Track governance and security rule violations in the API definition

Postman supports API governance and API security rules for API specifications in OpenAPI 3.1, OpenAPI 3.0, and OpenAPI 2.0 format.

Rule customization. Enterprise teams can also customize the rules that Postman applies to API specifications. For more information, see Configure API governance rules and Manage API security rules.

Check rule violations in the API Builder

To check the governance and security rule violations in an API specification in the API Builder, do the following:

  1. Select APIs in the sidebar, and then select the API you want to review.

  2. From the API overview page, in the Definition section, select View files.

    You can also select APIs in the sidebar, then select the API specification file directly.

  3. Select Rule to see the list of rule violations.

OpenAPI 3.0 rule violations in API Builder

To learn more about how rule violations can help you create consistent and secure API specifications, see Viewing rule violations in your API definition.

Check rule violations in Spec Hub

To check the governance rule violations in an API specification in Spec Hub, do the following:

  1. Select Specs in the sidebar, and then select an API specification you want to review.
  2. Below the specification editor, select issues in specification to see the list of rule violations.

OpenAPI 3.0 rule violations in Spec Hub

To learn more, see View rule violations in your specification.

Track governance and security rule violations in CI/CD

This feature is available with Postman Enterprise plans.

You can configure your CI/CD pipelines to enforce the API Governance and Security rules configured for your team with the help of the Postman CLI.

On the Postman CLI configuration page, select Run Governance and Security rules. This will generate the Postman CLI configuration. You can use this in your CI/CD configuration to enforce your API Governance and API Security rules each time the CI/CD pipeline runs.

Generate the Postman CLI configuration

To see the results, go to the build run page and use the arrows to expand the desired build. Next, expand the API specification to see the build's results and any rule violations, if applicable.

Next steps

For the list of all the rule violations that Postman might show at the API specification phase of development, see OpenAPI 3 rules and OpenAPI 2 rules.

Last modified: 2024/07/01

Postmanaut dancing. Illustration.

Additional resources

Explore ready-to-use Collection Templates, build API-first workflows with Postman Flows, and more!

Collection Templates

Integration testing
REST API basics
API documentation
Authorization methods

Flows Templates

Add HubSpot contacts to Mailchimp lists
Create Airtable records from new deals in HubSpot
Create or update HubSpot contacts from customers on Stripe
Search Zendesk for tickets with Tag using Create with AI

Popular videos

Postman Flows: Build API Applications Visually
Streamline LLM Integration with Postman's AI Protocol
API Basics: What is an API and How Does It Work?