.bp-clean-small-figure{max-width:540px!important;width:100%!important;margin:22px auto!important;padding:10px!important;border-radius:20px!important;background:#fff!important;box-shadow:0 10px 28px rgba(7,18,5,.10)!important}.bp-clean-small-figure img,.bp-clean-small-image{display:block!important;width:100%!important;height:auto!important;border-radius:16px!important}.bp-clean-small-figure figcaption{font-size:14px!important;line-height:1.45!important;color:#4b5563!important;margin-top:10px!important;text-align:center!important}
API client configuration guide
How to Configure and Test Proxies in Postman
Set up system, custom and environment proxies in Postman, verify the exit IP, protect credentials, understand capture mode and troubleshoot 407 or TLS errors.
Short answer: how to configure a proxy in Postman
In the Postman desktop app, open Settings, choose Proxy, and use either the system proxy or a custom proxy for outgoing requests. A custom configuration can specify HTTP or SOCKS protocol, host, port, basic authentication and bypass hosts. Keep only one intended mode active, send an IP-check request, and confirm the response before testing the real API.
The official Postman proxy configuration guide distinguishes the default system proxy, custom outbound proxy and Postman’s separate built-in capture proxy. This distinction matters: sending requests through a private proxy is not the same as running a local capture listener.
Understand the four Postman proxy concepts
| Mode | Purpose | Typical mistake |
|---|---|---|
| Default system proxy | Uses the operating system’s network proxy for Postman connectivity | Forgetting the machine already has a proxy configured |
| Use system proxy | Routes sent requests through system settings | Enabling it together with an unintended custom proxy |
| Custom proxy | Defines protocol, host, port, auth and bypass specifically in Postman | Including the protocol in a field that expects only host |
| HTTP_PROXY / HTTPS_PROXY | Supplies process environment routing when respected | Old variables silently overriding expected behavior |
| Capture proxy | Listens locally to record client traffic into Postman | Confusing inbound capture with outbound API routing |
Postman’s current Proxy settings reference states that system proxy and environment variable options are enabled by default in current releases. Inspect all toggles before blaming a private endpoint.
Configure a custom private proxy
- Open the Postman desktop app and select Settings.
- Open the Proxy tab.
- Disable the system proxy option if the custom proxy must take precedence.
- Enable custom proxy configuration.
- Select HTTP, SOCKS5 or the protocol supplied by the provider.
- Enter hostname or IP and port in their dedicated fields.
- Enable proxy authentication and enter username/password when required.
- Add narrow bypass hosts for local or internal services that should connect directly.
- Save the settings and send a controlled IP-check request.
Postman documents support for HTTP, SOCKS5, SOCKS5H, SOCKS4 and SOCKS4A in custom settings, while noting that SOCKS is used to send HTTP and HTTPS requests. Select the real proxy protocol, not the protocol of the destination URL.
Use the proxy formatter when converting a provider string into separate host, port, username and password fields. Do not paste user:password@host:port into the hostname box.

Verify the Postman proxy route
Create a request such as GET https://api.ipify.org?format=json and send it after saving the proxy settings. The response should show the proxy exit, not the normal office or home IP. Compare that address with the assigned endpoint and check its location if the API scenario is regional.
Then test the actual authorized API with the same proxy. Record the Postman request name, environment, proxy mode, masked proxy ID, observed exit, status, response time and any error. Do not export an environment that contains proxy or API passwords.
- The IP endpoint returns the expected exit.
- The target API status and body match the test contract.
- Proxy authentication succeeds without exposing credentials.
- Bypass hosts connect through the intended route.
- Regional response fields match the selected test case.
- Console and shared logs contain no secrets.
The API testing proxy guide explains how to separate proxy transport, target HTTP response and schema validation.
Use HTTP_PROXY, HTTPS_PROXY and NO_PROXY
Postman can respect operating-system proxy environment variables. This is convenient in managed development environments but can create hidden configuration when the desktop app is launched outside the shell where variables were set.
# PowerShell
$Env:HTTP_PROXY = "http://proxy.example:8080"
$Env:HTTPS_PROXY = "http://proxy.example:8080"
$Env:NO_PROXY = "localhost,127.0.0.1"
# Linux or macOS
export HTTP_PROXY="http://proxy.example:8080"
export HTTPS_PROXY="http://proxy.example:8080"
export NO_PROXY="localhost,127.0.0.1"
Restart Postman after changing the process environment and confirm whether the application was launched from that environment. When debugging, temporarily choose one configuration path instead of leaving system, custom and environment settings enabled together.
Credentials inside environment URLs can be exposed in shell history, process diagnostics or support screenshots. Prefer the desktop app’s protected authentication fields or your organization’s approved secret mechanism. The proxy authentication guide compares basic credentials and IP allowlisting.
TLS certificates and HTTPS APIs
An HTTP proxy can carry HTTPS requests through CONNECT without making the destination HTTP. If an organization intentionally inspects TLS, the workstation must trust the approved certificate authority. A certificate name, expiration or trust failure should be diagnosed, not hidden by permanently disabling SSL verification.
Postman has certificate settings for client certificates and certificate authority behavior. Do not confuse an API client certificate with the proxy’s basic authentication. They operate at different layers and should be documented separately.
- Check system date and time.
- Inspect the certificate subject, issuer and validity.
- Confirm the requested API hostname matches the certificate.
- Install only an approved organization CA.
- Retest direct and proxied paths to identify the failing layer.
- Remove temporary insecure settings after diagnosis.
Outbound proxy versus Postman capture proxy
Postman’s capture proxy listens on a local port so another client can send traffic through it for inspection. The official capture HTTP requests guide describes enabling a local proxy and starting a time-bound debug session. This does not configure Postman’s own outbound requests to use your purchased proxy.
When both are needed, draw the route first: client application to capture proxy, then onward according to the approved network configuration. Protect captured data because it may include cookies, tokens, request bodies and personal information. Limit the session and delete unnecessary evidence.
Troubleshoot Postman proxy problems
| Symptom | Likely cause | First action |
|---|---|---|
| Every request fails | Wrong mode, host, port or network reachability | Disable overlapping modes and run the proxy tester |
| 407 response | Missing credentials or allowlist mismatch | Verify auth method and fields without exposing the password |
| Only HTTPS fails | CONNECT support, TLS trust or hostname | Inspect certificate and proxy protocol |
| Local API unexpectedly uses proxy | Missing or wrong bypass rule | Add a narrow localhost or host-port rule |
| Settings appear ignored | Environment or system proxy precedence | Inspect all toggles and restart the desktop app |
| API returns 401 or 403 | Target API authentication/authorization | Separate API token scope from proxy credentials |
Use the Postman Console for request evidence, but redact secrets before sharing screenshots. The proxy error code guide distinguishes 407, 403, 429, gateway responses and timeouts.

A repeatable Postman regional API workflow
- Duplicate the collection into an authorized test workspace.
- Select the target environment and safe test data.
- Configure one system or custom proxy mode.
- Verify exit IP and location with a harmless request.
- Send the API test and validate status, headers and response body.
- Record timing, region, masked proxy ID and trace ID.
- Keep retries bounded and respect target rate limits.
- Remove temporary secrets, exports and captured traffic after the run.
For command-line reproduction, use the cURL proxy guide. For scripted JavaScript clients, continue with the Node.js proxy guide. Keeping the same endpoint and test contract across tools makes comparison easier.
Use proxy settings safely across a Postman team
A Postman collection can be shared, but a developer’s proxy password should not be. Keep proxy credentials in local or protected variables and avoid exporting them with collections, environments or example responses. Use neutral variable names for the API under test and document the required proxy region separately. Team members can then run the same requests while supplying their own authorized connection details.
For a regional API check, save evidence that explains the route without exposing secrets: the collection version, requested region, observed public IP, timestamp and response status. A lightweight preflight request to an IP endpoint is often enough to catch a wrong system-proxy setting before the real API call. Follow it with a representative HTTPS request so CONNECT and certificate handling are tested too.
Create a clean reproduction before escalating
When a request fails, duplicate it into a minimal collection and remove unrelated scripts, variables and authorization helpers. Compare direct, custom-proxy and system-proxy modes one at a time. Open the Postman Console, note whether the error is connection, 407 authentication, TLS or an upstream HTTP response, and record the active NO_PROXY rule. This produces a useful report for either the proxy provider or the API owner.
Recheck the endpoint with the browser proxy tester or a small cURL request when results disagree. The comparison clarifies whether Postman configuration is responsible. Once fixed, add the verified steps to the collection description so the next team member does not have to rediscover them.
Postman proxy FAQ
Where are proxy settings in Postman?
In the desktop app, open Settings and select Proxy. Current versions provide system, environment and custom proxy controls.
Can Postman use an authenticated proxy?
Yes. The custom proxy configuration supports basic proxy authentication fields, and default proxy credentials can also be configured where supported.
Does Postman support SOCKS proxies?
The official documentation lists SOCKS4, SOCKS4A, SOCKS5 and SOCKS5H options for sending HTTP and HTTPS requests.
What is the difference between Postman proxy and capture proxy?
Outbound proxy settings route requests sent by Postman. The capture proxy listens locally to record traffic sent by another client.
Why is my custom proxy ignored?
Check system proxy and environment variable settings, configuration precedence, whether the desktop app was restarted, and whether the target matches a bypass rule.
How do I verify Postman uses the proxy?
Send a request to a controlled IP endpoint, compare the exit with the assigned proxy, then run the authorized API test and record both results.
Use tested proxies in reproducible developer workflows
Use the Postman desktop app with one explicit outbound proxy mode, keep API and proxy credentials separate, and preserve enough evidence to diagnose the correct layer.
Proxies for Postman and API testing: practical buying notes
This page is strongest when it connects setup details to a buying decision. Use stable private proxies when you need repeatable tests, account-safe sessions, reproducible reports or clean troubleshooting. Use cheaper semi-dedicated proxies for early testing and move important workflows to dedicated IPs once the process is proven.
| Need | Recommended proxy behavior | Related guide |
|---|---|---|
| Stable sessions | Use static or sticky private proxies. | Static vs rotating proxies |
| Troubleshooting | Test format, authentication and exit IP before scaling. | Proxy tester |
| Location-sensitive checks | Choose proxy country close to the target audience. | Choose proxy location |
What proxy type should I start with?
Start with static private proxies when accuracy and troubleshooting matter. Use rotation only when the workflow can tolerate IP changes.
Should I test proxies before using them?
Yes. Test one proxy outside the application first, then import the same working format into the real tool.
Related BuyProxies guides
These related pages help connect the setup, troubleshooting and buying decisions instead of treating each proxy problem in isolation.
Proxy authentication failed
Use this guide as the next step when you need a more specific proxy workflow.
HTTP 407 proxy authentication required
Use this guide as the next step when you need a more specific proxy workflow.
Proxy timeout errors
Use this guide as the next step when you need a more specific proxy workflow.
Best proxies for scraping
Use this guide as the next step when you need a more specific proxy workflow.
How many proxies for scraping
Use this guide as the next step when you need a more specific proxy workflow.
How many proxies for multiple accounts
Use this guide as the next step when you need a more specific proxy workflow.
