Contact Us 1-800-596-4880

Mule Gateway Overview

Mule Runtime includes an embedded Mule Gateway. Using this gateway, any user can, for example, apply a basic authentication policy on top of a Mule application, enrich an incoming/outgoing message, or add any other complex capability to an API without having to write any code.
Overall, Mule Gateway allows you to add a dedicated orchestration layer on top of your backend APIs and services to help you separate orchestration from implementation concerns. You can leverage the governance capabilities of API Manager to apply, among other capabilities, throttling, security, caching, and logging to your APIs.


If you want to apply policies and generate analytics info, you must use either:

  • An API defined in a Mule application.

  • A Mule application that proxies your existing backend implementation.

Key Concepts


An API is an abstraction of a set of components. It encapsulates the complexity of your Mule application development, and it presents an easy and reusable way of accessing your assets.
Pairing your API to API Manager through an Autodiscovery element enables you to apply policies to that API.


An API that you create using an HTTP Exchange asset. Mule Gateway assumes that the associated Mule application being tracked by API Manager has an HTTP or HTTPS listener defined as an implementation endpoint.

Typical usage: REST based APIs.


An API that you create using a RAML/OAS Exchange asset. Your Mule Gateway assumes that the associated Mule application being tracked by API Manager has an HTTP or HTTPS listener with a RAML/OAS router defined as an implementation endpoint.

To make this asset available in Exchange, you can design your API using API Designer and then export it to Exchange.

Typical usage: RAML/OAS based APIs.


An API that you create using a WSDL Exchange asset. Your Mule Gateway assumes that the associated Mule application being tracked by API Manager has an HTTP or HTTPS listener with a WSDL router defined as an implementation endpoint.

Typical usage: WSDL based APIs.

API Autodiscovery

API Autodiscovery allows API Manager to manage an API that represents an HTTP endpoint of a Mule application.
Essentially, it’s the mechanism that links an HTTP resource to its API definition in API Manager.

Through API Autodiscovery, Mule Gateway can synchronize the configuration defined in the corresponding paired API from API Manager. For Autodiscovery to work, the Mule Runtime that is acting as a gateway requires Anypoint Platform organization credentials.

See the API Autodiscovery article for more information.

API Proxy

API proxies, also known as "autogenerated proxies", are meant to enhance the usability of API Manager in your Mule application.

Typical usage: Either when you want to leverage Mule Gateway capabilities and your backend API is not based on Mule Runtime, or when your API is based on Mule Runtime but you are unable to define the corresponding Autodiscovery element because it is a closed code.

api gateway capabilities mule4 62bf9

When you configure your API to be a Proxy Endpoint, Anypoint Platform allows you to download a preconfigured Mule application. If the application is deployed to a Mule Runtime and you are using the correct Platform Credentials, the API for the application will be automatically tracked by API Manager.

You do not need to know how to create a Mule application. You simply deploy the application to a correctly configured runtime.

Anypoint Platform can deploy the proxy directly to Cloudhub or using the Mule agent, through Runtime Manager.

If you would like to use HTTPS instead of HTTP, you can follow these steps:

  1. Import the autogenerated proxy into Anypoint Studio.

  2. Specify the certificates to be used.

  3. Deploy the application to Cloudhub or a runtime instance.

The proxies that can be downloaded from API Platform are a convenient tool to speed up your Application Network development.
Having said that, you are not restricted to using an autogenerated proxy. Any Mule application, provided with a correctly configured Auto-Discovery, can be used to leverage Mule Gateway capabilities.


Policies are the tool to apply orthogonal behavior to a whole API or to a resource of it.

You can create policies to enrich, filter, and control Incoming/Outgoing messages, and to apply a security layer on top of your API by, for example, enforcing token access to your API or whitelisting/blacklisting specific IP addresses.

Mule Gateway provides not only Out-Of-The-Box (OOTB) policies but an engine to create your own Custom Policies.


When the Mule Gateway is connected to API Manager, you can monitor the usage of your registered API using API Analytics.

Mule Gateway reports API usage, including the detected policy violations.


Mule Gateway uses pointcuts to point a policy to the resource where it should be applied.

If you are enforcing a policy in API Manager, this policy uses pointcuts to determine the endpoints of your Mule application to which it should apply.

Just as the API autodiscovery element must be declared in your Mule application code, pointcuts are declared within the policies.

In Mule 4, pointcuts are invisible to the user and are only managed internally by the Mule Gateway and API Manager.

You can select the granularity of the pointcut when configuring most policies. You can find this configuration under the Method & Resource conditions of your policies.

The two available options are:

  • Apply configurations to all API methods & resources.

    api gateway capabilities mule4 40081

    When selected, the API Pointcut matches every resource and method of your API. This means that the policy being applied will be executed for every request the HTTP Listener (linked with the API via Autodiscovery) receives.

  • Apply configurations to specific methods & resources.

    api gateway capabilities mule4 2ed4e

    This defines a resource-level pointcut for your API. In this example, the policy is applied to the API only when the request method is a GET. You can optionally define a matching regex for the resource for further granularity.

Enabling Mule Gateway capabilities

To take advantage of Mule Gateway capabilities, you need to establish a communication channel between the Mule runtime and an organization created in a particular plane (ie. US control plane, EU control plane) or Mule Private Cloud Edition.

To configure the Mule runtime in such a way, you need to specify your Anypoint organization credentials.
Depending on your implementation, there are several ways to pass organization credentials to the runtime. See Configuring Organization Credentials in Mule Runtime 4 or Mule Runtime 3 to learn how to do this.