Configure API Governance rules in Postman

Configurable governance rules are available on Postman Enterprise plans. If you don't have an Enterprise account, you'll be able to see the API Governance page, but you won't be able to turn rules on or off or add new rules.

You can customize the API Governance rules that Postman applies to your API definitions. Adhering to these API Governance rules at the start of the API lifecycle keeps your API consistent without requiring extra work at later stages. This can prevent unnecessary delays for your organization.

Super Admins and API Governance Managers can configure rules and turn them on and off for workspaces within your team.

API governance dashboard

Accessing the configurable API Governance rules

  1. Go to the Postman home screen.
  2. Select API Governance from the team information pane.

Adding rules to your API Governance configuration

In addition to the rules turned on by default in Postman, you can add other rules to your team's rule library from the rule library. You can also create your own custom rules.

Importing rules from the rule library

The rule library has Postman's API governance guidelines, Zalando's RESTful API and event guidelines, and Postman's OWASP API guidelines.

  1. Select the Rule Library tab, and then select the Rules tab.

  2. Select Import to open the rule library.

  3. Select Import next to a rule to import it. Details and API format requirements are available under the rule name.

    You can select View all below a set of guidelines to view all of its rules. To import all rules for a particular set of guidelines, select Import All.

    Import API Governance rule from Postman library

  4. Once you import new rules from the library, add the rules to a workspace group to turn them on for the workspaces in the group.

Adding custom rules

You can create new custom governance rules for Postman to evaluate your API's definition. Postman provides you with a boilerplate rule to help you start writing your custom governance rules. You can also use snippets of commonly-used property-value pairs to help you write your custom governance rules.

To add a custom rule, do the following:

  1. Select the Rule Library tab, and then select the Rules tab.

  2. Select Create Rule.

  3. Define the rule in the editor. It must adhere to custom rule guidelines.

    You can use a curated list of commonly-used property-value pair snippets to write your rules. Snippets are available in the right pane of the editor. Selecting a snippet adds the property-value pair automatically to your rule, helping you get started quickly with writing rules. Once added to your rule, you can edit the snippets to meet your specific requirements.

    Postman will prompt you with suggestions as you enter text. Select one to autocomplete your rule.

    You can write and add custom functions to your custom governance rules. For more information, see Adding custom governance functions.

  4. The rule must be valid YAML or JSON. Use the dropdown list to choose the correct syntax.

  5. Select Create. You can find your new rule under Created by your team.

    Create a custom API Governance rule

  6. Once you add a custom rule, add the rule to a workspace group to turn it on for the workspaces in the group.

You can also select Upload file(s) to upload a new rule in valid YAML or JSON format.

You can't create a custom rule that duplicates an existing rule.

Turning configured rules on and off

You can turn individual governance rules on or off for various workspaces to meet your team's development needs. To do so, select the Workspace Groups tab. You can create a new group of workspaces to apply individual governance rules to by selecting Create Group, or you can select an existing group to update its governance configuration. To apply individual governance rules to all workspaces, select the default All workspaces group.

To turn a governance rule on or off for a workspace group, select an existing group, and then select Edit. To turn a governance rule on, select the checkbox next to the rule name. To turn a governance rule off, clear the checkbox next to the rule name.

Turn individual rules on and off

Once you've made the desired changes, select Review Changes, then Apply Changes to save them. Your team will only see violations in your API's definition for the governance rules that have been explicitly applied to the workspace it resides in.

Editing rules from your API Governance configuration

You can edit custom governance rules you created earlier.

  1. Select the Rule Library tab, and then select the Rules tab.

  2. Under Created by your team, select the name of the custom rule you'd like to edit.

    Create a custom API Governance rule

  3. Edit the custom rule, and then select Save.

Removing rules from your API Governance configuration

To remove an API Governance rule, locate the rule in your team's rule library and select the delete icon Delete icon next to its name. You can later choose to re-import it from the rule library.

If you remove a custom rule using the delete icon Delete icon, you'll need to add it back into Postman using Create Rule if you want to use it again.

Last modified: 2023/03/06

Additional resources

Videos

API Security and Governance Part 1: Automating Governance
API Security and Governance Part 2: Customizing Governance with Spectral Rulesets
Set Up Enterprise-Wide API Governance with .NET Core + Spectral | Postman Enterprise

Blog posts

Big improvements to Postman API Governance
Postmanaut dancing. Illustration.