Access Management API

Anypoint Access Management enables you to authenticate API users using a username and password, and OAuth2.

To access Platform APIs, you must obtain a token from either the login endpoint or using the OAuth authorization process. After obtaining a token, you can access the API by supplying the token in the authorization header as shown in this example:

GET /accounts/api/profile HTTP/1.1
Host: anypoint.mulesoft.com
Authorization: Bearer d127e2ec-a703-4e2a-8629-e9158804748b"
Username/Password Authentication

Username and Password Authentication

To authenticate using a username and password, you must invoke the /login API. This API receives a username and password via a JSON request. In return, you receive an access token that you can use to access APIs. The Content-Type header must be set to application/json. For example:

POST /accounts/login HTTP/1.1
Content-Type: application/json
{
   "username" : "joe",
   "password" : "password"
}

This returns the following response and token:

{
"access_token": "d127e2ec-a703-4e2a-8629-e9158804748b",
"token_type": "bearer"
}

Federated Users

SAML 2.0

Users authenticated via SAML can now access platform APIs by invoking the /login/receive-id API. This API expects a SAMLResponse via a JSON request.

Please refer To view a SAML response in your Browser document to extract the SAMLResponse necessary to call the API.

In return, you receive an access token that you can use to access platform APIs. The Content-Type header must be set to application/json and X-Requested-With header must be set to XMLHttpRequest. For example:

POST /accounts/login/receive-id HTTP/1.1
Content-Type: application/json
X-Requested-With: XMLHttpRequest
{
   "SAMLResponse": <Replace_with_your_SAMLResponse>
}

This returns the following response and token:

{
"access_token": "d127e2ec-a703-4e2a-8629-e9158804748b",
"token_type": "bearer"
"redirectUrl": "/exchange/login"
}

OpenID Connect

Users who are authenticated via OpenID connect cannot access platform APIs. For Anypoint Platform organizations that are considering OpenID federation, the recommended workaround is to create a non-federated user before switching to OpenID authentication to continue using the Platform APIs.

OAuth

Anypoint Access Management supports OAuth for authentication. Support for authentication using OAuth is limited to organization clients. This includes clients that are used to configure on-premises Mule runtimes, API proxies, and Anypoint MQ clients using the client credentials grant types. After OAuth authorization process has been completed, the resulting token can be used to access the API as specified above.

Obtaining a Client ID and Client Secret

To obtain a client ID and client secret, see the documentation for the individual client types:

• Organization client
• Anypoint MQ Client Applications

Using the Client Credentials Grant Type

After obtaining your client ID and secret, use them to obtain a token to access the API. To do this, POST a JSON request with the information to the token URL https://anypoint.mulesoft.com/accounts/oauth2/token

POST /accounts/oauth2/token HTTP 1.1
Host: anypoint.mulesoft.com
Content-Type: application/json

{
   "client_id" : "123456789",
   "client_secret": "123456789",
   "grant_type" : "client_credentials"
}

This command returns a bearer token that can be used for subsequent API requests:

{
    "access_token": "d127e2ec-a703-4e2a-8629-e9158804748b",
    "token_type": "bearer"
}