Client Applications, Contracts, and Credentials
Credentials consist of two keys: the client ID and the client secret. Anypoint API Manager (API Manager) uses the following types of credentials:
-
Client application
-
Organization
-
Basic Authentication policy
-
SOAP API proxy
Client Application Credentials
As the Organization Administrator, after you grant access to applications in Anypoint Exchange (Exchange), a contract is automatically created between the API instance and the application. The contract gives access to the application based on SLA tiers that you might specify. Only one contract can exist per API instance and application at any time.
As a user, when you request access to an API from Exchange, your request is automatically approved if the API does not include SLAs. If the API includes an SLA tier, you either configure your request so that it is automatically approved despite the SLA tier, or you can request approval manually.
Client application credentials are generated when you create a new application and request API access. API requests must include these credentials if the API is protected by a client ID enforcement policy. Organization Administrators can configure this enforcement policy to accept credentials either as headers or as query parameters, although using headers is more secure.
For additional information about client application credentials, see:
Default policies that internally enforce client application credentials include:
-
Mule OAuth 2.0 Access Token Enforcement (Mule v3.8.5 or later)
-
PingFederate OAuth 2.0 Token Enforcement (Mule v3.8.5 or later)
-
OpenID Connect OAuth 2.0 Token Enforcement (Mule v3.8.5 or later)
-
JWT Validation (Mule v3.8.5 or later)
For information about how to configure and apply client ID enforcement policies, see Client ID Enforcement Policy.
Organization Credentials
Organization credentials provide a method to uniquely identify a specific environment, an organization, or a business group when linking Mule runtime engine (Mule) to an organization using Anypoint Platform. Mule uses these credentials to connect to and access your organization.
For example, you use environment credentials to connect a local Anypoint Studio (Studio) Mule deployment to API Manager through API Autodiscovery. This connection allows the Studio-deployed API to be managed by API Manager. See Review Environment Concepts and API Autodiscovery.
For additional information about configuring and obtaining organization credentials, see the following:
Basic Authentication Policy Credentials
The Simple Authentication default policy protects an API by forcing requests to provide credentials. These credentials populate a request’s Authorization
header. For details on building API requests using the Simple Authentication policy, see Basic Authentication: Simple Policy.
The Lightweight Directory Access Protocol (LDAP) Authentication default policy restricts API access by using an LDAP authentication mechanism. LDAP authentication forces API requests to provide credentials in an Authorization
header and then requests the configured LDAP instance to determine if the credentials are correct in the provided LDAP context. For details on configuring the LDAP Authentication policy, see Basic Authentication: LDAP Policy.
SOAP API Proxy Credentials
You can protect a WSDL that is hosted on a remote location by configuring basic authentication credentials. For details on building a SOAP API proxy, see Build SOAP API Proxies.