curl -X POST \ https://anypoint.mulesoft.com/accounts/login/:org-domain/providers/:providerId/receive-id \ -H 'Content-Type: application/json' \ -H 'X-Requested-With: XMLHttpRequest' \ -d '{ "SAMLResponse": "<SAML_RESPONSE>" }'
Obtaining an API Bearer Token Using a SAML Assertion
If you are using an identity provider configured to use SAML 2.0, federated users within your organization can access Anypoint Platform APIs using the bearer token .
Obtaining an API bearer token using a SAML assertion works only for IdP-initiated single signon. Service provider-initiated SSO does not support unsolicited assertions. |
The bearer token provides access to the platform APIs a user has permission to access. Each bearer token is associated with a specific user who is granted roles and permissions for an API. If a user attempts to access an API that they do not have permissions to access the API returns a 401 Unauthorized
error.
The validity of the bearer token is determined by the value defined for the Default Session Timeout property. This is configured in the root organization properties. See Organization Settings for more information.
To obtain an API bearer token using a SAML assertion:
-
Obtain a SAML response for your identity provider as described in View a SAML Response in Your Browser.
Record this response to use in the following step.
-
Obtain the bearer token by running the following
curl
command. Replace<SAML_RESPONSE>
in this example with the SAML response you obtained in the previous step.The SAML response must be Base64-encoded. If the SAML response string is URL encoded, you must decode the string before running the curl
command.
After obtaining the bearer token federated users within your organization can use it to access an API. For example, you can access the API using one of the following methods:
-
Anypoint CLI: A user can access a platform API by supplying the
-bearer
option to theanypoint-cli
command. See Anypoint CLI for more information. -
curl: A user can access a platform API by passing the bearer token when accessing an API endpoint as shown in the following:
curl -X GET \ https://anypoint.mulesoft.com/accounts/api/me \ -H 'Authorization: Bearer <BEARER_TOKEN>'