I was originally investigating this report that Postman is not HIPAA compliant. I found that Postman is not just wholly unsuitable for anyone testing a healthcare application — it has virtually zero…

Lobsters is a community-driven platform for sharing and discussing links to articles, tutorials, and projects related to technology and programming. Readers can learn about a wide range of topics, from software development and system administration to cybersecurity and artificial intelligence. With user submissions, comments, and voting, Lobsters provides a platform for collaborative learning and knowledge sharing among technology enthusiasts.

Lobsters

Postman has been found to log secret strings and environment variables, compromising user privacy. Despite claims of protecting sensitive data, the app sends unmasked variables to its servers, posing risks especially for healthcare applications. Users are advised to block Postman's analytics endpoints to prevent data leakage.

Postman is logging all your secrets and environment variables

I stopped using postman because of requirement to sign and login even when I work locally. Also not all features of postman are needed in my work. After looking for alternatives and checking few of them I finally chose HTTPie as most convenient and fulfilling mu needs, and that’s my recommendation.
I checked: <a href="https://yaak.app/" target="_blank" rel="noopener nofollow">Yaak</a>, <a href="https://hoppscotch.io" target="_blank" rel="noopener nofollow">Hoppscotch</a>, <a href="https://firecamp.io/" target="_blank" rel="noopener nofollow">Firecamp</a> and <a href="https://httpie.io/" target="_blank" rel="noopener nofollow">HTTPIe</a>. They are all great, so everyone should take own decision, don’t rely on me.
I work on linux and I am using Appimage verison (no installation required, just download and run), and availability of appimage was also important to me.

<a href="https://usebruno.com" target="_blank" rel="noopener nofollow">Bruno</a> seems a promising alternative – open source and offline first. I’ve been using this in place of postman for any new API testing.

Postman sucks, it requires you to sign in and now this

I haven’t had a use for Postman since I learned how to use IntelliJ’s HTTP Request feature. Sure, it’s not as user-friendly, but it does everything I need it to.