Big improvements to Postman API Governance

Last year, as part of Postman v10, we released the ability to set up an API governance program with the click of a few buttons. This feature allowed organizations to take a deeper look at their API landscape and understand if the various APIs they’ve produced are consistent. This was our first step towards enabling organizations to start enterprise governance programs and define API policies at an organizational level. Our ability to identify governance violations and inform API producers early in the API development lifecycle was well-received by our customers.

While we gathered more feedback for Postman v10, it became apparent that every organization has different focus areas and different approaches to executing an API governance program. This uncovered the need for a broader solution to help organizations start their API governance initiatives with greater ease and flexibility. All improvements to Postman API Governance that we’ve made since Postman v10 have been geared towards serving this need.

Let’s dive deeper into how the Postman API Platform is now better equipped with a holistic approach to API governance.

Related: Enterprise best practices: successfully govern your API content and users

Introducing the enhanced rule library

Are there any well-known best practices for API design? How can I leverage the Postman API Platform to enforce them?

Based on our observation, most governance programs start with industry best practices set forth by API leaders or dedicated technological foundations. These programs are intended to make APIs achieve a higher standard of quality and consistency. However, setting up such a program is a pain-staking and time-consuming process, particularly if it needs to scale across hundreds or thousands of APIs at a large organization.

The enhanced rule library in Postman allows you to bootstrap your organization’s API governance program using Postman’s API Governance Guidelines or Zalando’s RESTful API and Event Guidelines. We found these guidelines to be relevant across industry domains, and we believe that they will benefit organizations in kick-starting their API governance journey with Postman.

Enhanced rule library in Postman

In addition to the guidelines we natively support, you can also submit a request for new guidelines to be added through our GitHub issue tracker, which is linked on the same page. We’re already in the process of bringing more guidelines to bolster your API governance program with subsequent releases.

Introducing the new rule creation experience

I’m not familiar with this Spectral tooling that you leverage in Postman. How am I supposed to draft custom rules for my organization?

In the past, API architects and designers would have to spend time going through lengthy documentation before figuring out how to define a governance rule with Spectral. This valuable time can be better utilized on defining which aspects of an API need to be governed—and what the ideal state of the API might look like.

Postman’s new rule creation experience is aimed at addressing this pain point. Gone are the days when defining a governance rule in Postman required in-depth knowledge or prior experience with Spectral.

New governance rule creation in Postman

Whenever you create a custom governance rule for your team, you are presented with a boilerplate definition to show you how a rule would look after completion. The rule editor in Postman also provides you with in-line suggestions of what components to add to your rule, as well as pre-built snippets on the side, which allows you to inherit frequently used patterns in your rule definition at the click of a button.

This new experience helps you define your governance rules faster—and with fewer errors.

Introducing workspace groups

My organization has different business functions, which cater to different business requirements through their APIs. How can I use Postman to enforce different standards, as per my need?

Standards for APIs may vary according to the API’s state of maturity, the kind of data it deals with, or the set of business needs it caters to. Organizations often want to set different standards for different teams based on the problems they are solving. For example, the standards for external-facing APIs might be different than the standards for internal APIs. The improved API governance tooling in Postman has got you covered for this, as well.

Postman now supports the creation of workspace groups. As shown below, you can simply add the required governance rules and enforce them on the workspaces in this group.

Workspace groups in Postman

You also have the ability to add or remove both workspaces and rules from workspace groups as needed. This allows you to establish your API governance program at any scale, starting from a set of a few APIs to thousands of APIs at an API-centric organization that is building and updating them at a rapid pace.

These new features can save massive amounts of time and start addressing API governance at scale. Individual developers can worry less about ensuring their APIs conform to governance rules because they know this will automatically be checked. Additionally, API governance leaders can spend less time going through documentation for API governance tooling or attending meetings with other teams and stakeholders. Instead, they can simply identify the right set of governance rules that are applicable to the right set of APIs.

At Postman, we’re committed to providing you with the best-in-class tooling and product in an API-first world. We want to help solve your API pain points and make it easier for you to scale your API programs. As always, we are excited to see how your APIs become the primary building blocks of modern software, and we look forward to your continued feedback.

Try Postman now

What do you think about this feature? Tell us in a comment below. You can also give product feedback through our Community forum and GitHub repository.

Comment

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.