Postman
Postman •
Since 2012
Quick Actions
Official Docs
What is Postman?
PostmanRuntime is the user agent for Postman, the popular API development and testing platform used by millions of developers worldwide. This user agent appears when developers test APIs, run automated test collections, or use Postman monitors. Postman has become essential for API development workflows, from initial design to testing and documentation. The user agent often appears in development and staging environments but can also be seen in production logs during API monitoring or integration testing.
User Agent String
PostmanRuntime/7.35.0
How to Control Postman
Block Completely
To prevent Postman from accessing your entire website, add this to your robots.txt file:
# Block Postman
User-agent: PostmanRuntime
Disallow: /
Block Specific Directories
To restrict access to certain parts of your site while allowing others:
User-agent: PostmanRuntime
Disallow: /admin/
Disallow: /private/
Disallow: /wp-admin/
Allow: /public/
Set Crawl Delay
To slow down the crawl rate (note: not all bots respect this directive):
User-agent: PostmanRuntime
Crawl-delay: 10
How to Verify Postman
Verification Method:
PostmanRuntime with version number
PostmanRuntime with version number
Learn more in the official documentation.
Detection Patterns
Multiple ways to detect Postman in your application:
Basic Pattern
/Postman/i
Strict Pattern
/^PostmanRuntime/7\.35\.0$/
Flexible Pattern
/Postman[\s\/]?[\d\.]*?/i
Vendor Match
/.*Postman.*Postman/i
Implementation Examples
// PHP Detection for Postman
function detect_postman() {
$user_agent = $_SERVER['HTTP_USER_AGENT'] ?? '';
$pattern = '/Postman/i';
if (preg_match($pattern, $user_agent)) {
// Log the detection
error_log('Postman detected from IP: ' . $_SERVER['REMOTE_ADDR']);
// Set cache headers
header('Cache-Control: public, max-age=3600');
header('X-Robots-Tag: noarchive');
// Optional: Serve cached version
if (file_exists('cache/' . md5($_SERVER['REQUEST_URI']) . '.html')) {
readfile('cache/' . md5($_SERVER['REQUEST_URI']) . '.html');
exit;
}
return true;
}
return false;
}
# Python/Flask Detection for Postman
import re
from flask import request, make_response
def detect_postman():
user_agent = request.headers.get('User-Agent', '')
pattern = r'Postman'
if re.search(pattern, user_agent, re.IGNORECASE):
# Create response with caching
response = make_response()
response.headers['Cache-Control'] = 'public, max-age=3600'
response.headers['X-Robots-Tag'] = 'noarchive'
return True
return False
# Django Middleware
class PostmanMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
if self.detect_bot(request):
# Handle bot traffic
pass
return self.get_response(request)
// JavaScript/Node.js Detection for Postman
const express = require('express');
const app = express();
// Middleware to detect Postman
function detectPostman(req, res, next) {
const userAgent = req.headers['user-agent'] || '';
const pattern = /Postman/i;
if (pattern.test(userAgent)) {
// Log bot detection
console.log('Postman detected from IP:', req.ip);
// Set cache headers
res.set({
'Cache-Control': 'public, max-age=3600',
'X-Robots-Tag': 'noarchive'
});
// Mark request as bot
req.isBot = true;
req.botName = 'Postman';
}
next();
}
app.use(detectPostman);
# Apache .htaccess rules for Postman
# Block completely
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} Postman [NC]
RewriteRule .* - [F,L]
# Or redirect to a static version
RewriteCond %{HTTP_USER_AGENT} Postman [NC]
RewriteCond %{REQUEST_URI} !^/static/
RewriteRule ^(.*)$ /static/$1 [L]
# Or set environment variable for PHP
SetEnvIfNoCase User-Agent "Postman" is_bot=1
# Add cache headers for this bot
<If "%{HTTP_USER_AGENT} =~ /Postman/i">
Header set Cache-Control "public, max-age=3600"
Header set X-Robots-Tag "noarchive"
</If>
# Nginx configuration for Postman
# Map user agent to variable
map $http_user_agent $is_postman {
default 0;
~*Postman 1;
}
server {
# Block the bot completely
if ($is_postman) {
return 403;
}
# Or serve cached content
location / {
if ($is_postman) {
root /var/www/cached;
try_files $uri $uri.html $uri/index.html @backend;
}
try_files $uri @backend;
}
# Add headers for bot requests
location @backend {
if ($is_postman) {
add_header Cache-Control "public, max-age=3600";
add_header X-Robots-Tag "noarchive";
}
proxy_pass http://backend;
}
}
Should You Block This Bot?
Recommendations based on your website type:
| Site Type | Recommendation | Reasoning |
|---|---|---|
| E-commerce | Optional | Evaluate based on bandwidth usage vs. benefits |
| Blog/News | Allow | Increases content reach and discoverability |
| SaaS Application | Block | No benefit for application interfaces; preserve resources |
| Documentation | Selective | Allow for public docs, block for internal docs |
| Corporate Site | Limit | Allow for public pages, block sensitive areas like intranets |
Advanced robots.txt Configurations
E-commerce Site Configuration
User-agent: PostmanRuntime
Crawl-delay: 5
Disallow: /cart/
Disallow: /checkout/
Disallow: /my-account/
Disallow: /api/
Disallow: /*?sort=
Disallow: /*?filter=
Disallow: /*&page=
Allow: /products/
Allow: /categories/
Sitemap: https://example.com/sitemap.xml
Publishing/Blog Configuration
User-agent: PostmanRuntime
Crawl-delay: 10
Disallow: /wp-admin/
Disallow: /drafts/
Disallow: /preview/
Disallow: /*?replytocom=
Allow: /
SaaS/Application Configuration
User-agent: PostmanRuntime
Disallow: /app/
Disallow: /api/
Disallow: /dashboard/
Disallow: /settings/
Allow: /
Allow: /pricing/
Allow: /features/
Allow: /docs/
Quick Reference
User Agent Match
Postman
Robots.txt Name
PostmanRuntime
Category
other
Respects robots.txt
May not respect
Copied to clipboard!