MCP Server Policy

POSTMAN MCP POLICY

Enforce policies on every tool call to the Postman MCP Server. 30 tools listed, categorised, and ready for rules.

postmanlabs/postman-mcp-server 12 read 18 write 30 tools total
postman api testing collections workspaces

GET STARTED

Download this policy scaffold and add your rules. Intercept enforces them on every tool call before it reaches Postman.

terminal

# Download policy scaffold

curl -o postman.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/postman.yaml

# Run with Intercept

intercept --policy postman.yaml -- npx -y @postmanlabs/postman-mcp-server

Server documentation: https://github.com/postmanlabs/postman-mcp-server

READ TOOLS

12

WRITE TOOLS

11

DESTRUCTIVE TOOLS

6

EXECUTE TOOLS

1

POLICY YAML

This scaffold lists every tool with empty rules. Add conditions — rate limits, argument validation, deny rules — then deploy with Intercept.

postman.yaml 
version: "1"
description: "Policy for postmanlabs/postman-mcp-server"
default: "allow"
tools:
    getApi:
        rules: []
    getCollection:
        rules: []
    getEnvironment:
        rules: []
    getMock:
        rules: []
    getMonitor:
        rules: []
    getWorkspace:
        rules: []
    listApis:
        rules: []
    listCollections:
        rules: []
    listEnvironments:
        rules: []
    listMocks:
        rules: []
    listMonitors:
        rules: []
    listWorkspaces:
        rules: []
    createApi:
        rules: []
    createCollection:
        rules: []
    createEnvironment:
        rules: []
    createMock:
        rules: []
    createMonitor:
        rules: []
    createWorkspace:
        rules: []
    updateApi:
        rules: []
    updateCollection:
        rules: []
    updateEnvironment:
        rules: []
    updateMock:
        rules: []
    updateWorkspace:
        rules: []
    runMonitor:
        rules: []
    deleteApi:
        rules: []
    deleteCollection:
        rules: []
    deleteEnvironment:
        rules: []
    deleteMock:
        rules: []
    deleteMonitor:
        rules: []
    deleteWorkspace:
        rules: []

RELATED POLICIES

Playwright 25 tools
testing
BrowserStack 20 tools
testing
CircleCI 15 tools
testing
Apollo GraphQL 1 tools
api

FREQUENTLY ASKED QUESTIONS

What tools does the Postman MCP server expose?

The Postman MCP Server exposes 30 tools across 4 categories: Read, Write, Execute, Destructive. Each tool can be individually controlled with Intercept policies.

How do I enforce policies on Postman?

Download the policy scaffold, add rules (rate limits, argument validation, deny rules), then run Intercept as a proxy in front of the Postman MCP server. Every tool call is evaluated against your YAML policy before execution.

Is the Postman policy free to use?

Yes. All Intercept policies are open source under the Apache 2.0 licence. Download, modify, and deploy without restrictions.

ENFORCE POLICIES ON POSTMAN

Open source. One binary. Zero dependencies.

VIEW ON GITHUB Browse all policies →