@postman-cse/onboarding-insights 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,11 +1,32 @@
1
- # Postman Insights Onboarding
1
+ # Postman Onboarding: Insights Linking
2
2
 
3
- [![CI](https://github.com/postman-cs/postman-insights-onboarding-action/actions/workflows/ci.yml/badge.svg)](https://github.com/postman-cs/postman-insights-onboarding-action/actions/workflows/ci.yml)
4
- [![Release](https://img.shields.io/github/v/release/postman-cs/postman-insights-onboarding-action?sort=semver)](https://github.com/postman-cs/postman-insights-onboarding-action/releases)
5
- [![npm](https://img.shields.io/npm/v/%40postman-cse%2Fonboarding-insights)](https://www.npmjs.com/package/@postman-cse/onboarding-insights)
6
- [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
3
+ [![CI](https://github.com/postman-cs/postman-insights-onboarding-action/actions/workflows/ci.yml/badge.svg)](https://github.com/postman-cs/postman-insights-onboarding-action/actions/workflows/ci.yml) [![Release](https://img.shields.io/github/v/release/postman-cs/postman-insights-onboarding-action?sort=semver)](https://github.com/postman-cs/postman-insights-onboarding-action/releases) [![npm](https://img.shields.io/npm/v/%40postman-cse%2Fonboarding-insights)](https://www.npmjs.com/package/@postman-cse/onboarding-insights) [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
7
4
 
8
- Links Postman Insights discovered services to API Catalog workspaces and git repositories after deployment, so every service the Insights agent finds lands in your catalog with a collection, a repo link, and live telemetry.
5
+ Links [Postman Insights](https://learning.postman.com/docs/insights/overview/) discovered services to [API Catalog](https://learning.postman.com/docs/api-catalog/overview/) workspaces and git repositories after deployment, so every service the Insights agent finds lands in your catalog with a collection, a repo link, and live telemetry.
6
+
7
+ Part of the [Postman API Onboarding suite](https://github.com/postman-cs/postman-api-onboarding-action).
8
+
9
+ ## Prerequisites
10
+
11
+ - The [Postman Insights DaemonSet agent](https://learning.postman.com/docs/api-catalog/connect/insights/) must already be running on your cluster in discovery mode.
12
+ - The target service must already be deployed, running, and receiving enough traffic for the agent to discover it.
13
+ - A [Postman workspace](https://learning.postman.com/docs/collaborating-in-postman/using-workspaces/overview/) and environment must already exist for the service.
14
+ - A [Postman service account](https://learning.postman.com/docs/administration/service-accounts/) API key must be available as a CI secret. Use [postman-resolve-service-token-action](https://github.com/postman-cs/postman-resolve-service-token-action) to mint the `postman-access-token` and `postman-team-id` at runtime.
15
+ - Choose the Postman data residency region up front with `postman-region` (`us` or `eu`).
16
+
17
+ This action does **not** deploy the Insights agent, create workspaces, create environments, upload OpenAPI specs, or sync repo artifacts. It only links a service that Insights has already discovered.
18
+
19
+ ## Which action should I use?
20
+
21
+ | Need | Action |
22
+ | --- | --- |
23
+ | Mint a service-account access token and team ID | [Postman Onboarding: Service Token](https://github.com/postman-cs/postman-resolve-service-token-action) |
24
+ | Run the full workspace, collection, repo sync, and optional Insights pipeline | [Postman API Onboarding](https://github.com/postman-cs/postman-api-onboarding-action) |
25
+ | Create a workspace, upload an OpenAPI spec, and generate collections | [Postman Onboarding: Workspace Bootstrap](https://github.com/postman-cs/postman-bootstrap-action) |
26
+ | Sync Postman artifacts, mocks, monitors, and CI files back to the repo | [Postman Onboarding: Repo Sync](https://github.com/postman-cs/postman-repo-sync-action) |
27
+ | Link an already discovered Insights service to an existing workspace | [Postman Onboarding: Insights Linking](https://github.com/postman-cs/postman-insights-onboarding-action) |
28
+ | Discover OpenAPI specs from AWS services | [Postman Onboarding: AWS Spec Discovery](https://github.com/postman-cs/postman-aws-spec-discovery-action) |
29
+ | Apply a curated smoke flow to an existing Smoke collection | [Postman Onboarding: Smoke Flow](https://github.com/postman-cs/postman-smoke-flow-action) |
9
30
 
10
31
  ## Usage
11
32
 
@@ -18,23 +39,23 @@ jobs:
18
39
 
19
40
  # ... deploy your service to Kubernetes ...
20
41
 
42
+ - id: postman_token
43
+ uses: postman-cs/postman-resolve-service-token-action@v1
44
+ with:
45
+ postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
46
+ postman-region: us
47
+
21
48
  - uses: postman-cs/postman-insights-onboarding-action@v1
22
49
  with:
23
- project-name: af-cards-activation
50
+ project-name: core-payments
24
51
  workspace-id: ${{ vars.POSTMAN_WORKSPACE_ID }}
25
52
  environment-id: ${{ vars.POSTMAN_ENVIRONMENT_ID }}
26
- postman-access-token: ${{ secrets.POSTMAN_ACCESS_TOKEN }}
53
+ postman-region: us
54
+ postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
55
+ postman-access-token: ${{ steps.postman_token.outputs.token }}
56
+ postman-team-id: ${{ steps.postman_token.outputs.team-id }}
27
57
  ```
28
58
 
29
- ### Prerequisites
30
-
31
- - The Postman Insights DaemonSet agent must be running on your cluster in discovery mode.
32
- - The target service must be deployed and running (the agent discovers it from live traffic).
33
- - A Postman workspace and environment must already exist for the service.
34
- - A `postman-access-token` (session token) is required for Bifrost API access. See [Credentials and Identity](docs/credentials.md).
35
-
36
- This action does **not** deploy the Insights agent, create workspaces, or manage environments. Use [postman-bootstrap-action](https://github.com/postman-cs/postman-bootstrap-action) and [postman-repo-sync-action](https://github.com/postman-cs/postman-repo-sync-action) for those concerns.
37
-
38
59
  ## Examples
39
60
 
40
61
  ### Standalone after a Kubernetes deploy
@@ -48,14 +69,22 @@ jobs:
48
69
 
49
70
  # ... deploy your service to Kubernetes ...
50
71
 
72
+ - id: postman_token
73
+ uses: postman-cs/postman-resolve-service-token-action@v1
74
+ with:
75
+ postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
76
+ postman-region: us
77
+
51
78
  - uses: postman-cs/postman-insights-onboarding-action@v1
52
79
  with:
53
- project-name: af-cards-activation
54
- workspace-id: ${{ steps.bootstrap.outputs.workspace-id }}
55
- environment-id: ${{ steps.sync.outputs.environment-uids-json && fromJSON(steps.sync.outputs.environment-uids-json).prod }}
80
+ project-name: core-payments
81
+ workspace-id: ${{ vars.POSTMAN_WORKSPACE_ID }}
82
+ environment-id: ${{ vars.POSTMAN_ENVIRONMENT_ID }}
56
83
  cluster-name: my-cluster
57
- postman-access-token: ${{ secrets.POSTMAN_ACCESS_TOKEN }}
84
+ postman-region: us
58
85
  postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
86
+ postman-access-token: ${{ steps.postman_token.outputs.token }}
87
+ postman-team-id: ${{ steps.postman_token.outputs.team-id }}
59
88
  github-token: ${{ secrets.GITHUB_TOKEN }}
60
89
  poll-timeout-seconds: 180
61
90
  ```
@@ -69,51 +98,62 @@ jobs:
69
98
  steps:
70
99
  - uses: actions/checkout@v5
71
100
 
101
+ - id: postman_token
102
+ uses: postman-cs/postman-resolve-service-token-action@v1
103
+ with:
104
+ postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
105
+ postman-region: us
106
+
72
107
  - uses: postman-cs/postman-bootstrap-action@v1
73
108
  id: bootstrap
74
109
  with:
75
- project-name: af-cards-activation
76
- spec-url: https://example.com/openapi.yaml
110
+ project-name: core-payments
111
+ spec-url: https://raw.githubusercontent.com/postman-cs/postman-insights-onboarding-action/main/examples/core-payments-openapi.yaml
112
+ postman-region: us
77
113
  postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
78
- postman-access-token: ${{ secrets.POSTMAN_ACCESS_TOKEN }}
114
+ postman-access-token: ${{ steps.postman_token.outputs.token }}
79
115
 
80
116
  # ... deploy service to Kubernetes ...
81
117
 
82
118
  - uses: postman-cs/postman-repo-sync-action@v1
83
119
  id: sync
84
120
  with:
85
- project-name: af-cards-activation
121
+ project-name: core-payments
86
122
  workspace-id: ${{ steps.bootstrap.outputs.workspace-id }}
87
123
  baseline-collection-id: ${{ steps.bootstrap.outputs.baseline-collection-id }}
88
124
  smoke-collection-id: ${{ steps.bootstrap.outputs.smoke-collection-id }}
89
125
  contract-collection-id: ${{ steps.bootstrap.outputs.contract-collection-id }}
90
126
  environments-json: '["prod"]'
91
127
  env-runtime-urls-json: '{"prod":"https://api.example.com"}'
128
+ postman-region: us
92
129
  postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
93
- postman-access-token: ${{ secrets.POSTMAN_ACCESS_TOKEN }}
130
+ postman-access-token: ${{ steps.postman_token.outputs.token }}
94
131
 
95
132
  - uses: postman-cs/postman-insights-onboarding-action@v1
96
133
  with:
97
- project-name: af-cards-activation
134
+ project-name: core-payments
98
135
  workspace-id: ${{ steps.bootstrap.outputs.workspace-id }}
99
136
  environment-id: ${{ fromJSON(steps.sync.outputs.environment-uids-json).prod }}
100
137
  cluster-name: my-cluster
101
- postman-access-token: ${{ secrets.POSTMAN_ACCESS_TOKEN }}
138
+ postman-region: us
102
139
  postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
140
+ postman-access-token: ${{ steps.postman_token.outputs.token }}
141
+ postman-team-id: ${{ steps.postman_token.outputs.team-id }}
103
142
  github-token: ${{ secrets.GITHUB_TOKEN }}
104
143
  ```
105
144
 
106
145
  ### Tuning discovery polling
107
146
 
108
- The Insights agent takes time to discover services after pods start. The action polls the API Catalog discovered-services list until the service appears or the timeout is reached. For services that take longer to appear (cold cluster, large pod startup time), raise the timeout:
147
+ The Insights agent takes time to discover services after pods start. The action polls the [API Catalog](https://learning.postman.com/docs/api-catalog/connect/insights/) discovered-services list until the service appears or the timeout is reached. For services that take longer to appear (cold cluster, large pod startup time), raise the timeout:
109
148
 
110
149
  ```yaml
111
150
  - uses: postman-cs/postman-insights-onboarding-action@v1
112
151
  with:
113
- project-name: af-cards-activation
152
+ project-name: core-payments
114
153
  workspace-id: ${{ vars.POSTMAN_WORKSPACE_ID }}
115
154
  environment-id: ${{ vars.POSTMAN_ENVIRONMENT_ID }}
116
- postman-access-token: ${{ secrets.POSTMAN_ACCESS_TOKEN }}
155
+ postman-region: us
156
+ postman-access-token: ${{ steps.postman_token.outputs.token }}
117
157
  poll-timeout-seconds: 300
118
158
  poll-interval-seconds: 15
119
159
  ```
@@ -122,15 +162,15 @@ The Insights agent takes time to discover services after pods start. The action
122
162
 
123
163
  ### Credential preflight modes
124
164
 
125
- Before any onboarding write, the action can verify that `postman-api-key` and `postman-access-token` resolve to the same parent organization. Set `credential-preflight` to `enforce` to fail fast on mismatched credentials, or `off` to skip the probes (the default `warn` logs and continues):
165
+ Before any onboarding write, the action can verify that `postman-api-key` and `postman-access-token` resolve to the same parent organization. The default `warn` mode logs a note and continues. Set `credential-preflight` to `enforce` to fail fast on mismatched credentials:
126
166
 
127
167
  ```yaml
128
168
  - uses: postman-cs/postman-insights-onboarding-action@v1
129
169
  with:
130
- project-name: af-cards-activation
170
+ project-name: core-payments
131
171
  workspace-id: ${{ vars.POSTMAN_WORKSPACE_ID }}
132
172
  environment-id: ${{ vars.POSTMAN_ENVIRONMENT_ID }}
133
- postman-access-token: ${{ secrets.POSTMAN_ACCESS_TOKEN }}
173
+ postman-access-token: ${{ steps.postman_token.outputs.token }}
134
174
  postman-api-key: ${{ secrets.POSTMAN_API_KEY }}
135
175
  credential-preflight: enforce
136
176
  ```
@@ -144,10 +184,13 @@ The same logic ships as a CLI (`postman-insights-onboard`) for GitLab CI, Bitbuc
144
184
  ```bash
145
185
  npm install -g @postman-cse/onboarding-insights
146
186
  postman-insights-onboard \
147
- --project-name af-cards-activation \
187
+ --project-name core-payments \
148
188
  --workspace-id ws_123 \
149
189
  --environment-id env_123 \
150
190
  --postman-access-token "$POSTMAN_ACCESS_TOKEN" \
191
+ --postman-team-id "$POSTMAN_TEAM_ID" \
192
+ --postman-api-key "$POSTMAN_API_KEY" \
193
+ --postman-region us \
151
194
  --cluster-name my-cluster
152
195
  ```
153
196
 
@@ -164,16 +207,17 @@ See [CLI Usage](docs/cli.md) for provider auto-detection, output formats, and Gi
164
207
  | `system-environment-id` | Postman system environment UUID for service-level Insights acknowledgment | No | |
165
208
  | `cluster-name` | Insights cluster name. Matches {cluster}/{project-name} in discovered services | No | |
166
209
  | `repo-url` | Repository URL for Git onboarding. Auto-detected from CI context when omitted. | No | |
167
- | `postman-access-token` | Postman access token for Bifrost API calls | Yes | |
168
- | `postman-team-id` | Explicit Postman team ID for org-mode Bifrost request headers. When omitted, x-entity-team-id is not sent. | No | |
210
+ | `postman-access-token` | Service-account Postman access token for integration API calls. Prefer minting it with postman-resolve-service-token-action. | Yes | |
211
+ | `postman-team-id` | Explicit Postman team ID for org-mode integration request headers. When omitted, x-entity-team-id is not sent. | No | |
169
212
  | `github-token` | Optional GitHub token passed as git_api_key when repository auth is required by onboarding/git | No | |
170
- | `postman-api-key` | Postman API key (PMAK-*) for the application binding call. Auto-created from postman-access-token when omitted or invalid after a clear 401/403 validation failure. | No | |
171
- | `credential-preflight` | Credential identity preflight policy. warn (default) logs a note and continues when postman-api-key and postman-access-token resolve to different parent orgs; enforce fails the run on that condition before any onboarding write; off skips the identity probes entirely (the reactive error guidance still applies). A rejected or auto-created postman-api-key is never failed on. | No | `warn` |
213
+ | `postman-api-key` | Service-account Postman API key (PMAK-*) for the application binding call. Auto-created from postman-access-token when omitted or invalid after a clear 401/403 validation failure. | No | |
214
+ | `credential-preflight` | Credential identity preflight policy. warn (default) logs a note and continues when postman-api-key and postman-access-token resolve to different parent orgs; enforce fails the run on that condition before any onboarding write. Supported values are warn and enforce. | No | `warn` |
172
215
  | `poll-timeout-seconds` | Maximum seconds to wait for the service to appear in the discovered list | No | `120` |
173
216
  | `poll-interval-seconds` | Seconds between discovery polling attempts | No | `10` |
217
+ | `postman-region` | Postman data residency region for public API calls. One of: us or eu. | No | `us` |
174
218
  <!-- inputs-table:end -->
175
219
 
176
- Supply `postman-team-id` only for org-mode tokens that require an explicit team header. For non-org tokens, leave it unset so Bifrost can infer team context from the access token. Credential details, the preflight policy, and API key auto-creation are documented in [Credentials and Identity](docs/credentials.md).
220
+ Supply `postman-team-id` only for org-mode tokens that require an explicit team header. For non-org tokens, leave it unset so Postman can infer team context from the access token. Credential details, the preflight policy, and API key auto-creation are documented in [Credentials and Identity](docs/credentials.md).
177
221
 
178
222
  ## Outputs
179
223
 
@@ -192,20 +236,32 @@ Failures set `status=error` before the action exits.
192
236
 
193
237
  ## How it works
194
238
 
195
- **Discovery poll.** The action polls the API Catalog discovered-services list (`GET /api/v1/onboarding/discovered-services?status=discovered` on Bifrost api-catalog) at the configured interval until a service matching `{cluster-name}/{project-name}` appears (suffix matching when `cluster-name` is omitted) or the timeout is reached.
239
+ **Discovery poll.** The action polls the API Catalog discovered-services list at the configured interval until a service matching `{cluster-name}/{project-name}` appears (suffix matching when `cluster-name` is omitted) or the timeout is reached.
196
240
 
197
241
  **Catalog prep.** It then calls `POST /api/v1/onboarding/prepare-collection` to create the API Catalog collection entry for the discovered service in your workspace.
198
242
 
199
- **Git link.** `POST /api/v1/onboarding/git` with `via_integrations: false` links the service to the GitHub repository (`repo-url` input, auto-detected from CI context when omitted; `github-token` is passed as `git_api_key` only when the endpoint requires repository auth).
243
+ **Git link.** `POST /api/v1/onboarding/git` with `via_integrations: false` links the service to the GitHub repository (`repo-url` input, auto-detected from CI context when omitted; `github-token` is passed as `git_api_key` only when the endpoint requires repository auth). Postman's [connect code](https://learning.postman.com/docs/api-catalog/connect/code/) docs cover the product workflow this binding supports.
200
244
 
201
245
  **Acknowledgment.** The action resolves the `svc_*` Akita service ID, marks the service as managed (`POST /v2/api-catalog/services/onboard`), and acknowledges the workspace (`POST /v2/workspaces/{id}/onboarding/acknowledge`) to activate the Insights project.
202
246
 
203
- **Binding.** Finally it creates an application binding with the observability API (`POST /v2/agent/api-catalog/workspaces/{id}/applications`, sent directly to `api.observability.postman.com` rather than through Bifrost), which is required for service graph edge generation, and retrieves the team verification token (`tvt_*`) for DaemonSet telemetry.
247
+ **Binding.** Finally it creates an application binding with the observability API, which is required for service graph edge generation, and retrieves the team verification token (`tvt_*`) for DaemonSet telemetry.
204
248
 
205
249
  For local builds, contract smoke monitoring, and release channels, see [Development and Operations](docs/development.md).
206
250
 
207
251
  ## Resources
208
252
 
253
+ ### The suite
254
+
255
+ | Action | Role |
256
+ | --- | --- |
257
+ | [Postman API Onboarding](https://github.com/postman-cs/postman-api-onboarding-action) | Entry point: chains workspace bootstrap, repo sync, and optional Insights linking |
258
+ | [Postman Onboarding: Service Token](https://github.com/postman-cs/postman-resolve-service-token-action) | Mints the service-account access token and team ID |
259
+ | [Postman Onboarding: AWS Spec Discovery](https://github.com/postman-cs/postman-aws-spec-discovery-action) | Discovers and exports API specs from AWS services |
260
+ | [Postman Onboarding: Workspace Bootstrap](https://github.com/postman-cs/postman-bootstrap-action) | Creates the workspace, uploads the spec, generates collections |
261
+ | [Postman Onboarding: Smoke Flow](https://github.com/postman-cs/postman-smoke-flow-action) | Applies a curated flow.yaml to the Smoke collection |
262
+ | [Postman Onboarding: Repo Sync](https://github.com/postman-cs/postman-repo-sync-action) | Exports artifacts into the repo and wires CI, mocks, and monitors |
263
+ | [Postman Onboarding: Insights Linking](https://github.com/postman-cs/postman-insights-onboarding-action) | Links Insights discovered services to the workspace |
264
+
209
265
  - [postman-resolve-service-token-action](https://github.com/postman-cs/postman-resolve-service-token-action): mints a service-account access token and team ID.
210
266
  - [postman-api-onboarding-action](https://github.com/postman-cs/postman-api-onboarding-action): composite action that orchestrates the onboarding pipeline.
211
267
  - [postman-bootstrap-action](https://github.com/postman-cs/postman-bootstrap-action): workspace provisioning, spec upload, and collection generation.
@@ -213,7 +269,52 @@ For local builds, contract smoke monitoring, and release channels, see [Developm
213
269
  - [postman-repo-sync-action](https://github.com/postman-cs/postman-repo-sync-action): artifact sync, environments, mocks, monitors, and CI templates.
214
270
  - [postman-aws-spec-discovery-action](https://github.com/postman-cs/postman-aws-spec-discovery-action): discovers API specs from AWS.
215
271
  - npm package: [@postman-cse/onboarding-insights](https://www.npmjs.com/package/@postman-cse/onboarding-insights)
216
- - [Postman Insights documentation](https://learning.postman.com/docs/insights/insights-overview/)
272
+ - Postman Learning Center: [Insights overview](https://learning.postman.com/docs/insights/overview/), [connect Insights](https://learning.postman.com/docs/api-catalog/connect/insights/), [Insights API Catalog agent reference](https://learning.postman.com/docs/insights/reference/agent/api-catalog/), [API Catalog overview](https://learning.postman.com/docs/api-catalog/overview/), [connect code](https://learning.postman.com/docs/api-catalog/connect/code/)
273
+ - [Credentials and Identity](docs/credentials.md)
274
+ - [Development and Operations](docs/development.md)
275
+ - [Support](SUPPORT.md)
276
+ - [Security Policy](SECURITY.md)
277
+ - [Release Policy](RELEASE_POLICY.md)
278
+
279
+
280
+ ## Telemetry
281
+
282
+ This action sends a single non-identifying usage event when a run completes, so the
283
+ Postman team can measure adoption across CI systems. The event contains the
284
+ action name and version, your Postman team ID, the detected CI provider and
285
+ runner kind, the run outcome, the CI run identifier, an event timestamp, and a one-way SHA-256 hash of the repository
286
+ identifier. Each event also carries a schema version and a constant event marker (always `completion`). The Postman team ID is sent in the clear on a legitimate-interest
287
+ basis to measure product adoption.
288
+
289
+ The `events.pm-cse.dev` endpoint is operated by the Postman Customer Success
290
+ Engineering team. Postman, Inc. processes these events only to measure
291
+ onboarding adoption in aggregate, retains them only as aggregated counts for
292
+ product-adoption trend analysis, and includes no payload field that identifies
293
+ an individual person.
294
+
295
+ It never sends API keys, access tokens, spec content, workspace or repository
296
+ names, or any personal data. It is fire-and-forget with a hard
297
+ timeout and can never block or fail your pipeline. Corporate HTTP and HTTPS
298
+ proxies are honored through the standard `HTTPS_PROXY`, `HTTP_PROXY`, and
299
+ `NO_PROXY` environment variables.
300
+
301
+ Disable it by setting either environment variable in your CI:
302
+
303
+ ```sh
304
+ POSTMAN_ACTIONS_TELEMETRY=off
305
+ # or the cross-tool standard
306
+ DO_NOT_TRACK=1
307
+ ```
308
+
309
+ Telemetry is also skipped automatically when no Postman team ID can be resolved.
310
+
311
+ A run that ends in the `not-found` state (no matching Insights project) is
312
+ recorded with a `failure` outcome.
313
+
314
+ Events are sent over HTTPS to `https://events.pm-cse.dev/v1/events`. To
315
+ allowlist this destination on a restricted network, or to route events to a
316
+ collector you operate, set the `POSTMAN_ACTIONS_TELEMETRY_ENDPOINT` environment
317
+ variable to your own URL.
217
318
 
218
319
  ## License
219
320
 
package/action.yml CHANGED
@@ -1,5 +1,5 @@
1
- name: 'Postman Insights Onboarding'
2
- description: 'Link Postman Insights discovered services to API Catalog workspaces and git repositories after deployment.'
1
+ name: 'Postman Onboarding: Insights Linking'
2
+ description: Link Postman Insights discovered services to workspaces and git repos. Part of the Postman API Onboarding suite.
3
3
  author: Postman
4
4
  branding:
5
5
  icon: link
@@ -24,19 +24,19 @@ inputs:
24
24
  description: 'Repository URL for Git onboarding. Auto-detected from CI context when omitted.'
25
25
  required: false
26
26
  postman-access-token:
27
- description: 'Postman access token for Bifrost API calls'
27
+ description: 'Service-account Postman access token for integration API calls. Prefer minting it with postman-resolve-service-token-action.'
28
28
  required: true
29
29
  postman-team-id:
30
- description: 'Explicit Postman team ID for org-mode Bifrost request headers. When omitted, x-entity-team-id is not sent.'
30
+ description: 'Explicit Postman team ID for org-mode integration request headers. When omitted, x-entity-team-id is not sent.'
31
31
  required: false
32
32
  github-token:
33
33
  description: 'Optional GitHub token passed as git_api_key when repository auth is required by onboarding/git'
34
34
  required: false
35
35
  postman-api-key:
36
- description: 'Postman API key (PMAK-*) for the application binding call. Auto-created from postman-access-token when omitted or invalid after a clear 401/403 validation failure.'
36
+ description: 'Service-account Postman API key (PMAK-*) for the application binding call. Auto-created from postman-access-token when omitted or invalid after a clear 401/403 validation failure.'
37
37
  required: false
38
38
  credential-preflight:
39
- description: 'Credential identity preflight policy. warn (default) logs a note and continues when postman-api-key and postman-access-token resolve to different parent orgs; enforce fails the run on that condition before any onboarding write; off skips the identity probes entirely (the reactive error guidance still applies). A rejected or auto-created postman-api-key is never failed on.'
39
+ description: 'Credential identity preflight policy. warn (default) logs a note and continues when postman-api-key and postman-access-token resolve to different parent orgs; enforce fails the run on that condition before any onboarding write. Supported values are warn and enforce.'
40
40
  required: false
41
41
  default: 'warn'
42
42
  poll-timeout-seconds:
@@ -47,8 +47,12 @@ inputs:
47
47
  description: 'Seconds between discovery polling attempts'
48
48
  required: false
49
49
  default: '10'
50
+ postman-region:
51
+ description: 'Postman data residency region for public API calls. One of: us or eu.'
52
+ required: false
53
+ default: 'us'
50
54
  postman-stack:
51
- description: 'Postman stack profile.'
55
+ description: 'Postman stack profile. Defaults to the public production stack. Marketplace workflows should leave this as prod.'
52
56
  required: false
53
57
  default: 'prod'
54
58
  outputs: