API Governance and API Security in Postman

API Governance is available with Postman Enterprise plans. API Security is available with Postman Enterprise plans with the API Builder add-on. Learn more about Postman plans.

The Postman API Governance and Postman API Security features identify inconsistencies or weaknesses in your APIs and recommend possible fixes or improvements that follow industry best practices. These features enable you to automate your organization’s governance and security review processes instead of relying on manual reviews.

API governance is the practice of defining and applying development rules that promote consistent API behaviors across your organization’s API landscape. And a robust API security posture means that your organization has development rules that promote security-first API behaviors.

Postman applies API governance and API security rules at the following phases of API development:

  • API specification - See rule violations that might impact your specification’s governance and security postures.
  • API requests - See rule violations when you send requests to any API using either the Postman web app or the Postman desktop app.

Enterprise teams can also create custom rules. See Enforce API governance and security rules for your team in Postman for more details.

Last modified: 2025/09/12


Postmanaut illustration for Administer Postman section.