Enforce API governance and security rules for your team in Postman

Configurable API governance and API security rules are available on Postman Enterprise plans with the API Builder add-on.

You can customize the API Governance and Security rules that Postman applies to your API definitions and requests. Postman notifies team members if their API definitions and requests violate the configured governance and security rules. This enables team members to keep APIs consistent and secure in your team.

Configure governance rules

You can configure API Governance rules that Postman applies to your API definitions. You can use existing governance rules from the rule library or create custom governance rules. Then you can apply those rules to specific workspaces in your team.

You can also create custom governance functions and use them in your custom governance rules.

Manage security rules

You can manage API Security rules that Postman applies to your requests, and you can also apply existing security rules to them.

Custom governance rule and function guidelines

Postman supports Spectral for custom governance and security rules, and custom governance functions. For more information about using Spectral in Postman, see the following:

• Learn how to write custom governance and security rules using Spectral and configure Spectral rule properties.

• Learn how to write custom governance functions using Spectral and use them in your custom governance rules.