Client Id Enforcement In MuleSoft
Amir mohammed
Last Update 4 år siden
Introduction
The Client Id Enforcement policy is used to restrict access to a protected resource by allowing requests only from registered client applications. The client application has to be registered on the Any Point platform to generate client credentials like ClientID and client secret.
When a client application is registered in Any point Platform, a pair of credentials consisting of a client ID and client secret is generated. When the client application requests access to an API, a contract is created between the application and that API. An API that is protected with a Client ID Enforcement policy is accessible only to applications that have an approved contract.
This mean that a client application is allowed to consume an API protected by a Client ID Enforcement policy, the client application must request access to the API. After an approved contract exists between the client application and the API, every request must include the client application credentials, according to how the policy is configured.
For example, if the policy is configured to expect a client ID and client secret as headers, the application must send those credentials in the request, using the corresponding headers:
How This Policy Works
Before a client application is allowed to consume an API protected by a Client ID Enforcement policy, the client application must request access to the API. After an approved contract exists between the client application and the API, every request must include the client application credentials in compliance with how the policy is configured.
For example, if the policy is configured to expect a client ID and client secret as query parameters, the application must send those credentials in the request. To enforce this, add a client-id-required RAML trait to the API specification:
Apply the trait to the resources or methods using the is RAML attribute:
Configuring API Specifications
The Client ID Enforcement policy requires changes in your API specification to implement the credentials requirement. You can find the RAML or OAS snippet link containing the RAML or OAS code you need to add to the API specification in the corresponding policy. You can access this code from the list of applied policies in the Policies tab of your API specification in API Manager.
Configuring How the Policy Obtains Credentials
You can configure the policy to extract either both the client ID and client secret
The following example use a client ID of 'abcd' and a client secret of 'a1b2c3d' on Header.
Obtaining Credentials Using HTTP Headers
Example request using curl:
Example DataWeave 2.0 expression to be used when configuring the policy: