Introducing the API Network Manager Role and Approval Process
On the Private API Network, APIs are made up of an API definition and other resources such as collections, environments, and mocks/tests. As of today, only Super Admins or Editors who have access to an API can share an API directly to the Private API Network.
However, as an organization grows, so does the number of APIs the company will build. Many growing organizations begin to adopt the API-first mentality or build API governance teams. With API-first development, consistency is key. The first step is knowing how many APIs you have, and this is where the Private API Network comes in. Having API governance helps provide consistency through processes. Governance processes help ensure APIs are consistent across an entire organization by preventing problems such as duplicate code, tight coupling between components, unreliability, and too many services.
For these organizations, taking inventory and ensuring consistency through Postman on the Private API Network can be a very manual and security fraught process. Ensuring that API quality is high means ensuring the right users have access across many workspaces, and restricting a user’s ability to add the Private API Network is not possible.
That’s why we’re excited to introduce the new API Network Manager role and approval process for Private API Network.
API Network Manager
With the new API Network Manager role, users can be treated as an admin and curator on the Private API Network. Users who are given the API Network Manager role will be able to add any API in the team to the Private API Network without having to be a Super Admin. API Network Managers will also be able to create folders and manage other aspects of APIs on the Private API Network.
In the future we are looking at enabling API Network Managers to have control over which APIs an individual user or user group can view on the Private API Network.
Approval process
Along with the new API Network Manager role, we are also introducing a new optional approval process workflow. You can enable the approval process workflow through the Private API Network settings page under Team Settings:
Once you’ve enabled the approval process workflow, users with an Editor role for an API will need to request to add the API to the Private API Network:
Once you request an API for approval, users with the API Network Manager role will receive a notification, via email and in-app, asking them to approve or deny the request.
You can also find pending requests from the sidebar in the Private API Network under the Pending API Requests, as well as a notification box detailing that there are pending requests directly on the homepage:
When a user with the API Network Manager role visits the Pending API Requests page, they will see a list of APIs that are pending approval along with a set of actions they can take:
Once you approve an API, users with the API Network Manager role and any users who are editors of the API will receive notifications (via email and in-app) detailing that the API request has been approved and was added to the Private API Network:
When you go to deny a request you can optionally provide a reason. Once you deny a request, users with the API Network Manager role and any users who are editors of the API will receive a notification that the request was denied along with the reason you provided.
Hopefully, by adding the approval process flow to Postman’s Private API Network, organizations can ensure consistency by ensuring APIs on the Private API Network are approved based on API governance practices. And, API Network Managers are not bottlenecks to content curation while maintaining security through role management.
How to get started
The API Network Manager role and approval process are available on Postman’s Enterprise plan (see all Postman plans). To get started with these new features, head over to the Team Roles and Permissions section to start assigning users the API Network Manager role and enabling the approval workflow for the Private API Network.
What do you think about this feature? Tell us in a comment below. You can also give product feedback through our Community forum and GitHub repository.