Contact Free trial Login

Public Portal Vanity Domain

This document contains instructions and the necessary NGINX configuration for setting up an organization’s public portal using a vanity domain.

Whitelist Your Domain

Your domain needs to be whitelisted in Exchange for your public portal to work properly. To do so:

  1. Get an access token from an Anypoint Platform user account that has the Organization Administrator role in the master organization:

    ACCESS_TOKEN=$(curl -XPOST -d "username=YOUR_USERNAME&password=YOUR_PASSWORD" | jq -r ".access_token")
  2. Use the access token to whitelist your custom domain:

    curl -XPUT -d your.custom.domain -H "content-type: text/plain" -H "authorization: bearer $ACCESS_TOKEN"
    If this step is not followed, you won’t be able to log in to the portal or perform any actions that need authentication.

Set up a reverse proxy

A reverse proxy allows users to access and navigate the vanity domain site exactly as if they were at the MuleSoft site. For example, users could access and navigate exactly as if they were at

This can be achieved through a reverse proxy that reroutes requests to your specific domain to the Anypoint Platform. In the following section, we provide example minimal NGINX configuration rules needed to implement the reverse proxy correctly.

You can set up the reverse proxy on servers other than NGINX, including Apache, content delivery networks (CDNs), and many more. The specific configuration needed for your current web server implementation may need to vary slightly, but the rules should be implemented in the same way.

Generic configuration

To set up a basic reverse proxy for a portal vanity domain configuration, set up route mapping and custom headers.

Route mapping

Set up static resource route mapping for shared, icons, exchange/api-console, and node_modules. Regardless of your portal path, these routes need to be at the root level.

For example:

  • Route to

  • Route to

  • Route to

  • Route to

Route callback to

For example:

  • Route to

Route all your portal traffic to the Anypoint Platform. This depends on the portal path. Your portal path may be any path. The example’s portal path is path/of/justice/.

For example:

  • Route (and all routes under this path) to

Custom headers

Add headers for each of the routes described previously.

  • X-Forwarded-Path is the base path of your vanity domain public portal URL, such as /path/of/justice/.

    This path can be any path that begins and ends with a slash (/). It can be the root path represented by a single slash (/). This base path of the portal in your vanity domain does not need to match the base path of the portal in the domain.

  • X-Forwarded-Host is your public portal vanity domain, such as


location ~ /(shared|node_modules|icons|exchange/api-console) {
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Forwarded-Path ${PUBLIC_PORTAL_PATH};

    proxy_pass ${ANYPOINT_BASE_URL};

location /callback {
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Forwarded-Path ${PUBLIC_PORTAL_PATH};

    proxy_pass ${ANYPOINT_BASE_URL}/exchange/portals/${ORGANIZATION_DOMAIN}/callback;

location ${PUBLIC_PORTAL_PATH} {
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Forwarded-Path ${PUBLIC_PORTAL_PATH};

    proxy_pass ${ANYPOINT_BASE_URL}/exchange/portals/${ORGANIZATION_DOMAIN}/;


${PUBLIC_PORTAL_PATH}: Your custom path. Must end with a forward slash "/".
${ANYPOINT_BASE_URL}: Anypoint Platform URL for the desired region.
${ORGANIZATION_DOMAIN}: Your organization's domain in Anypoint Platform.

For example, for the Robocop organization public portal with an Anypoint Platform domain of robo-cop to run on

${PUBLIC_PORTAL_PATH}: /path/of/justice/
Your server must run using https.

If set up correctly, you can access and navigate to exactly as if you were at

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub