Postman supports API governance and API security rules for API specifications in OpenAPI 3.1, OpenAPI 3.0, and OpenAPI 2.0 format.
Rule customization. Enterprise teams can also customize the rules that Postman applies to API specifications. For more information, see Configure API governance rules and Manage API security rules.
To check the governance and security rule violations in an API specification in the API Builder, do the following:
Select APIs in the sidebar, and then select the API you want to review.
From the API overview page, in the Definition section, select View files.
You can also select APIs in the sidebar, then select the API specification file directly.
Select Rule to see the list of rule violations.
To learn more about how rule violations can help you create consistent and secure API specifications, see Viewing rule violations in your API definition.
To check the governance rule violations in an API specification in Spec Hub, do the following:
To learn more, see View rule violations in your specification.
This feature is available with Postman Enterprise plans.
You can configure your CI/CD pipelines to enforce the API Governance and Security rules configured for your team with the help of the Postman CLI.
On the Postman CLI configuration page, select Run Governance and Security rules. This will generate the Postman CLI configuration. You can use this in your CI/CD configuration to enforce your API Governance and API Security rules each time the CI/CD pipeline runs.
To see the results, go to the build run page and use the arrows to expand the desired build. Next, expand the API specification to see the build's results and any rule violations, if applicable.
For the list of all the rule violations that Postman might show at the API specification phase of development, see OpenAPI 3 rules and OpenAPI 2 rules.
Last modified: 2024/07/01