Client Applications, Contracts, and Credentials

As the Organization Administrator, after you grant access to applications in Anypoint Exchange (Exchange), a contract is automatically created between the instance and the application. The contract gives access to the application based on SLA tiers that you might specify. Only one contract can exist per instance and application at any time.

As a user, when you request access to an asset from Exchange, your request is automatically approved if no SLA tiers are defined. If the asset includes an SLA tier, you can either configure your request so that it is automatically approved despite the SLA tier, or you can request approval manually.

Client application credentials are generated when you create a new application and request access to an instance. Requests must include these credentials if the instance is protected by a client ID enforcement policy. Organization Administrators can configure this enforcement policy to accept credentials either as headers or as query parameters, although using headers is more secure.

For additional information about client application credentials, see:

Default policies that internally enforce client application credentials include:

For information about how to configure and apply client ID enforcement policies, see Client ID Enforcement Policy.

Organization credentials provide a method to uniquely identify a specific environment, an organization, or a business group when linking Mule runtime engine (Mule) to an organization using Anypoint Platform. Mule uses these credentials to connect to and access your organization.

For example, you use environment credentials to connect a local Anypoint Studio (Studio) Mule deployment to API Manager through Autodiscovery. This connection allows the Studio-deployed application to be managed by API Manager. See Review Environment Concepts and Autodiscovery.

For additional information about configuring and obtaining organization credentials, see the following:

The Simple Authentication default policy protects an instance by forcing requests to provide credentials. These credentials populate a request’s Authorization header. For details on building requests using the Simple Authentication policy, see Basic Authentication: Simple Policy.

The Lightweight Directory Access Protocol (LDAP) Authentication default policy restricts access by using an LDAP authentication mechanism. LDAP authentication forces requests to provide credentials in an Authorization header and then requests the configured LDAP instance to determine if the credentials are correct in the provided LDAP context. For details on configuring the LDAP Authentication policy, see Basic Authentication: LDAP Policy.

You can protect a WSDL that is hosted on a remote location by configuring basic authentication credentials. For details on building a SOAP proxy, see Build SOAP Proxies.