Enforce API governance and security rules for your team in Postman

Configurable API governance and API security rules are available on Postman Enterprise plans.

You can customize the API Governance and Security rules that Postman applies to your API definitions and requests. Postman notifies team members if their API definitions and requests violate the configured governance and security rules. This enables team members to keep APIs consistent and secure in your team.

Configure governance rules

You can configure API Governance rules that Postman applies to your API definitions. You can use existing governance rules from the rule library or create custom governance rules. Then you can apply those rules to specific workspaces in your team.

You can also create custom governance functions and use them in your custom governance rules.

Configure security rules

You can configure API Security rules that Postman applies to your API definitions and requests. You can apply existing security rules to your API definitions and requests. You can also create and apply custom security rules to your API definitions.

Custom governance rule and function guidelines

Postman supports Spectral for custom governance and security rules, and custom governance functions. For more information about using Spectral in Postman, see the following:

• Learn how to write custom governance and security rules using Spectral and configure Spectral rule properties.

• Learn how to write custom governance functions using Spectral and use them in your custom governance rules.