4 key updates to Postman API Governance

Avatar

Postman is committed to solving API development challenges at scale. Recently, we’ve heard from folks at many large-scale organizations who are struggling to design and deploy cohesive API governance strategies. To help with these challenges, we have invested in significant enhancements to Postman API Governance. For instance, we released several big improvements in March 2023 that allow you to easily set up an API governance program and customize it to meet your enforcement needs.

Now, we’re proud to introduce four additional updates that will enable you to further personalize your API governance program and make it more robust.

Related: Enterprise best practices: successfully govern your API content and users

New API Governance Manager role

With the latest release of Postman, you no longer need an Admin role to make changes to your team’s API Governance settings. Instead, users with the Admin role can assign the new API Governance Manager role from the Manage Team section of Postman.

Assigning the API Governance Manager role to team members.

Users with this role can manage their team’s API Governance rule library—and enforce these roles in workspace groups. API Governance Managers can also access API Governance reports under the Reports section of Postman, which can help them make data-driven decisions and identify the best path forward for their team’s API governance program.

Support for custom functions

Postman already provides a comprehensive library of out-of-the-box governance rules to help you kickstart your API governance program. However, we’ve received great feedback from our users, and we’ve learned that some situations require developers to create proprietary checks for their governance rules in order to address their organizational API governance needs at scale.


Creating a custom function in Postman.

That’s why Postman now supports the use of custom functions in custom governance rules. You can use custom functions to define complex checks in JavaScript. Once defined and stored, you can reuse these functions in as many custom rules as you like. This capability, combined with the improvements we mentioned above, helps you define the perfect rule for your use case.

Editing custom governance rules

Visualizing custom governance rules is tough, and coding them in the Spectral format without any errors is even tougher. In fact, many users have asked for the ability to edit the definitions of previously created custom governance rules.


Editing an existing custom governance rule.

We’re excited to announce that the wait for this feature is over. You can hop on over to your team’s custom governance rules, click on the previously stored rule you’d like to update, and make any changes. This capability is particularly useful when you’re unsure of the exact definition that would achieve the desired result. You can now create a custom rule with a definition that you’d like to try out—and tweak it as many times as you’d like until you achieve the desired linting results for your APIs.

Postman’s OWASP API guidelines

The ability to enforce the right security policies for your APIs is non-negotiable, but the ability to do it without writing a single line of code is priceless. This latest release will help you take a step further in that direction.


Accessing Postman’s OWASP API guidelines.

You can now find a new addition to the Postman rule library called “Postman’s OWASP API guidelines.” These guidelines are curated by Postman to help you address growing security concerns that are identified in the OWASP top 10 project for APIs. Enforcing the rules from this set of guidelines can help you flag potential security risks earlier in the API development process—and address them without breaking a sweat.

These updates to the Postman API Platform will make it easier for you to further mold a comprehensive API governance program that can support your needs.

If you’re interested in establishing consistency across large, distributed systems or bringing order to a chaotic API landscape, consider trying out Postman API Governance. We would love to hear more about your Postman experience. Your feedback helps improve Postman’s capabilities with each subsequent release!

Try Postman now

What do you think about this feature? Tell us in a comment below. You can also give product feedback through our Community forum and GitHub repository.

Comment

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 thought on “4 key updates to Postman API Governance