Client Id enforcement on Mule 4 API

Author: Kishori Patil

Content:

  • It is very important to authenticate the consumer of your API and secure your API
  • For that, you can apply different policies
  • Using API Manager, you can configure and apply policies to an API instance
  • Here we will see how we can apply the client id Enforcement policy to your application in detail
  • Designing API Specifications in Design Center
  • Creating an API using API Manager
  • Implementation Of Application in Anypoint Studio
  • Adding Autodiscover element
  • Deploying Application in Runtime manager to activate API auto-discovery
  • Requesting Access to the API using Exchange
  • Applying a Policy using API Manager

SETUP :

  • Designing API Specifications in Design Center:
  1. Login to your Anypoint platform account and click on “Start Designing.”

2. Click on create new and select New API Spec.

3. It will open a new window as below. Give a name to your API spec and click on create API specification. It will create a basic structure of API.

4. Write RAML as per your requirement:

5. Then click on publish button and select publish to exchange.

6. Goto Exchange, and you can see that a newly created API is published.

7. If you click on /hello and get, you can see clientid, and clientsecret is required to send the request.

  • Creating an API using API Manager:
  1. Once the API is published, go to API Manager and click on Manage API> manage API from Exchange.

2. Select the name of the API, and it will automatically take the below details. Check on mule application, basic endpoint, and MULE4, and click on save.

3. API is created in API manager, but as you can see, API status is INactive. API ID is created for this API, as shown below. (17063791)

  • Implementation Of Application in Anypoint Studio:
  1. Open your Anypoint studio and create a new mule project by selecting file>new>mule project.

2. Give a name to your project and click on + present below import a published API as follow:

3. Then click on Add Account and log in with your Anypoint username and Password where you have published the API in the previous step.

4. Now, the Anypoint account is added. Type name of your API . select that, and click on Add and finish.

5. Again, click on finish.

6. You can see the new project is scaffolded as follows. Depending upon resource/method, a pair number of flows are created. In our case, only one flow for resource /hello with method get is created, and 2 expected flows, one of which is API console flow and the other one is API kit router flow.

7. Create a new configuration file by clicking on file> new > mule configuration file as follows and name it as Implementation:

8. Create a flow with logger and a transform message as below:

9. Add flow reference in get:\hello:demoapp-config flow of demo-app.xml as follows. It will go to the Implementation flow.

  • Adding Autodiscover element
  1. Now create one more mule configuration file called global (global.xml)to add all configuration elements in one file. Goto global of that file and click on create. Select autodiscovery.

2. Add the API ID we got when we created the API in API manager, and the flow name will be the name of flow where your APIKIT router is present.

3. This will create an autodiscovery config element as follows:

  • Find credentials for Environment where you will deploy this application
  1. GO to Access Management and click on Environment. Then click on the sandbox.

2. It will show you credentials for that Environment. You will need these credentials when you deploy the application to cloudhub.

  • Deploying Application in Runtime manager to activate API auto discovery
  1. Now your application is ready. Select file>export in Anypoint studio. Select the folder where you want the jar to be created and click finish. This will create a deployable jar.

2. Now go to Anypoint platform> Runtime manager. Give a name to your app and select the created jar in the previous step. Add the following properties and click on deploy. Add the following properties in the properties tab

anypoint.platform.client_id=29eef98b74694cf6a7f471db9ec6bb29

anypoint.platform.client_secret=895446726E7142609d26C43B9fFb589f

3. If you are testing the above 2 properties locally, you have to write 2 more properties in the config property file. Cloud only credentials are required as the below 2 can be taken automatically at runtime.

anypoint.platform.analytics_base_uri=https://analytics-ingest.anypoint.mulesoft.com/

anypoint.platform.base_uri=https://anypoint.mulesoft.com/

4. Once it is deployed, go to the API Manager. Select that API instance, and you can see the API status as Active as follows.

5. If you apply any policy to it from the API manager, it will be used to the application deployed in the Runtime manager as auto discovery has connected this API manager instance to that deployed application.

  • Applying a Policy using API Manager
  1. Go to API Manager and click on policies.

2. Click on Apply New Policy and select Client Id enforcement with the latest version.

3. It will open the following window. You can pass credentials with HTTP Basic headers or with custom headers. We have selected the default setting that is custom.

4. You can either apply this client id enforcement to all methods and resources, or you can select specific methods and resources as per your need and click apply.

5. Now, you can see the client id enforcement policy is applied.

6. If you click on the API specification snippet, you can see the following specification. If you click on raml 1.0, you will see the same code we have added to our raml.

  • Requesting Access to the API using Exchange
  1. Go to Exchange and click on the application name. On the right corner, you will see 3 dots. Click on them and click request access.

2. Select an API Instance that has the API ID of your application and create a new application to access this API.

3. Add the name of the App, and you can also add other details as per your requirement.

4. Click on create and request Access. It will give you credentials to access this API. Save these credentials. You will need these to send a request to this API.

  • Calling API with credentials
  1. If you send a request to this API with the wrong credentials, it will give you error 401 Unauthorized.

2. Sent request with credentials which we got in Requesting Access to the API using Exchange step. This request will be processed successfully with the correct credentials.