Notifications
Clear all
Topic starter
24/06/2026 6:58 pm
TL;DR: Insomnia 12.6 adds native Git CLI support for API workspaces, expands dynamic mocking to cloud-hosted mock servers, and extends unmanaged-user export and deletion controls, according to Kong. The release matters because it folds API testing, collaboration, and admin cleanup into workflows security and platform teams already use, rather than forcing separate tooling layers.
NHIMG editorial — what this means for NHI practitioners
Questions worth separating out
Q: How should teams govern API testing tools that store workspace files in Git?
A: Treat the workspace as a governed software asset.
Q: Why do unmanaged users in developer tools create IAM risk?
A: Unmanaged users create IAM risk because they sit outside the source of truth that governs joiner, mover, and leaver processes.
Q: What breaks when mock servers can evaluate responses at request time?
A: What breaks is the assumption that test infrastructure is static and low risk.
Practitioner guidance
- Map API workspaces to source-control controls Treat Insomnia project files as governed repository assets, with branch protection, review requirements, and commit traceability for changes that affect shared collections or specs.
- Reconcile unmanaged users against the identity provider Use the CSV export of unmanaged users to compare tooling access with your directory, then remove dormant accounts and correct ownership before they become review blind spots.
- Define approval boundaries for dynamic mock logic Restrict who can edit request-time templates, faker logic, and response shaping rules, especially where mock servers are shared across teams or mirrored into cloud environments.
What's in the full announcement
Kong's full product release covers the operational detail this post intentionally leaves for the source:
- Step-by-step examples of native Git CLI use with Insomnia projects and local file sync
- Exact setup notes for dynamic mocking on cloud-hosted mock servers
- The unmanaged-user export workflow and deletion behaviour for cleanup cases
- Migration guidance for teams moving from older workspace habits into Git-native API testing
👉 Read Kong's product release on Insomnia 12.6 and Git-native API testing →
Git-native API testing in Insomnia 12.6: what changes for teams?
Explore further
25/06/2026 4:02 am
API tooling is now part of identity governance, not just developer ergonomics. When API workspaces live in Git and mock servers execute request-time logic, the control boundary moves closer to the software supply chain. That means access to collections, mocks, and repo state can affect what gets tested, shared, and shipped. The implication is that API platforms should be governed like operational systems with identity, change, and audit requirements attached.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to the same report.
A question worth separating out:
Q: Who should own API workspace cleanup when local and cloud state diverge?
A: Ownership should sit with the team that controls the workspace lifecycle, usually platform engineering or the API programme owner, with IAM or security involved when access records and identity state diverge. The key is to define who can delete, who can restore, and which state is authoritative when sync drift appears.
👉 Read our full editorial: Insomnia 12.6 tightens Git-native API testing for teams
