Tags API
Security & Policies
Mutual Authetication (2 way SSL):
Mutual authentication, also known as two-way authentication, is a security process in which entities authenticate each other before actual communication occurs. In this process, a connection can occur only if the client and the server exchange, verify, and trust each otherโs certificates. The certificate exchange occurs by means of the Transport Layer Security (TLS-1.2) protocol. The core of this process is to make sure that clients communicate with legitimate servers, and servers cooperate only with clients who attempt access for legitimate purposes.
Policy Overview:
Policy Name | Summary | Category | Returned Status Codes |
---|---|---|---|
Mutual Authentication-Policy Name | security process in which entities authenticate each other before actual communication occurs-Summary | Security--Category | Success -200 (Return expected output client application) Failed-400 (No required SSL certificate was sent)--Returned Status Codes |
Each client to configure API's /MuleSoft provided Trusted Certificate.
Client ID Enforcement Policy:
The Client ID Enforcement policy restricts access to a protected resource by allowing requests only from registered client applications. The policy ensures that the client credentials sent on each request have been approved to consume the API.
When a client application is registered in Anypoint Platform, a pair of credentials consisting of a client ID and client secret is generated. When the client application requests access to an API, a contract is created between the application and that API. An API that is protected with a Client ID Enforcement policy is accessible only to applications that have an approved contract.
Policy Overview:
Policy Name | Summary | Category | Returned Status Codes |
---|---|---|---|
Client ID Enforcement-Policy Name | Allow access only to authorized client applications--Summary | Compliance-Category | Success -200 (Return expected output client application) Failed-400 (No required SSL certificate was sent)--Returned Status Codes |
Request to contain below 2 elements in header.
- TOKEN: Replace with API Token which can be obtained from getToken API call (Get API Token)
Policy Name | Summary | Category | Returned Status Codes |
---|---|---|---|
Rate Limit-Policy Name | Restrict the number of requests an API can accept in a defined window of time based on client id we can run the limits independently--Summary | Quality Of Service-Category | Success -200 (Return expected output client application)Failed-429 Too many requests (Quota has been exceeded)--Returned Status Codes |