Manage API Security rules in Postman

Configurable security rules are available with Postman Enterprise plans with the API Builder add-on. If you don't have an Enterprise account, you'll be able to see the API Security page, but you won't be able to turn rules on or off.

You can customize the API Security rules that Postman applies to your requests. Following API security rules enables you to keep your API secure and consistent. Team Admins with a Developer role can configure security rules.

API Security configuration page

To access the configurable API Security rules at the request level, do the following:

  1. Go to the Postman home screen.
  2. Select API Security from the team information pane.

To define and customize security rules at the specification level, learn about configuring API Governance rules.

Learn about viewing security warnings in requests and security rule violations in API specifications.

Turn configured rules on and off

Your team can turn individual security rules on or off to meet your development needs:

  • To turn a security rule on, select the toggle next to the rule name. You and your team members will see violations for this rule in your API's specification.
  • To turn a security rule off, select the toggle next to the rule name. You and your team members won't see violations for this rule in your API's specification.
Turn individual rules on and off

Last modified: 2024/12/09

Postmanaut dancing. Illustration.

Additional resources

Explore ready-to-use Collection Templates, build API-first workflows with Postman Flows, and more!

Collection Templates

Integration testing
REST API basics
API documentation
Authorization methods

Flows Templates

Add HubSpot contacts to Mailchimp lists
Create Airtable records from new deals in HubSpot
Create or update HubSpot contacts from customers on Stripe
Search Zendesk for tickets with Tag using Create with AI

Popular videos

Postman Flows: Build API Applications Visually
Streamline LLM Integration with Postman's AI Protocol
API Basics: What is an API and How Does It Work?