HTTPS API Proxy Example

Setting up an HTTPS proxy application requires some configuration steps in addition to those required by other proxy applications.

The features for setting up an proxy might not be visible or accessible to you, depending on entitlements you purchased.

Example HTTPS Proxy Using the Box API

This document uses the public Box API as an example REST API to represent any REST API that you might want to proxy through Mule Runtime 3.8.0 or earlier API Gateway Runtime installations. Replace the configuration for Box, summarized here, with the corresponding information for other RESTful services.

To perform this procedure, you must have a account, which you can create for free if you don’t already have one.

Building the Proxy in Studio

Next, use Anypoint Platform to auto-generate a proxy application that performs the following tasks:

  • Accepts incoming service calls from applications and route them to the Box API.

  • Copies any message headers from the service call and pass them along to the Box API.

  • Disables the default status code exception check to allow any error messages that the Box API returns to be passed on to the application. 

  • Captures message headers from the Box API’s response and attach them to the response message.

  • Routes the response to the application that made the service call.

To set up the proxy application:

  1. Click API Manager, select a version of an API, and click Configure endpoint:

  2. Check the Configure proxy for CloudHub option.

  3. Click Save & Deploy.

  4. At the prompt, assign a name to your deployment, which takes the form of <appname> The proxy now points to Box, and sends HTTPS requests to it. These HTTPS requests use your default JVM HTTPS certificate. If you do want to add your own certificates, you must download and modify the proxy.

Because this API requires HTTPS, all connections to and from the proxy application run over HTTPS rather than HTTP. However, for the purposes of this example, the HTTP listener connector for the proxy is reached through on your computer, which is not certified as a secure server, and thus this listener connection does not work reliably through HTTPS.

If you want to use HTTPS for the HTTP listener of your API proxy, your web server must have a public key certificate, signed by a trusted certificate authority. After you obtain that, you can set this HTTP listener to HTTPS by following the steps in Using HTTPS.

If you use the default certificates from your JVM, include a host name and IP address. 

Registering an App in the Box Developer Portal

To test the example proxy for the Box API, you simulate an API call from an application:

  1. Go to Box’s developer portal:, and log into your Box account.

  2. Click Create a Box Application.

  3. At the prompt to provide a name for your application, specify a name, such as MyProxy, then select the Content API. If this is your first Box app, you are prompted to upgrade your Box account to a Developer account.

  4. Click Configure Application.

  5. Click Create a Developer Token and copy the Developer Token code that is displayed.

Testing the Proxy Example

Send a request to the URL that you assigned to your proxy by simulating an API call from an application. This request returns the contents of your Box account.

You can use a browser extension such as  Postman  (Google Chrome), or the curl command line utility.

This request must be configured in the following way:

  1. The URL must be to a specific path inside the URL that you assigned to your proxy


    Replace <appname> in the URL above with the name you assigned to your API when deploying it to CloudHub.

  2. Include an authorization header on every request as a header with the name authorization.

    The value of the header must include the word Bearer followed by a space and then the access_token. For example:

    Authorization=Bearer 1234123412341234
Header Value


Bearer <access_token>