API definition security validation

View as Markdown
Performs an analysis on the given definition and returns any issues based on your [predefined rulesets](https://learning.postman.com/docs/api-governance/configurable-rules/configurable-rules-overview/). This endpoint can help you understand the violations' impact and offers solutions to help you resolve any errors. You can include this endpoint to your CI/CD process to automate schema validation. **Note:** - The maximum allowed size of the definition is 10 MB. - You must [import and enable](https://learning.postman.com/docs/api-governance/configurable-rules/configuring-api-governance-rules/) Postman's [OWASP security rules](https://postman.postman.co/api-governance/libraries/postman_owasp/view) for this endpoint to return any security rule violations.

Authentication

x-api-keystring
API Key authentication via header
OR
Authorizationstring
A valid [SCIM API key](https://learning.postman.com/docs/administration/scim-provisioning/scim-provisioning-overview/#generating-scim-api-key) for calls to SCIM endpoints.
OR
AuthorizationBasic

Basic authentication of the form Basic <base64(username:password)>.

Request

This endpoint expects an object.
schemaobjectOptional

Response

Successful Response
warningslist of maps from strings to any

Information about each issue discovered in the analysis. Each object includes the violation’s severity and category, the location of the issue, data paths, and other information. This returns an empty object if there are no issues present in the schema.

If there are issues, this returns the possibleFixUrl response in each warning object. This provides a link to documentation you can use to resolve the warning.

Errors

400
Bad Request Error
401
Unauthorized Error
403
Forbidden Error
500
Internal Server Error