Broadband - Security API

To consume Artemis APIs Partners must have an active account in Salesforce and then be given access to Mulesoft. Partners will be given their Client_ID and Client_Secret details for API consumption to generate an access token in the form of a JWT Token (JSON Web Token) specifically a JWS (JSON Web Signature).

Get JWT Token

• MuleSoft credentials provided by the client are validated: ClientId and ClientSecret
• The metadata (Salesforce userName, Salesforce ClientId) associated with the Partner is retrieved from the provided ClientId
• A JWT token is generated from the metadata retrieved and the JWT is signed with the private key associated with the connected App in Salesforce
• The JWT is obtained using the appropriate Salesforce token endpoint and is encrypted using a symmetric key algorithm. A new partner specific JWT is generated and returned to the Partner to start the API invocation

API Invocation

• MuleSoft validates the JWT sent by the Partner verifying the JWT is well formed, the expiration time is still valid and the JWT signature is valid
• Privileges of the Partner are verified by checking the claim of the client_id of the token for the consumption of the API
• The Salesforce access token is retrieved (which is encrypted within a JWT claim) is decrypted and the request is made to Salesforce with the decrypted access token and a connection is made with Salesforce