Manage API Security rules in Postman

Configurable security rules are available on Postman Enterprise plans with the API Builder add-on. If you don't have an Enterprise account, you'll be able to see the API Security page, but you won't be able to turn rules on or off.

Following API security rules enables you to keep your API secure and consistent. Team Admins with a Developer role can configure security rules.

From the API Security tab, you can manage request-level security rules by turning them on and off as needed. To define and customize definition-level security rules, use the API Governance tab, where you can edit, turn on, or turn off these rules.

API Security configuration page

Learn about viewing security rule violations in API definitions and security warnings in requests.

Turn configured rules on and off

Your team can turn individual security rules on or off to meet your development needs:

  • To turn a security rule on, select the toggle next to the rule name. You and your team members will see violations for this rule in your API's definition.
  • To turn a security rule off, select the toggle next to the rule name. You and your team members won't see violations for this rule in your API's definition.
Turn individual rules on and off

Last modified: 2024/12/09

Additional resources

Blog posts

Introducing API Security in Postman v10
Postmanaut dancing. Illustration.