+

Using Anypoint Studio to Configure Veeva Vault Connector 1.4 - Mule 4

Anypoint Studio (Studio) editors help you design and update your Mule applications, properties, and configuration files.

To add and configure a connector in Studio:

When you run the connector, you can view the app log to check for problems in real time, as described in View the App Log.

If you are new to configuring connectors in Studio, see Using Anypoint Studio to Configure a Connector. If, after reading this topic, you need additional information about the connector fields, see the Veeva Vault Reference.

Create a Mule Project

In Studio, create a new Mule project in which to add and configure the connector:

  1. In Studio, select File > New > Mule Project.

  2. Enter a name for your Mule project and click Finish.

Add the Connector to Your Mule Project

Add Veeva Vault Connector to your Mule project to automatically populate the XML code with the connector’s namespace and schema location and add the required dependencies to the project’s pom.xml file:

  1. In Mule Palette, click (X) Search in Exchange.

  2. In Add Dependencies to Project, type veeva vault in the search field.

  3. Click Veeva Vault in Available modules.

  4. Click Add.

  5. Click Finish.

Adding a connector to a Mule project in Studio does not make that connector available to other projects in your Studio workspace.

Configure a Source

A source initiates a flow when a specified condition is met. You can configure one of these sources to use with Veeva Vault Connector:

  • HTTP Listener
    Initiates a flow each time it receives a request on the configured host and port

  • Scheduler
    Initiates a flow when a time-based condition is met

For example, to configure an HTTP Listener source, follow these steps:

  1. In Mule Palette, select HTTP > Listener.

  2. Drag Listener to the Studio canvas.

  3. On the Listener configuration screen, optionally change the value of the Display Name field.

  4. Specify a value for the Path field.

  5. Click the plus sign (+) next to the Connector configuration field to configure a global element that can be used by all instances of the HTTP Listener source in the app.

  6. On the General tab, specify connection information for the connector.

  7. On the TLS tab, optionally specify the TLS information for the connector.

  8. On the Advanced tab, optionally specify reconnection information, including a reconnection strategy.

  9. Click Test Connection to confirm that Mule can connect with the specified server.

  10. Click OK.

Add a Connector Operation to the Flow

When you add a connector operation to your flow, you are specifying an action for that connector to perform.

To add an operation for Veeva Vault Connector, follow these steps:

  1. In Mule Palette, select Veeva Vault and then select the desired operation.

  2. Drag the operation onto the Studio canvas, next to the input source.

Configure a Global Element for the Connector

When you configure a connector, configure a global element that all instances of that connector in the app can use. Configuring a global element requires you to provide the authentication credentials that the connector requires to access the target Veeva Vault system. Veeva Vault Connector supports Basic authentication.

To configure the global element for Veeva Vault Connector, follow these steps:

  1. Select the operation in the Studio canvas.

  2. In the General configuration screen for the operation, click the Add icon to access the global element configuration fields.

  3. In the General tab, in Connection, select the authentication method to configure:

  4. In the Advanced tab, optionally specify reconnection information, including a reconnection strategy.

  5. Click Test Connection to confirm that Mule can connect with the specified server.

  6. Click OK.

Basic Connection

Enter the following information in the General tab of the Global Element Properties screen to configure Basic authentication:

Field Description

Name

Configuration name

Vault URL

URL of the Veeva Vault instance required for the connection

Username

Username used to initialize the session

Password

Password used to authenticate the user

Client Id

Client ID to send with each request header to the Veeva Vault instance for tracking purposes, in the format {organization}-{company/team}.

The client ID has the prefix mulesoft and the suffix client-vaultconnector, for example, mulesoft-abcpharma-clinicalprod-client-vaultconnector.

The following image shows an example of configuring the General tab for Basic authentication:

Authentication fields completed in the *General* tab for Basic authentication

Enter the following information in the Advanced tab of the Global Element Properties screen to configure the burst API limit for Basic authentication:

Field Description

Response Timeout

Maximum amount of time, in milliseconds, that the connector waits for the Veeva Vault response. If the maximum amount of time is exceeded, a timeout exception is thrown. The default is 30,000 milliseconds (30 seconds).

Burst API Limit Profile

Burst API limit profile configuration to act upon if the specified burst API limit of the Veeva Vault API reaches or exceeds the configured threshold.

If Burst API limit config is enabled (default), then the connector evaluates the Veeva Vault API’s response header (X-VaultAPI-BurstLimitRemaining) value against the specified API Limit Threshold value. If the remaining burst API limit reaches or exceeds the specified API Limit Threshold value, the connector waits for the specified amount of time to restart the count of Burst Limit Remaining.

The following example shows an application log with a warning message at 2019-06-06 10:34:45,096, halting the process for five minutes, as shown in the next message at 2019-06-06 10:39:45,098:

WARN 2019-06-06 10:34:45,096 [[MuleRuntime].io.27: [veevavault-connector-demo].get-documents-operationFlow.BLOCKING @2dd2ffaf] [event: 99716950-8818-11e9-90e2-d61515f42856] org.mule.extension.veevavault.internal.service.HttpRequestService: Burst API Limit remaining calls [1997] has exceeded/reached an API Limit Profile threshold set as [1997]. As per API Limit Profile, Veeva Vault Connector will wait for [5] MINUTES.

WARN 2019-06-06 10:39:45,098 [[MuleRuntime].io.27: [veevavault-connector-demo].get-documents-operationFlow.BLOCKING @2dd2ffaf] [event: 99716950-8818-11e9-90e2-d61515f42856] org.mule.extension.veevavault.internal.operations.VeevaVaultOperations: Properties or Fields is not available for api [/api/v18.2/metadata/objects/documents/types/site_management__c] , will use input list [[name__v, type__v, subtype__v, classification__v, lifecycle__v, status__v, study__v, product__v, id]] if configured to build VQL query

INFO 2019-06-06 10:39:45,098 [[MuleRuntime].io.27: [veevavault-connector-demo].get-documents-operationFlow.BLOCKING @2dd2ffaf] [event: 99716950-8818-11e9-90e2-d61515f42856] org.mule.extension.veevavault.internal.pagination.GetDocumentsPagingProvider: Query Build :: SELECT name__v, type__v, subtype__v, classification__v, lifecycle__v, status__v, study__v, product__v, id FROM documents WHERE name__v= 'F22611234--6764'

INFO 2019-06-06 10:39:46,024 [[MuleRuntime].io.27: [veevavault-connector-demo].get-documents-operationFlow.BLOCKING @2dd2ffaf] [event: 99716950-8818-11e9-90e2-d61515f42856] org.mule.extension.veevavault.internal.service.HttpRequestService: Response received for sync http request :: 'https://[vault-domain]/api/v18.2/query?q=SELECT+name__v%2C+type__v%2C+subtype__v%2C+classification__v%2C+lifecycle__v%2C+status__v%2C+study__v%2C+product__v%2C+id+FROM+documents+WHERE+name__v%3D+%27F22611234--6764%27++LIMIT+1000+OFFSET+0' in 925 milliseconds.

API Limit Threshold

Veeva Vault API limit threshold for Burst API Limit Profile. When the specified limit is reached or exceeded, the connector waits for the specified amount of time. The default is 200.

Wait Time

Amount of time that the connector waits if the API Limit Threshold is reached or exceeded. The default is 5.

Time Unit

Time unit for the wait time. The default is MINUTES.

Daily API Limit Profile

Daily API limit exceed profile configuration to use if the daily API limit of the Veeva Vault API reaches or exceeds the configured threshold. The daily limit is the total number of API calls within any 24-hour window.

The following example shows an application log with a warning message at 2019-06-06 10:47:31,698 and an error message at 2019-06-06 10:47:31,699:

WARN 2019-06-06 10:47:31,698 [[MuleRuntime].io.44: [veevavault-connector-demo].get-documents-operationFlow.BLOCKING @108e7f43] [event: 624cfa50-881a-11e9-90e2-d61515f42856] org.mule.extension.veevavault.internal.service.HttpRequestService: Veeva Daily API Limit remaining calls [10000] has exceeded/reached an Daily API Limit Profile threshold set as [10000]. As per API Limit Profile, Veeva Vault Connector will throw an exception.

ERROR 2019-06-06 10:47:31,699 [[MuleRuntime].io.44: [veevavault-connector-demo].get-documents-operationFlow.BLOCKING @108e7f43] [event: 624cfa50-881a-11e9-90e2-d61515f42856] org.mule.extension.veevavault.internal.service.HttpRequestService: Exception caught while processing Sync request ::: https://xxxxx-xxxxx.veevavault.com/api/v20.1/metadata/vobjects/site__v, Exception ::: \{"responseStatus":"FAILURE","errors":[\{"type":"API_LIMIT_EXCEED","message":"The Veeva Vault Connector has reached/exceeded daily API limit remaining calls [10000]. The configured daily api limit threshold is \(10000\)"}\]}

ERROR 2019-06-06 10:47:31,767 [[MuleRuntime].io.44: [veevavault-connector-demo].get-documents-operationFlow.BLOCKING @108e7f43] [event: 624cfa50-881a-11e9-90e2-d61515f42856] org.mule.runtime.core.internal.exception.OnErrorPropagateHandler:

**********************************************************************************

Message : An error occurred from the Veeva Vault API.
Error Code: API_LIMIT_EXCEED.
Original Error Message: The Veeva Vault Connector has reached/exceeded daily API limit remaining calls [10000]. The configured daily api limit threshold is (10000).
Error type : VEEVAVAULT:API_LIMIT_EXCEED

**********************************************************************************

API Limit Threshold

Veeva Vault API limit threshold for Daily API Limit Profile. When the specified limit is reached or exceeded, the connector waits for the specified amount of time. The default is 10000.

The following image shows an example of configuring the Advanced tab for Basic authentication:

Authentication fields completed in the *Advanced* tab for Basic authentication

OAuth 2.0 / Open ID Connection Provider

Use OAuth 2.0 to delegate user authentication to the service hosting the user account. For more information, refer to Configuring OAuth 2.0 for Connectors or Configuring OAuth 2.0 for Connectors on CloudHub.

Veeva Vault supports several OAuth providers, such as Azure AD, Ping Federate, and any other provider that supports OIDC (OpenID Connect).

Currently, Okta and any other providers that require PKCE are not supported.

Configure the OAuth provider for Veeva Vault Connector. The following steps show how to configure the Veeva service to communicate with the OAuth provider:

  1. In the Veeva Vault Admin panel, navigate to the Settings tab.

  2. In Domain Settings, select OAuth 2.0 / OpenID Connect Profiles.

  3. Click Create.

  4. Configure your profile. Enter values for Label and Name, set Status to Active, and set Authorization Server Provider to the provider you are using, or select Other if your provider is not in the list. You can also uncheck the Perform strict Audience Restriction validation checkbox.

  5. Enter information for AS Metadata. All OpenID Connect providers have a URL ending with /.well-known/openid-configuration, which contains this metadata. For example:

    • Okta: https://{OKTA_INSTANCE}.okta.com/.well-known/openid-configuration

    • Azure: https://login.microsoftonline.com/{TENANT}/v2.0/.well-known/openid-configuration

    • PingFederate: https://{YOUR_INSTANCE}/.well-known/openid-configuration

      Use this metadata to configure AS Metadata by clicking the Upload AS Metadata button and selecting the Provide Authorization Server Metadata URL option. This enables you to paste the above URL into AS Metadata.

      OAuth 2.0 / OpenID Connect Profile configuration window with completed fields from the steps above
  6. Click Save. Now, you can see the created profile.

    Vault Session ID URL and AS Metadata URL fields in a new window after creating the profile

    Note down the Vault Session ID URL for further use when you configure the connector. To fully configure Veeva with OpenID, you must provision users to use this new profile. Refer to the Provision Users to Use SSO for more information.

Now, you can configure Veeva Vault Connector with OAuth 2.0.

Enter the following information in the General tab of the Global Element Properties screen to configure OAuth 2.0 / Open ID connection:

Field Description

Name

Configuration name

Vault URL

Veeva Vault instance URL required for connection.

Version

Version for the Veeva Vault instance required.

Client Id

Client ID required to send with each request header to the Vault instance.

OIDC Profile ID

OIDC profile ID generated by Veeva when creating a new OIDC profile. To configure the OIDC profile ID, use the ID in your OIDC profile in Veeva. Your OIDC profile contains a Vault Session ID URL, for example, https://login.veevavault.com/auth/oauth/session/_00000000-aaaa-bbbb-cccc-111111111111, in which _00000000-aaaa-bbbb-cccc-111111111111 is the OIDC profile ID. Use this value for the OIDC Profile ID field.

Consumer Key

OAuth consumer key, as registered with the service provider. This is your IdP client ID, assuming you already have a client application registration created at the ID provider of your choice, for example, PoneOne or PingFederate.

Consumer Secret

OAuth consumer secret, as registered with the service provider. This is your IdP client secret, assuming you already have a client application registration created at the ID provider of your choice, for example, PoneOne or PingFederate.

Authorization Url

OAuth 2.0 authorization URL, such as https://{your-instance}/as/authorization.oauth2 for PingFederate.

Access Token Url

OAuth 2.0 token URL, such as https://{your-instance}/as/token.oauth2.

Scopes

You can set up your OAuth 2.0 scopes as necessary, but the important ones openid and offline_access are already pre-filled.

Resource Owner Id

Depending on your IdP configuration, you can leave it blank.

Listener Config

Create a new HTTP Listener or use an existing one if you have one, for example, http://localhost:8081/.

Callback Path

Callback path of your application. If you set it to callback, your full callback path is http://localhost:8081/callback. Do not forget to add your callback path to the IdP’s redirect URLs.

Authorize Path

Authorize path. You will navigate to this path when starting the OAuth 2.0 dance, for example, authorize means the full path is http://localhost:8081/authorize.

External Callback Url

You can set this directly to http://localhost:8081/callback.

Here is the XML for the OAuth 2.0 configuration for Veeva Vault Connector:

<configuration-properties file="application.properties" />

<http:listener-config name="HTTP_Listener_config" >
    <http:listener-connection host="localhost" port="${http.port}" >
    </http:listener-connection>
</http:listener-config>

<veevavault:config name="Veeva_Vault_Config">
    <veevavault:oauth2-oidc-connection vaultURL="https://${veeva.instance}.veevavault.com" clientId="${veeva.client.id}" oidcProfileId="${veeva.oidc.profile}">
        <veevavault:oauth-authorization-code consumerKey="${azure.client.id}" consumerSecret="${azure.client.secret}" authorizationUrl="https://login.microsoftonline.com/${azure.tenant}/oauth2/v2.0/authorize" accessTokenUrl="https://login.microsoftonline.com/${azure.tenant}/oauth2/v2.0/token" scopes="${azure.appid}/.default"/>
        <veevavault:oauth-callback-config listenerConfig="HTTP_Listener_config" callbackPath="callback" authorizePath="authorize" externalCallbackUrl="${oauth2.callback_uri}"/>
    </veevavault:oauth2-oidc-connection>
</veevavault:config>

The above example uses the Salesforce authentication provider and requires you to create an application.properties file in your resources folder with this format:

http.port = 8080
oauth2.callback_uri = http://localhost:8080/callback

veeva.instance = your-veeva-instance
veeva.client.id = your-veeva-client-id
veeva.oidc.profile = your-oidc-id

azure.tenant = azure-tenant-id
azure.appid = azure-app-id
azure.client.id = azure-oauth-client-id
azure.client.secret = azure-oauth-client-secret
Azure AD is a special case in which you must set the scope as {app_id}/.default. With other OAuth providers, you can use the predefined openid offline_access scopes unless other scopes are required.

View the App Log

To check for problems, you can view the app log as follows:

  • If you’re running the app from Anypoint Platform, the app log output goes to the Anypoint Studio console window.

  • If you’re running the app using Mule from the command line, the app log output goes to your operating system console.

Unless the log file path is customized in the app’s log file (log4j2.xml), you can also access the app log in the default location MULE_HOME/logs/<app-name>.log. You can configure the location of the log path in the app log file log4j2.xml.

Next Step

See Additional Configuration Information for more configuration steps.

Was this article helpful? Thanks for your feedback!
View on GitHub