๐Pynt for Newman (Postman CLI)
Run Pynt API security tests on a locally stored postman collection from a terminal
What is Newman?

Pynt's Integration with Newman
As part of its API security testing suit, Pynt allows seamless integration with Newman.
Pynt for Newman allows you to integrate advanced API security testing directly into your command-line workflows. By combining the power of Newman with Pynt, you can automate security scans alongside your regular API tests, ensuring that each API run is thoroughly tested for vulnerabilities.
With Pyntโs context-aware security testing capabilities, you can enhance your Postman collections with automated security checks, all executed via Newman. This integration is perfect for teams looking to streamline their security testing within their existing CI/CD processes, providing a seamless way to ensure that your APIs are protected against potential threats.
After each run, Pynt generates detailed reports that highlight any security risks found during testing, giving you the insights needed to address vulnerabilities promptly. By integrating Pynt with Newman, you can maintain the flexibility and efficiency of your command-line testing while significantly boosting your API security.
Setup
First, make sure Pynt's prerequisites are met.
Follow the instructions to install Pynt container here.
Run Pynt CLI Command for Newman
Basic usage
pynt newman --collection <path to collection>
Required arguments
--collection - Postman collection file name
Optional arguments
--environment - Postman environment file name (support multiple files)
--reporters output results to json
--host-ca - path to the CA file in PEM format to enable SSL certificate verification for pynt when running through a VPN.
--return-error - 'all-findings' (warnings, or errors), 'errors-only', 'never' (default),
Example
wget https://raw.githubusercontent.com/pynt-io/pynt/main/goat_functional_tests/goat.postman_collection.json
pynt newman --collection goat.postman_collection.json
mTLS Support (Pynt binary only)
Pynt newman supports testing APIs that require mutual TLS (mTLS), allowing you to validate security for endpoints that enforce client certificate authentication.
To run a security test on an mTLS-protected API using Pynt and Newman, use the --ssl-client-cert
, --ssl-client-key
, and --ssl-ca-cert
flags to provide the necessary certificates.
Example
pynt newman --collection collection/goat-mtls.postman_collection.json \
--tls-client-cert certs/client-bundle.pem \
--tls-client-key certs/client.key \
--host-ca certs/root.crt \
Arguments
--tls-client-cert
โ Path to the client certificate (PEM format, can include full chain)--tls-client-key
โ Path to the client private key--host-ca
โ Path to the CA certificate used to validate the server certificate
Last updated