Create a postman collection that is of some interest to other users.
Invite them to your postman collection.
Once they accept your invitation, remove them from your team, and while removing, select the option to copy their private workspace to your account.
Voila.. You got full access to their private workspaces, variables and many others.
At this point, they would lose access to all their workspaces. If you want to appear to be nice, add them back immediately after copying their collections, and grant them access to their workspaces. If they do not pay much attention, they may think that there was some glitch in between and it got resolved automatically. But, in between, you would have got full access to all their collections.
Like the spam mails that are sent, if an invitation mail is sent to all the software engineers, definitely a few of them would click accept and you would get access to all their postman collections.
Typically many people who use postman extensively would keep the passwords, api keys and many other confidential information in their private workspace, assuming nobody could access. If you could tempt them to join your team, you can get all the confidential information.
However, this would work, only if that person has not yet joined any team. If that person has joined any team, the owner of the first team to which he/she joins, would get the access to that workspace.
Posts
