3. MULESOFT –Enterprise
Security Modules
Mule Secure Token Service (STS)
OAuth 2.0a Provider (Its part of
Enterprise edition)
Security for REST service
provider/consumer (for API which
we developing using MULE API
led connectivity)
3
Ensure that the API is properly
protected
by right authentication /
authorization
schemes
Authorization &
Authentication
• SAML
• Oath 2
• WS-Security
• Ping federate
4. MULESOFT –Enterprise
Security Modules
Each layer has specific
security requirements in
API approach
Experience: This layer needs
to be protected by
inbound security
Process: In this layer, fine
grain security is applied
as to who has access to
which process API
System Connectivity: This
layer need to be
protected by outbound
security
4
5. MULESOFT –Enterprise
Security Modules
5
Process APIs
Process Level Fine Grained Security
Experience APIs
Inbound Security
(Authentication, Authorization and Data Security)
API Manager Security policies
System APIs
Outbound Security
(Authentication, Authorization and Data Security)
WEB/Mobile/Desktop
On premise /Cloud applications
6. Securing API in
Anypoint platform
Combination of HTTPS
and OAuth 2.0 are best
practice for Web API
security
Basic Authentication (HTTPS)
Http-security-filter knows
how to decipher the
incoming Base64 encoded
username and password
before passing them to
the security manager..
Failure to authenticate will
result in a 403 sent back
to the client.
6
7. Securing API in
Anypoint platform
OAuth 2.0
The oauth-provider config
exposes a url over which
it receives requests for a
token in exchange for
credentials (client id,
secret, username and
password). It also passes
the username and
password to the security-
manager before
proceeding to issue a
token.
7