API Client can now be downloaded from the MC

[cneijenhuis]

API Client can now be downloaded from the MC in the Postman Environment format. It works with the default Import dialog 👍

[czacherl]

@cneijenhuis great thing. I need to check something regarding data security again with Postman on short notice for that, as we got some issue by @jenschude regarding uploaded environment variables. It might be, we can work around it with a simple note for the downloader.

[cneijenhuis]

OK, feel free to merge once you have clarified it (I'll be on vacation, as you know :) )

[czacherl]

The "problem" currently is, that the environment data, which can be sotred in postman is synchronized with the postman repositories. There it is secured in a encrypted AWS system. Though, the encryption on the data is handled server-sides. They are working on a solution for client side encryption. This is the text I received from postman on a security enquiry:

We use AWS as our infrastructure provider. Postman data is stored in encrypted databases on Amazon RDS. Postman uses Secure Websockets (wss) for all communication between the app and our servers. Data is AES-128/SHA-256 encrypted and sent over TLS 1.2 during transit. Data, depending upon its internal sensitivity classification, is also AES-256-GCM encrypted at the application layer prior to storage. In the near future, we will also introduce Client-Side Encryption.

What will be needed here is a notification to the downloader and user, that states that:

• their data environment data, including project keys and secrets will be synced with Postman
• the encryption is server based for that data
• we do not take any responsibility for what happens to that data

Shall I write something for that or do you have something matching in mind?

[cneijenhuis]

@czacherl Please write something :)

[cneijenhuis]

I'll merge it, I think the notice can be done in another PR.