Using Postman Testing for API Governance

I have been evolving my approach to API governance with Postman since I started working there 1.5 years ago, but recently I am finding more time to invest in how I am “testing” the surface area of an API using it’s OpenAPI, and rolling I tall up in a public workspace I am simply calling governance. It is a slightly different approach then what you see with other JSON Schema centered approaches, which is something I am evolving side by side, but for this workspace of API governance collections I was going for a more free form, scripted based approach, where I may or may not use a JSON Schema to validate. To help me prepare for my upcoming conversations I wanted to record a walkthrough of my API governance workspace as it stands today.

I am just getting started with this work. The scripts I have are still pretty hacky, and need a lot of work, but it provides me with a set of API governance collections that anyone can implement, but then also evolve to meet their own needs. I am purposefully publishing these API governance “tests” or “questions” as a suite of different collections, with each question as an individual request. I am counting on them being a very modular buffet of what is possible with API governance. Ideally these just help jumpstart the imagination of developers who have better JavaScript skills than I do, so I can just start forking and working with others API governance collection, but until that happens I’ll make do with my tacky versions. ;-) They get the job done and demonstrate what is possible.

I am just looking to showcase how you can use existing Postman testing capabilities for API governance with this public workspace. I am hoping that the use of existing Postman capabilities for testing, and the ability to script API governance tests in JavaScript will make the approach more familiar to developers. Ultimately I am looking to demonstrate how Postman can be used to test APIs, as well as govern the design of an API, which I hope will open the flood gates when it comes to realizing that the API lifecycle has APIs. Which is something that opens up API governance to be more than just API design governance, and something that can be applied to documentation, monitoring, security, testing, or even governance itself—-mind blown! I have had this work in a public workspace for a couple months now, but just now getting back to moving forward, so stay tuned for more on API governance in coming months.