Connected App in Anypoint Platform

Table of Contents


  • App acts on behalf of a user: Authorized by a user to act on their behalf.
  • App acts on its own behalf (client credentials): Acts on its own behalf without impersonating a user. The app can only be used in this organization.
  • Org Admin
  1. The only user who can view and manage connected apps in Access Management.
  2. Use authorization policies to dictate which apps can be authorized to access user data.
  3. Whitelist apps that users want to use.
  • Developers
  1. To interact with Anypoint Platform programmatically.
  2. To build CI/CD pipelines.
  3. To productize additional third-party use-cases on top of Anypoint Platform.
  • End User
  1. Can delegate API access and log in to third-party applications using their Anypoint Platform credentials.
  • OAuth 2.0 — an open standard for authorization. It provides clients a secure delegated access to server resources on behalf of a resource owner via authorization tokens.
  • OpenID Connect — added identity layer on top of the OAuth 2.0 protocol, which allows clients to verify end-user identity and obtain their basic profile information.
  • Usage is tracked and auditable.
  • Granted access can be revoked.
  • Password change is not required if granted access is revoked.
  • Passwords can be changed without having to update other systems.
  • An organization can own up to 200 Connected Apps.
  • Each connected app can have up to 1000 scopes.
  • Application actions are logged in the Audit Log.
  1. Connected Apps can be created and managed at the root organizational level only. See below when I am selecting Training which is my root org then we could see the Connected App option but if I select anything other than root org then the Connected App option won’t be available.
  • Sign in to Anypoint Platform with the credentials.
  • Click on Access Management and select Connected Apps. Go to the Owned Section and select Create App.
  • In the next window that opens, provide an app name, select the second type (App acts on its own behalf (client credentials))
  • Click on add scopes and add the necessary scopes to be included for the application and also choose the required environments and organization if prompted, click on Review and add scopes. Note: for our use case below we need the Design Center and Runtime Manager to contribute access.
  • Click on save and verify that the app appears in the connected Apps section.

Use Case — Deploy Mule Application to CloudHub Using Connected Apps

Using Client_ID and Client_Secret

  • Get the connected app client id and client secret.
  • Use a Connected App to perform the authentication programmatically by communicating with Anypoint Platform.
  • Deploy Mule application using below command to CloudHub
    mvn clean package deploy -DmuleDeploy
  • Add this to Pom.xml
  • Deploy Mule application using below command to CloudHub
    mvn clean package deploy -DmuleDeploy



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store