I am evaluating Katalon for my company. The initial teams that will use the chosen tool are mainly API Development teams. We have very strict security requirements, specifically relating to data. For the APIs, data means the HTTP request, response, parameters, headers, number of calls, collections, names everything and anything. No information leak.
I have not been able to find documentation on exactly what Katalon Studio sends to Katalon’s systems (regardless of where it is stored). I’ve done very thorough search on available resources but cannot find any statement on ‘this is what we store or not store for Katalan Studio’ in Katalon’s system other than the privacy policy. Specifically relating to the API request, response, and executions performed via Katalon Studio. If you have the link or information regarding the data sent to Katalon and storage of that data, please provide.
Full disclosure, we are moving away from Postman due to their recent changes
Hi,
Thank you for letting us know. If you are paid user, please submit ticket here: Katalon Help Center
What was their change? I would appreciate it if you let us know any link that tells more detail.
No, Katalon Studio does not send API data to Katalon systems by default. Katalon Studio is an open-source (free version) test automation tool that can be used to test APIs, web applications, mobile applications, and desktop applications. It is self-hosted, which means that you have complete control over where your data is stored and processed.
However, there are some Katalon products that do send data to Katalon systems. For example, Katalon TestOps is a cloud-based reporting and analytics platform that can be used to track the results of your Katalon Studio test runs. Katalon TestOps does send the results of your test runs to Katalon servers.
Another example is Katalon Recorder, a Chrome extension that can be used to record user actions on a web page and generate Katalon Studio test scripts. Katalon Recorder does send the recorded user actions to Katalon servers.
If you are concerned about the security of your API data, you can take the following steps:
- Do not use Katalon TestOps or Katalon Recorder.
- Self-host Katalon Studio and your Katalon test suite.
- Store your API credentials in a secure location.
- Use HTTPS to encrypt all communication between Katalon Studio and your API server.
You can also contact Katalon support to get more information about how to secure your API data when using Katalon Studio.