Postman Solutions

Launching and maintaining API security and governance programs

Easily launch an enterprise-wide API security and governance program with templated workflows built into Postman or migrate and scale the program from a single source of truth. Rules can also be customized or built from scratch and shared within the Postman to ensure producers and consumers have the postures and controls on the same platform where they're developing APIs.

Postman API Governance. Illustration.

Key features

API template library

Best practice rules and postures including OWASP top 10.

Custom security rules builder

Governance and security teams can build custom security rules that are accessible across the API platform for compliance throughout the API lifecycle.

Proactive issue fixes

Proactively surface fixes, suggestions, and tips when a security check fails so that developers can quickly take corrective actions.

Reports and dashboards

Monitor the success of the organizations' API governance and security programs and help organizations shift left on security. Manage the adoption of the governance rules across APIs and teams.


With Postman, you can:

  • Reusability of APIs

    Foster consistent and compliant API design and distribution which are discoverable by developers organization-wide thru Postman's Private API Network

  • Security and governance visibility at every stage

    Aligning security postures and governance style guides alongside API life cycle development allows developers to deliver higher quality and more effective products with less rework later

  • Organization-wide clarity

    Engineering leadership has complete visibility into how APIs are meeting standards, postures, and guidelines

Postmanaut checking list. Illustration.

Process within the Postman platform

Launching and maintaining API security and governance programs. Diagram.

API teams build organizational-wide rule sets for API Security and Governance by leveraging the Postman Template library, which includes the OWASP Top 10. Or, build custom rules to suit your needs. After you design your rules, Postman can apply them at every step of the API lifecycle, ensuring the APIs conform to the postures and guidelines you require. What if your rules need to be updated or reviewed? In that case, your API security and governance teams can collaborate directly within the Postman platform to evolve the rules so that they meet your needs.


See API Governance and Security in Action:

Explore Postman Template Library for common security and governance rules

Admins in your team are authorized to manage the governance rules. You can also utilize Postman's pre-built governance rules library to expand your program.

Explore Postman Template Library for common security and governance rules. GIF.

Security checks for API definitions are incorporated into existing developer workflows

Each governance violation is shown to a collaborator along with its severity as defined by the organization. Violations for rules included in the Postman rule library also contain a reference to the Postman Learning Center explaining the impact of the violation and possible ways to remedy it.

Security checks for API definitions are incorporate into existing developer workflows. GIF.

Easily build custom rules

Spectral is a linting engine that helps you define custom rules and execute them on JSON and YAML OpenAPI v2 and v3.x specifications.

Easily build custom rules. GIF.

Learn more

Exploratory: API Governance

API governance refers to the implementation of policies that standardize how APIs are designed, built, and deployed across an organization. It is the application of rules to promote a consistent set of behaviors across the company's API landscape.

Introducing API Security in Postman v10

Learn more about Postman's API Security features.

Security and Governance Rules for API Definitions

API governance and security features offer you guidance for APIs as you design your API definition and send requests. This video shows you how to set, edit, and use rules in Postman.

Staying Relevant with an Iterative API Governance Strategy

API governance refers to the implementation of policies that standardize how APIs are designed, built, and deployed across an organization.

Create Effective Feedback Loops for Better API Governance

Healthy API governance initiatives at the enterprise level require effective feedback loops that power the business flywheel.

Breaking Changes - "The Smart Benefits of API-First"

Chander Shivdasani, Vice President at Marcus by Goldman Sachs for a conversation about the contracts-first approach to API infrastructure at Goldman Sachs.


Recent announcements

Bring your APIs into Postman faster than ever

Postman is the industry’s de facto API development platform, used by more than 25 million developers worldwide. However, we understand that, at…

Read more →

Big improvements to Postman API Governance

Last year, as part of Postman v10, we released the ability to set up an API governance program with the click of…

Read more →

Introducing Postman’s new Guest role to share collections instantly

When working with APIs, the hardest problems are not just technical problems, but also people problems. Designing and building an API requires…

Read more →

Contact sales today

Tell us a little bit more about your organization and we'll get in touch with you.

If you're a phone person, feel free to give us a call at +1 415 529 4564

Looking for support? Visit the Postman Support Center or email help@postman.com.