET description: Postman Get detected secrets outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: cursor in: query type: string description: Pagination cursor for the next page. - name: limit in: query type: integer description: Maximum number of results to return. - name: since in: query type: string description: Return secrets detected after this date (ISO 8601). - name: until in: query type: string description: Return secrets detected before this date (ISO 8601). - name: statuses in: query type: string description: Filter by resolution status (comma-separated). - name: resourceTypes in: query type: string description: Filter by resource type (comma-separated). - name: workspaceIds in: query type: string description: Filter by workspace IDs (comma-separated). - name: secretTypes in: query type: string description: Filter by secret type (comma-separated). - name: secret-scanner-detected-secrets-secretId path: /secret-scanner/detected-secrets/{secretId} operations: - name: getdetectedsecret method: GET description: Postman Get a detected secret outputRawFormat: json outputParameters: - name: result type: object value: $. - name: resolvedetectedsecret method: PUT description: Postman Resolve a detected secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: secret-scanner-detected-secrets-secretId-locations path: /secret-scanner/detected-secrets/{secretId}/locations operations: - name: getsecretlocations method: GET description: Postman Get locations of a detected secret outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: cursor in: query type: string - name: limit in: query type: integer - name: secret-scanner-secret-types path: /secret-scanner/secret-types operations: - name: getsecrettypes method: GET description: Postman Get supported secret types outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: apikey key: x-api-key value: '{{env.POSTMAN_API_KEY}}' placement: header exposes: - type: rest namespace: secret-scanner-secret-scanner-rest port: 8080 description: REST adapter for Postman Secret Scanner API — Secret Scanner. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/secret-scanner/detected-secrets name: secret-scanner-detected-secrets description: REST surface for secret-scanner-detected-secrets. operations: - method: GET name: getdetectedsecrets description: Postman Get detected secrets call: secret-scanner-secret-scanner.getdetectedsecrets with: cursor: rest.cursor limit: rest.limit since: rest.since until: rest.until statuses: rest.statuses resourceTypes: rest.resourceTypes workspaceIds: rest.workspaceIds secretTypes: rest.secretTypes outputParameters: - type: object mapping: $. - path: /v1/secret-scanner/detected-secrets/{secretid} name: secret-scanner-detected-secrets-secretid description: REST surface for secret-scanner-detected-secrets-secretId. operations: - method: GET name: getdetectedsecret description: Postman Get a detected secret call: secret-scanner-secret-scanner.getdetectedsecret outputParameters: - type: object mapping: $. - method: PUT name: resolvedetectedsecret description: Postman Resolve a detected secret call: secret-scanner-secret-scanner.resolvedetectedsecret with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/secret-scanner/detected-secrets/{secretid}/locations name: secret-scanner-detected-secrets-secretid-locations description: REST surface for secret-scanner-detected-secrets-secretId-locations. operations: - method: GET name: getsecretlocations description: Postman Get locations of a detected secret call: secret-scanner-secret-scanner.getsecretlocations with: cursor: rest.cursor limit: rest.limit outputParameters: - type: object mapping: $. - path: /v1/secret-scanner/secret-types name: secret-scanner-secret-types description: REST surface for secret-scanner-secret-types. operations: - method: GET name: getsecrettypes description: Postman Get supported secret types call: secret-scanner-secret-scanner.getsecrettypes outputParameters: - type: object mapping: $. - type: mcp namespace: secret-scanner-secret-scanner-mcp port: 9090 transport: http description: MCP adapter for Postman Secret Scanner API — Secret Scanner. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: postman-get-detected-secrets description: Postman Get detected secrets hints: readOnly: true destructive: false idempotent: true call: secret-scanner-secret-scanner.getdetectedsecrets with: cursor: tools.cursor limit: tools.limit since: tools.since until: tools.until statuses: tools.statuses resourceTypes: tools.resourceTypes workspaceIds: tools.workspaceIds secretTypes: tools.secretTypes outputParameters: - type: object mapping: $. - name: postman-get-detected-secret description: Postman Get a detected secret hints: readOnly: true destructive: false idempotent: true call: secret-scanner-secret-scanner.getdetectedsecret outputParameters: - type: object mapping: $. - name: postman-resolve-detected-secret description: Postman Resolve a detected secret hints: readOnly: false destructive: false idempotent: true call: secret-scanner-secret-scanner.resolvedetectedsecret with: body: tools.body outputParameters: - type: object mapping: $. - name: postman-get-locations-detected-secret description: Postman Get locations of a detected secret hints: readOnly: true destructive: false idempotent: true call: secret-scanner-secret-scanner.getsecretlocations with: cursor: tools.cursor limit: tools.limit outputParameters: - type: object mapping: $. - name: postman-get-supported-secret-types description: Postman Get supported secret types hints: readOnly: true destructive: false idempotent: true call: secret-scanner-secret-scanner.getsecrettypes outputParameters: - type: object mapping: $.