Access Management API

(5 reviews)

Authentication

Anypoint Access Management enables you to authenticate API users using a username and password, and OAuth2.

To access Platform APIs, you must obtain a token from either the login endpoint or using the OAuth authorization process. After obtaining a token, you can access the API by supplying the token in the authorization header as shown in this example:

GET /accounts/api/profile HTTP/1.1
Host: anypoint.mulesoft.com
Authorization: Bearer d127e2ec-a703-4e2a-8629-e9158804748b"
Username/Password Authentication

Username and Password Authentication

To authenticate using a username and password, you must invoke the /login API. This API receives a username and password via a JSON request. In return, you receive an access token that you can use to access APIs. The Content-Type header must be set to application/json. For example:

POST /accounts/login HTTP/1.1
Content-Type: application/json
{
   "username" : "joe",
   "password" : "password"
}

This returns the following response and token:

{
"access_token": "d127e2ec-a703-4e2a-8629-e9158804748b",
"token_type": "bearer"
}

Federated Users

SAML 2.0

Users authenticated via SAML can now access platform APIs by invoking the /login/receive-id API. This API expects a SAMLResponse via a JSON request.

Please refer To view a SAML response in your Browser document to extract the SAMLResponse necessary to call the API.

In return, you receive an access token that you can use to access platform APIs. The Content-Type header must be set to application/json and X-Requested-With header must be set to XMLHttpRequest. For example:

POST /accounts/login/receive-id HTTP/1.1
Content-Type: application/json
X-Requested-With: XMLHttpRequest
{
   "SAMLResponse": <Replace_with_your_SAMLResponse>
}

This returns the following response and token:

{
"access_token": "d127e2ec-a703-4e2a-8629-e9158804748b",
"token_type": "bearer"
"redirectUrl": "/exchange/login"
}

OpenID Connect

Users who are authenticated via OpenID connect cannot access platform APIs. For Anypoint Platform organizations that are considering OpenID federation, the recommended workaround is to create a non-federated user before switching to OpenID authentication to continue using the Platform APIs.

OAuth

Anypoint Access Management supports OAuth for authentication. Support for authentication using OAuth is limited to organization clients. This includes clients that are used to configure on-premises Mule runtimes, API proxies, and Anypoint MQ clients using the client credentials grant types. After OAuth authorization process has been completed, the resulting token can be used to access the API as specified above.

Obtaining a Client ID and Client Secret

To obtain a client ID and client secret, see the documentation for the individual client types:

Using the Client Credentials Grant Type

After obtaining your client ID and secret, use them to obtain a token to access the API. To do this, POST a JSON request with the information to the token URL https://anypoint.mulesoft.com/accounts/oauth2/token

POST /accounts/oauth2/token HTTP 1.1
Host: anypoint.mulesoft.com
Content-Type: application/json

{
   "client_id" : "123456789",
   "client_secret": "123456789",
   "grant_type" : "client_credentials"
}

This command returns a bearer token that can be used for subsequent API requests:

{
    "access_token": "d127e2ec-a703-4e2a-8629-e9158804748b",
    "token_type": "bearer"
}

Reviews

DU
Deleted UserJul 21, 2023, 8:20 PM
Old OAuth token address
The oauth2 address above is outdated. Use this: https://anypoint.mulesoft.com/accounts/api/v2/oauth2/token
DU
Deleted UserAug 3, 2022, 12:23 PM
Clear documentation
Well organized spec
DU
Deleted UserMay 11, 2022, 10:11 AM
Changes to API
Unusable for anything other than manual use cases because of this caveat posted against most of the resources: "This API may change/disappear at any time without prior notification; there are no backwards compatibility guarantees for format, function or existence across multiple releases." So anyone coding against these watch out!
DU
Deleted UserJul 30, 2021, 1:57 PM
Issue with oAuth2.0 token auth
Using a valid Token from client_id an client_secret using oAuth2.0 didn't work for the /hierarchy endpoint. only possible with basic Auth using username and password.
DU
Deleted UserApr 6, 2021, 3:35 AM
one stop shop for admin tasks.
very well crafted