Logo
15_Days_of_Postman_-_for_testers_IvanKo API Documentation

API definition security validation

POST {{baseUrl}}/security/api-validation

Performs an analysis on the given definition and returns any issues based on your [predefined rulesets] This endpoint can help you understand the violations' impact and offers solutions to help you resolve any errors. You can include this endpoint to your CI/CD process to automate schema validation.

For more information, see our [Rule violations in the API definition] documentation.

Include the following properties in the request body:

  • type — A string value that contains the API definition's type. One of:
    • openapi3
    • openapi2
  • language — A string value that contains the API definition's language. One of:
    • json
    • yaml
  • schema — A string value that contains the API definition's contents.

Note:

  • The maximum allowed size of the definition is 10 MB.
  • You must [import and enable] OWASP security rules in Qodex for this endpoint to return any security rule violations.

 

Body PARAM

Key Datatype Required Description 



HEADERS

Key Datatype Required Description 




RESPONSES

status OK

{ "warnings": [ { "slug": "POSTMAN_OWASP_GOVERNANCE_RULE_0005", "severity": "WARN", "message": "Security field is not defined", "location": { "start": { "line": 1, "column": 0 }, "end": { "line": 75, "column": 21 } }, "dataPath": [], "possibleFixUrl": "https://go.pstmn.io/openapi3-security-warnings#security-field-is-not-defined", "category": { "name": "governance", "slug": "governance" }, "vulnerability": { "name": "Security field is not defined", "slug": "POSTMAN_OWASP_GOVERNANCE_VULNERABILITY_0005" }, "type": "governance", "checksum": "ff10236473b8bc137ecdb94c282de9375503772beffffd02eb7aa957e1a3e873" }, { "slug": "POSTMAN_OWASP_GOVERNANCE_RULE_0017", "severity": "WARN", "message": "Operation does not enforce any security scheme.", "location": { "start": { "line": 16, "column": 8 }, "end": { "line": 36, "column": 50 } }, "dataPath": [ "paths", "/spacecrafts/{spacecraftId}", "get" ], "possibleFixUrl": "https://go.pstmn.io/openapi3-security-warnings#operation-does-not-enforce-any-security-scheme", "category": { "name": "governance", "slug": "governance" }, "vulnerability": { "name": "Operation does not enforce any security scheme.", "slug": "POSTMAN_OWASP_GOVERNANCE_VULNERABILITY_0017" }, "type": "governance", "checksum": "7760d7354c85b925141d708e14ecaef6512ef20a5b89ba8c722d1fc16c1e5b02" } ] }


Curl
curl -X POST 'https://api.getpostman.com/security/api-validation' -d '{"schema":{"type":"schemaType","language":"schemaLanguage","schema":"schemaBody"}}'

  • FAQs

  • More

    Claim this page

    Report this page

ENDPOINTS