Contact Us 1-800-596-4880

To Obtain an API Bearer Token Using a SAML Assertion

This topic describes how to obtain the bearer token from Anypoint Platform. If you are using an identity provider configured to use SAML 2.0, federated users within your organization can access platform APIs using the bearer token.

Obtaining an API bearer token using a SAML assertion works only for IdP-initiated single sign-on. Service provider-initiated SSO does not support unsolicited assertions.

The bearer token provides access to the platform APIs a user has permission to access. Each bearer token is associated with a specific user who is granted roles and permissions for an API. If a user attempts to access an API that they do not have permissions to access the API returns a 401 Unauthorized error.

The validity of the bearer token is determined by the value defined for the Default Session Timeout property. This is configured in the root organization properties. See Organization Settings for more information.

To obtain an API bearer token using a SAML assertion:

  1. Obtain a SAML response for your identity provider as described in To View a SAML Response in Your Browser.

    Record this response to use in the following step.

  2. Obtain the bearer token by running the following curl command. Replace <SAML_RESPONSE> in this example with the SAML response you obtained in the previous step.

    The SAML response must be base64 encoded. If the SAML response string is URL encoded, you must decode the string before running the curl command.
    curl -X POST \
      https://anypoint.mulesoft.com/accounts/login/:org-domain/providers/:providerId/receive-id \
      -H 'Content-Type: application/json' \
      -H 'X-Requested-With: XMLHttpRequest' \
      -d '{
        "SAMLResponse": "<SAML_RESPONSE>"
    }'

After obtaining the bearer token federated users within your organization can use it to access an API. For example, you can access the API using one of the following methods:

  • Anypoint CLI: A user can access a platform API by supplying the -bearer option to the anypoint-cli command. See Anypoint CLI for more information.

  • curl: A user can access a platform API by passing the bearer token when accessing an API endpoint as shown in the following:

    curl -X GET \
      https://anypoint.mulesoft.com/accounts/api/me \
      -H 'Authorization: Bearer <BEARER_TOKEN>'