Enforce API governance and security rules for your team in Postman

Configurable API governance rules are available with Postman Enterprise plans. Configurable API security rules are available with Postman Enterprise plans with the API Builder add-on. Learn more about Postman plans.

You can customize the API Governance and Security rules that Postman applies to your API specifications and requests. Postman notifies team members if their API specifications and requests violate the configured governance and security rules. This enables team members to keep APIs consistent and secure in your team.

Configure governance rules

You can configure API Governance rules that Postman applies to your API specifications in the API Builder and Spec Hub. You can use existing governance rules from the rule library or create custom governance rules. Then you can apply those rules to specific workspaces in your team.

You can also create custom governance functions and use them in your custom governance rules that Postman applies to your API specifications in the API Builder.

Manage security rules

You can manage API Security rules that Postman applies to your requests, and you can also apply existing security rules to them.

Custom governance rule and function guidelines

Postman supports Spectral for custom governance and security rules and custom governance functions. For more information about using Spectral in Postman, see the following: