Skip to content

Setup

This article describes how to enable and configure API Security Testing via Postman.

1. Add Wallarm's MCP server

  1. In Postman, access its AI Agent.

  2. In AI Agent panel, click Configure ("gear"), and select Configure MCP servers.

  3. In displayed MCP Servers tab, click Add ("plus") and do one of the following:

    • Select Wallarm Rogue MCP from the list of the featured MCP servers

    • Or just click Edit config and save the following to it:

      {
    "mcpServers": {
        "Wallarm Rogue MCP": {
            "command": "npx",
            "args": [
                "-y",
                "rogue-mcp@latest"
            ],
            "env": {
                "WALLARM_API_TOKEN": "YOUR_WALLARM_API_TOKEN"
            }
        }
    }
}

2. Get Wallarm credentials

To use the extended functions of Wallarm's MCP server, you need to obtain a WALLARM_API_TOKEN and paste it into the MCP server configuration in Postman. The flow depends on whether you are a new or existing Wallarm user.

New users:

  1. Go to roguemcp.wallarm.com.

  2. Create a Wallarm account and obtain the Rogue MCP subscription.

  3. Copy the provided API token and paste it as the WALLARM_API_TOKEN value in your MCP server configuration in Postman.

Existing users:

  1. Contact Wallarm Support to get the Rogue MCP subscription.

  2. Once the subscription is active, go to Wallarm Console → SettingsAPI Tokens and create a token of the Rogue MCP type.

  3. Copy the token and paste it as the WALLARM_API_TOKEN value in your MCP server configuration in Postman.

3. Ask to test the collection

With Wallarm's MCP server and credentials in place, use natural language in Postman Agent Mode to ask for a security test. For example: "Please, test the collection for security issues with Wallarm."

The Agent runs the tests (typically 2–3 minutes) and responds with a report; results are also sent to Wallarm Cloud. To interpret them, see Exploring Results.