SlideShare a Scribd company logo
1 of 32
December 23, 2022 4:00 PM IST
19th Bangalore MuleSoft
Meetup
Anypoint API Manager Custom
Policies & Best Practices
A recording of this meetup will be uploaded to events page within 72 hours.
Questions can be submitted/asked at any time in the Chat/Questions & Answers Tab.
Make it more Interactive!!!
Share us the feedback! Rate this meetup session by filling feedback form at the end of the day.
We Love Feedbacks !!
Housekeeping
2
Introductions API Manager
❏ Policies
❏ Custom Policies
❏ Demo
❏ Anypoint Mule
Gateway Best
Practices
Trivia Q&A
●About the Speaker :
Introductions
4
Jyoti Nimbalkar,
MuleSoft Developer @ Nagarro
Anypoint API Manager Custom
Policies & Best Practices
API Manager
Anypoint API Manager is a feature
of Anypoint Platform that enables
us to manage, govern, and secure
APIs. It leverages the runtime
capabilities of Anypoint Flex
Gateway, Anypoint Mule
Gateway and Anypoint Service
Mesh, all of which enforce policies,
collect and track analytics data,
manage proxies, provide
encryption and authentication, and
manage applications.
Anypoint Flex Gateway
Anypoint Flex Gateway is ultrafast, designed
to manage and secure APIs running
anywhere. Built to integrate seamlessly with
DevOps and CI/CD workflows, Anypoint Flex
Gateway delivers the performance required
for the most demanding applications while
providing enterprise security and
manageability across any environment.
● Secure any API running anywhere
● Extend Anypoint Platform to all APIs
● Build responsive experiences
Anypoint Service Mesh
Anypoint Service Mesh enables you to extend
your microservices network by including your
non-MuleSoft applications into the Anypoint
Platform sphere.
You can then manage and secure your
application network, including your non-Mule
applications, seamlessly from a single pane.
Anypoint Mule Gateway
Anypoint Runtime includes embedded Mule
Gateway. Using this gateway, user can apply
various policies on top of a Mule application.
User can also enrich an incoming/outgoing
message or add any other complex capability
to an API without having to write any code.
Overall, Mule Gateway allows user to add a
dedicated orchestration layer on top of
backend APIs and services to help them
separate orchestration from implementation
concerns.
Policies
10
A policy extends the functionality of an API and enforces certain capabilities such as security, control
access and traffic.
Default/Included
Policies
01
Ready-to-use policies for areas such as
Authentication, Security Management Threat
protection and Tokenization.
Policy Types
Custom Policies
03
Policy that is applied to satisfy specific
business application.
Automated Policies
02
You Can apply any default or a custom policy
to all apis in particular environment.
Policy Categories Default Policies
Security Transformation
IP Allowlist/
Blacklist
JWT Validation
Basic
Authentication
Tokenization/Det
okenization
Compliance Quality Of Service Troubleshooting
Open AM Access
Token
Enforcement
Mule OAuth 2.0
Access Token
Enforcement
JSON/XML Threat
Protection
Client Id
Enforcement
CORS
Header
Injection
Header
Removal
HTTP
Caching
Rate
Limiting
Rate
Limiting SLA
Based
Spike
Control
Message
Logging
Custom Policies
If we come across a requirement to create a policy that is not included in the default set of
policies provided by AnyPoint API Manager, then we can create our own custom policy.
Custom Policy Development Lifecycle
1. Develop the policy.
2. Package the policy.
3. Upload the resulting policy assets to Exchange.
4. Apply the policy to any API through API Manager.
Use Case
Create a custom policy to log below parameters from the inbound and outbound properties.
1. Inbound Payload
1. Outbound payload
1. Inbound Headers
1. Outbound Headers
Develop the Policy
Settings.xml
Anypoint
Exchange
Credentials
Nexus
Repository
Develop the Policy
Maven Archetype
Anypoint
platform
Organization Id
Develop the Policy
Definition (policy_name.yaml) File
Custom Policy will be applied
through Anypoint Manager using
the configuration made in the
definition (PolicyName.yaml) file.
Develop the Policy
Mule Configuration (template.xml) File
Configuration file contains the actual logic of custom policy.
Package The Policy
From the command line in your project’s folder, run the install phase and the deploy phase.
mvn clean install
The packager then packages your application and creates the deployable JAR file into the target directory
within your project’s folder.
Upload the resulting policy assets to Exchange
mvn deploy
Mvn deploy will publish the custom policy application into AnyPoint Exchange
Apply the policy to any API through API Manager
Add the custom policy in your proxy and test it using postman with department header
Anypoint Mule Gateway Best Practices
Best Practices for Using Policies
On-premises/Hybrid
Cloud IaaS
Fully Managed PaaS
MuleSoft CloudHub 2.0
Which policies make sense for you to apply?
API Manager Best Practices
(General)
On-premises/Hybrid
Cloud IaaS
Fully Managed PaaS
MuleSoft CloudHub 2.0
• Always label your API Instances in API Manager.
• Use Automated policies only when it makes sense.
• Order of policies matters.
• Use API Autodiscovery whenever possible to save resources.
• Define guidelines for API policies to apply to System, Process and Experience APIs.
• Create reusable RAML fragments for API policies and publish them to Anypoint Exchange.
API Manager Best Practices
(Policies)
On-premises/Hybrid
Cloud IaaS
Fully Managed PaaS
MuleSoft CloudHub 2.0
• Client Id Enforcement.
Should always be the minimum for all APIs
• OAuth 2.0:
should be standard for Experience APIs
• IP Allow list and Blacklist
Consider allowing only traffic from your internal network for certain APIs.
• JSON/XML threat protection
Protect your Experience APIs from heavy payload sizes.
API Manager Best Practices
(Policies)
On-premises/Hybrid
Cloud IaaS
Fully Managed PaaS
MuleSoft CloudHub 2.0
• Rate limiting / Rate limiting SLA:
System APIs: Work with SLA to protect your backend systems and use manual approval
SLA to keep an overview of apps.
Process APIs: Work with SLA; if rate limiting without SLA use Client Id enforcement
Experience API: Work with SLA; no exposure of ‘X-RateLimit’ header.
• Spike Control:
System APIs: to protect the backend system from temporary API invocation bursts.
Process APIs: to protect from temporary API invocation bursts.
Experience API: No spike control
Q&A
Get ready to WIN a MuleSoft Training/Certification Voucher
Quiz Time
29
Scan the below QR or Type in URL in browser : https://sfdc.co/bng-meetups-trivia
Trivia Time
30
● Share:
○ Tweet using the hashtag #MuleSoftMeetups #MuleSoftCommunity
○ Join Bangalore Group: https://meetups.mulesoft.com/bangalore
● Feedback:
○ Fill out the survey feedback and suggest topics for upcoming events
○ Contact MuleSoft at meetups@mulesoft.com for ways to improve the program
What’s next?
Take a stand !
31
●Nominate yourself for the next meetup speaker and suggest a topic as well.
https://sfdc.co/hyd-meetup-nomination
Thank You

More Related Content

What's hot

MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...
MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...
MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...Jitendra Bafna
 
Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...
Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...
Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...Eva Mave Ng
 
Benefits of integration with the Mulesoft Anypoint Platform
Benefits of integration with the Mulesoft Anypoint PlatformBenefits of integration with the Mulesoft Anypoint Platform
Benefits of integration with the Mulesoft Anypoint PlatformCloud Analogy
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecAdam Paxton
 
MuleSoft Architecture Presentation
MuleSoft Architecture PresentationMuleSoft Architecture Presentation
MuleSoft Architecture PresentationRupesh Sinha
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API SecurityMuleSoft
 
Three layer API Design Architecture
Three layer API Design ArchitectureThree layer API Design Architecture
Three layer API Design ArchitectureHarish Kumar
 
MuleSoft Nashik Meetup#5 - JSON Logger and Externalize Logs
MuleSoft Nashik Meetup#5 - JSON Logger and Externalize LogsMuleSoft Nashik Meetup#5 - JSON Logger and Externalize Logs
MuleSoft Nashik Meetup#5 - JSON Logger and Externalize LogsJitendra Bafna
 
Object Store V2 Workshop
Object Store V2 WorkshopObject Store V2 Workshop
Object Store V2 WorkshopMuleSoft
 
Session on API auto scaling, monitoring and Log management
Session on API auto scaling, monitoring and Log managementSession on API auto scaling, monitoring and Log management
Session on API auto scaling, monitoring and Log managementpqrs1234
 
MuleSoft Anypoint Platform and Three Tier Architecture
MuleSoft Anypoint  Platform and Three Tier ArchitectureMuleSoft Anypoint  Platform and Three Tier Architecture
MuleSoft Anypoint Platform and Three Tier ArchitectureHarish Kumar
 
Why Mulesoft ?
Why Mulesoft ?Why Mulesoft ?
Why Mulesoft ?Bui Kiet
 
Manchester MuleSoft Meetup #6 - Runtime Fabric with Mulesoft
Manchester MuleSoft Meetup #6 - Runtime Fabric with Mulesoft Manchester MuleSoft Meetup #6 - Runtime Fabric with Mulesoft
Manchester MuleSoft Meetup #6 - Runtime Fabric with Mulesoft Akshata Sawant
 
Salesforce Integration Patterns
Salesforce Integration PatternsSalesforce Integration Patterns
Salesforce Integration Patternsusolutions
 
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations  : MuleSoft Virtual Muleys MeetupsMuleSoft Runtime Fabric (RTF): Foundations  : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys MeetupsAngel Alberici
 
[Madrid-Meetup April 22] UAPIM.pptx
[Madrid-Meetup April 22] UAPIM.pptx[Madrid-Meetup April 22] UAPIM.pptx
[Madrid-Meetup April 22] UAPIM.pptxjorgelebrato
 
Exploring Universal API Management And Flex Gateway
Exploring Universal API Management And Flex GatewayExploring Universal API Management And Flex Gateway
Exploring Universal API Management And Flex Gatewayshyamraj55
 

What's hot (20)

MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...
MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...
MuleSoft Surat Meetup#41 - Universal API Management, Anypoint Flex Gateway an...
 
Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...
Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...
Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...
 
Benefits of integration with the Mulesoft Anypoint Platform
Benefits of integration with the Mulesoft Anypoint PlatformBenefits of integration with the Mulesoft Anypoint Platform
Benefits of integration with the Mulesoft Anypoint Platform
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI Spec
 
MuleSoft Architecture Presentation
MuleSoft Architecture PresentationMuleSoft Architecture Presentation
MuleSoft Architecture Presentation
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API Security
 
Three layer API Design Architecture
Three layer API Design ArchitectureThree layer API Design Architecture
Three layer API Design Architecture
 
MuleSoft Nashik Meetup#5 - JSON Logger and Externalize Logs
MuleSoft Nashik Meetup#5 - JSON Logger and Externalize LogsMuleSoft Nashik Meetup#5 - JSON Logger and Externalize Logs
MuleSoft Nashik Meetup#5 - JSON Logger and Externalize Logs
 
Apigee Products Overview
Apigee Products OverviewApigee Products Overview
Apigee Products Overview
 
Object Store V2 Workshop
Object Store V2 WorkshopObject Store V2 Workshop
Object Store V2 Workshop
 
Session on API auto scaling, monitoring and Log management
Session on API auto scaling, monitoring and Log managementSession on API auto scaling, monitoring and Log management
Session on API auto scaling, monitoring and Log management
 
MuleSoft Anypoint Platform and Three Tier Architecture
MuleSoft Anypoint  Platform and Three Tier ArchitectureMuleSoft Anypoint  Platform and Three Tier Architecture
MuleSoft Anypoint Platform and Three Tier Architecture
 
Introduction to MuleSoft
Introduction to MuleSoftIntroduction to MuleSoft
Introduction to MuleSoft
 
Why Mulesoft ?
Why Mulesoft ?Why Mulesoft ?
Why Mulesoft ?
 
Manchester MuleSoft Meetup #6 - Runtime Fabric with Mulesoft
Manchester MuleSoft Meetup #6 - Runtime Fabric with Mulesoft Manchester MuleSoft Meetup #6 - Runtime Fabric with Mulesoft
Manchester MuleSoft Meetup #6 - Runtime Fabric with Mulesoft
 
Cloudhub 2.0
Cloudhub 2.0Cloudhub 2.0
Cloudhub 2.0
 
Salesforce Integration Patterns
Salesforce Integration PatternsSalesforce Integration Patterns
Salesforce Integration Patterns
 
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations  : MuleSoft Virtual Muleys MeetupsMuleSoft Runtime Fabric (RTF): Foundations  : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
 
[Madrid-Meetup April 22] UAPIM.pptx
[Madrid-Meetup April 22] UAPIM.pptx[Madrid-Meetup April 22] UAPIM.pptx
[Madrid-Meetup April 22] UAPIM.pptx
 
Exploring Universal API Management And Flex Gateway
Exploring Universal API Management And Flex GatewayExploring Universal API Management And Flex Gateway
Exploring Universal API Management And Flex Gateway
 

Similar to Anypoint API Manager Custom Policies & Best Practices

How to Secure Mule API's With a Demo
How to Secure Mule API's With a DemoHow to Secure Mule API's With a Demo
How to Secure Mule API's With a DemoManjuKumara GH
 
Baltimore jan2019 mule4
Baltimore jan2019 mule4Baltimore jan2019 mule4
Baltimore jan2019 mule4ManjuKumara GH
 
MuleSoft Surat Virtual Meetup#3 - Anypoint Custom Policies, API Manager (Prox...
MuleSoft Surat Virtual Meetup#3 - Anypoint Custom Policies, API Manager (Prox...MuleSoft Surat Virtual Meetup#3 - Anypoint Custom Policies, API Manager (Prox...
MuleSoft Surat Virtual Meetup#3 - Anypoint Custom Policies, API Manager (Prox...Jitendra Bafna
 
[Madrid-Meetup Octubre 22] Seguridad fuerte como el vinagre de Jerez. Políti...
[Madrid-Meetup Octubre 22] Seguridad fuerte como el vinagre de Jerez. Políti...[Madrid-Meetup Octubre 22] Seguridad fuerte como el vinagre de Jerez. Políti...
[Madrid-Meetup Octubre 22] Seguridad fuerte como el vinagre de Jerez. Políti...jorgelebrato
 
What's New with Anypoint Platform? Unified Platform Management
What's New with Anypoint Platform? Unified Platform ManagementWhat's New with Anypoint Platform? Unified Platform Management
What's New with Anypoint Platform? Unified Platform ManagementMuleSoft
 
MuleSoft Surat Virtual Meetup#16 - Anypoint Deployment Option, API and Operat...
MuleSoft Surat Virtual Meetup#16 - Anypoint Deployment Option, API and Operat...MuleSoft Surat Virtual Meetup#16 - Anypoint Deployment Option, API and Operat...
MuleSoft Surat Virtual Meetup#16 - Anypoint Deployment Option, API and Operat...Jitendra Bafna
 
MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...
MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...
MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...Jitendra Bafna
 
Warsaw MuleSoft Meetup #7 - custom policy
Warsaw MuleSoft Meetup #7 - custom policyWarsaw MuleSoft Meetup #7 - custom policy
Warsaw MuleSoft Meetup #7 - custom policyPatryk Bandurski
 
Wellington MuleSoft Meetup 2021-02-18
Wellington MuleSoft Meetup 2021-02-18Wellington MuleSoft Meetup 2021-02-18
Wellington MuleSoft Meetup 2021-02-18Mary Joy Sabal
 
Princeton-NJ-Meetup-Troubleshooting-with-AnyPoint-Monitoring
Princeton-NJ-Meetup-Troubleshooting-with-AnyPoint-MonitoringPrinceton-NJ-Meetup-Troubleshooting-with-AnyPoint-Monitoring
Princeton-NJ-Meetup-Troubleshooting-with-AnyPoint-MonitoringSravan Lingam
 
Mule Meetup Calgary- API Governance & Conformance.pdf
Mule Meetup Calgary- API Governance & Conformance.pdfMule Meetup Calgary- API Governance & Conformance.pdf
Mule Meetup Calgary- API Governance & Conformance.pdfNithaJoseph4
 
Mulesoft Meetup Roma - Monitoring Framework & DevOps.pptx
Mulesoft Meetup Roma - Monitoring Framework & DevOps.pptxMulesoft Meetup Roma - Monitoring Framework & DevOps.pptx
Mulesoft Meetup Roma - Monitoring Framework & DevOps.pptxAlfonso Martino
 
Mule soft riyadh virtual meetup_30_aug
Mule soft riyadh virtual meetup_30_augMule soft riyadh virtual meetup_30_aug
Mule soft riyadh virtual meetup_30_augsatyasekhar123
 
Practical Data Mesh: Building Decentralized Data Architectures with Event Stream
Practical Data Mesh: Building Decentralized Data Architectures with Event StreamPractical Data Mesh: Building Decentralized Data Architectures with Event Stream
Practical Data Mesh: Building Decentralized Data Architectures with Event StreamEva Mave Ng
 
Practical Data Mesh: Building Decentralized Data Architectures with Event Str...
Practical Data Mesh: Building Decentralized Data Architectures with Event Str...Practical Data Mesh: Building Decentralized Data Architectures with Event Str...
Practical Data Mesh: Building Decentralized Data Architectures with Event Str...Harshana Martin
 
Engineering Student MuleSoft Meetup#3 - API Implementation using APIKIT route...
Engineering Student MuleSoft Meetup#3 - API Implementation using APIKIT route...Engineering Student MuleSoft Meetup#3 - API Implementation using APIKIT route...
Engineering Student MuleSoft Meetup#3 - API Implementation using APIKIT route...Jitendra Bafna
 
Singapore MuleSoft Meetup - 24 Aug 2022
Singapore MuleSoft Meetup - 24 Aug 2022Singapore MuleSoft Meetup - 24 Aug 2022
Singapore MuleSoft Meetup - 24 Aug 2022Royston Lobo
 
Achieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By DesignAchieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By DesignAmazon Web Services
 
Bangalore mulesoft meetup#10
Bangalore mulesoft meetup#10Bangalore mulesoft meetup#10
Bangalore mulesoft meetup#10D.Rajesh Kumar
 
Virtual meetup - Exploring the Runtime Fabric deployment model
Virtual meetup - Exploring the Runtime Fabric deployment modelVirtual meetup - Exploring the Runtime Fabric deployment model
Virtual meetup - Exploring the Runtime Fabric deployment modelJimmy Attia
 

Similar to Anypoint API Manager Custom Policies & Best Practices (20)

How to Secure Mule API's With a Demo
How to Secure Mule API's With a DemoHow to Secure Mule API's With a Demo
How to Secure Mule API's With a Demo
 
Baltimore jan2019 mule4
Baltimore jan2019 mule4Baltimore jan2019 mule4
Baltimore jan2019 mule4
 
MuleSoft Surat Virtual Meetup#3 - Anypoint Custom Policies, API Manager (Prox...
MuleSoft Surat Virtual Meetup#3 - Anypoint Custom Policies, API Manager (Prox...MuleSoft Surat Virtual Meetup#3 - Anypoint Custom Policies, API Manager (Prox...
MuleSoft Surat Virtual Meetup#3 - Anypoint Custom Policies, API Manager (Prox...
 
[Madrid-Meetup Octubre 22] Seguridad fuerte como el vinagre de Jerez. Políti...
[Madrid-Meetup Octubre 22] Seguridad fuerte como el vinagre de Jerez. Políti...[Madrid-Meetup Octubre 22] Seguridad fuerte como el vinagre de Jerez. Políti...
[Madrid-Meetup Octubre 22] Seguridad fuerte como el vinagre de Jerez. Políti...
 
What's New with Anypoint Platform? Unified Platform Management
What's New with Anypoint Platform? Unified Platform ManagementWhat's New with Anypoint Platform? Unified Platform Management
What's New with Anypoint Platform? Unified Platform Management
 
MuleSoft Surat Virtual Meetup#16 - Anypoint Deployment Option, API and Operat...
MuleSoft Surat Virtual Meetup#16 - Anypoint Deployment Option, API and Operat...MuleSoft Surat Virtual Meetup#16 - Anypoint Deployment Option, API and Operat...
MuleSoft Surat Virtual Meetup#16 - Anypoint Deployment Option, API and Operat...
 
MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...
MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...
MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...
 
Warsaw MuleSoft Meetup #7 - custom policy
Warsaw MuleSoft Meetup #7 - custom policyWarsaw MuleSoft Meetup #7 - custom policy
Warsaw MuleSoft Meetup #7 - custom policy
 
Wellington MuleSoft Meetup 2021-02-18
Wellington MuleSoft Meetup 2021-02-18Wellington MuleSoft Meetup 2021-02-18
Wellington MuleSoft Meetup 2021-02-18
 
Princeton-NJ-Meetup-Troubleshooting-with-AnyPoint-Monitoring
Princeton-NJ-Meetup-Troubleshooting-with-AnyPoint-MonitoringPrinceton-NJ-Meetup-Troubleshooting-with-AnyPoint-Monitoring
Princeton-NJ-Meetup-Troubleshooting-with-AnyPoint-Monitoring
 
Mule Meetup Calgary- API Governance & Conformance.pdf
Mule Meetup Calgary- API Governance & Conformance.pdfMule Meetup Calgary- API Governance & Conformance.pdf
Mule Meetup Calgary- API Governance & Conformance.pdf
 
Mulesoft Meetup Roma - Monitoring Framework & DevOps.pptx
Mulesoft Meetup Roma - Monitoring Framework & DevOps.pptxMulesoft Meetup Roma - Monitoring Framework & DevOps.pptx
Mulesoft Meetup Roma - Monitoring Framework & DevOps.pptx
 
Mule soft riyadh virtual meetup_30_aug
Mule soft riyadh virtual meetup_30_augMule soft riyadh virtual meetup_30_aug
Mule soft riyadh virtual meetup_30_aug
 
Practical Data Mesh: Building Decentralized Data Architectures with Event Stream
Practical Data Mesh: Building Decentralized Data Architectures with Event StreamPractical Data Mesh: Building Decentralized Data Architectures with Event Stream
Practical Data Mesh: Building Decentralized Data Architectures with Event Stream
 
Practical Data Mesh: Building Decentralized Data Architectures with Event Str...
Practical Data Mesh: Building Decentralized Data Architectures with Event Str...Practical Data Mesh: Building Decentralized Data Architectures with Event Str...
Practical Data Mesh: Building Decentralized Data Architectures with Event Str...
 
Engineering Student MuleSoft Meetup#3 - API Implementation using APIKIT route...
Engineering Student MuleSoft Meetup#3 - API Implementation using APIKIT route...Engineering Student MuleSoft Meetup#3 - API Implementation using APIKIT route...
Engineering Student MuleSoft Meetup#3 - API Implementation using APIKIT route...
 
Singapore MuleSoft Meetup - 24 Aug 2022
Singapore MuleSoft Meetup - 24 Aug 2022Singapore MuleSoft Meetup - 24 Aug 2022
Singapore MuleSoft Meetup - 24 Aug 2022
 
Achieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By DesignAchieve Compliance with Security by Default and By Design
Achieve Compliance with Security by Default and By Design
 
Bangalore mulesoft meetup#10
Bangalore mulesoft meetup#10Bangalore mulesoft meetup#10
Bangalore mulesoft meetup#10
 
Virtual meetup - Exploring the Runtime Fabric deployment model
Virtual meetup - Exploring the Runtime Fabric deployment modelVirtual meetup - Exploring the Runtime Fabric deployment model
Virtual meetup - Exploring the Runtime Fabric deployment model
 

More from MuleSoft Meetups

MuleSoft + Augmented Reality & ChatGPT
MuleSoft + Augmented Reality & ChatGPTMuleSoft + Augmented Reality & ChatGPT
MuleSoft + Augmented Reality & ChatGPTMuleSoft Meetups
 
Anypoint Custom Metrics Mastery
Anypoint Custom Metrics MasteryAnypoint Custom Metrics Mastery
Anypoint Custom Metrics MasteryMuleSoft Meetups
 
DataWeave Extension Library
DataWeave Extension LibraryDataWeave Extension Library
DataWeave Extension LibraryMuleSoft Meetups
 
MuleSoft + Augmented Reality & ChatGPT
MuleSoft + Augmented Reality & ChatGPTMuleSoft + Augmented Reality & ChatGPT
MuleSoft + Augmented Reality & ChatGPTMuleSoft Meetups
 

More from MuleSoft Meetups (6)

The ins and outs of RAML
The ins and outs of RAMLThe ins and outs of RAML
The ins and outs of RAML
 
MuleSoft + Augmented Reality & ChatGPT
MuleSoft + Augmented Reality & ChatGPTMuleSoft + Augmented Reality & ChatGPT
MuleSoft + Augmented Reality & ChatGPT
 
API LifeCycle Management
API LifeCycle ManagementAPI LifeCycle Management
API LifeCycle Management
 
Anypoint Custom Metrics Mastery
Anypoint Custom Metrics MasteryAnypoint Custom Metrics Mastery
Anypoint Custom Metrics Mastery
 
DataWeave Extension Library
DataWeave Extension LibraryDataWeave Extension Library
DataWeave Extension Library
 
MuleSoft + Augmented Reality & ChatGPT
MuleSoft + Augmented Reality & ChatGPTMuleSoft + Augmented Reality & ChatGPT
MuleSoft + Augmented Reality & ChatGPT
 

Recently uploaded

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 

Recently uploaded (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 

Anypoint API Manager Custom Policies & Best Practices

  • 1. December 23, 2022 4:00 PM IST 19th Bangalore MuleSoft Meetup Anypoint API Manager Custom Policies & Best Practices
  • 2. A recording of this meetup will be uploaded to events page within 72 hours. Questions can be submitted/asked at any time in the Chat/Questions & Answers Tab. Make it more Interactive!!! Share us the feedback! Rate this meetup session by filling feedback form at the end of the day. We Love Feedbacks !! Housekeeping 2
  • 3. Introductions API Manager ❏ Policies ❏ Custom Policies ❏ Demo ❏ Anypoint Mule Gateway Best Practices Trivia Q&A
  • 4. ●About the Speaker : Introductions 4 Jyoti Nimbalkar, MuleSoft Developer @ Nagarro
  • 5. Anypoint API Manager Custom Policies & Best Practices
  • 6. API Manager Anypoint API Manager is a feature of Anypoint Platform that enables us to manage, govern, and secure APIs. It leverages the runtime capabilities of Anypoint Flex Gateway, Anypoint Mule Gateway and Anypoint Service Mesh, all of which enforce policies, collect and track analytics data, manage proxies, provide encryption and authentication, and manage applications.
  • 7. Anypoint Flex Gateway Anypoint Flex Gateway is ultrafast, designed to manage and secure APIs running anywhere. Built to integrate seamlessly with DevOps and CI/CD workflows, Anypoint Flex Gateway delivers the performance required for the most demanding applications while providing enterprise security and manageability across any environment. ● Secure any API running anywhere ● Extend Anypoint Platform to all APIs ● Build responsive experiences
  • 8. Anypoint Service Mesh Anypoint Service Mesh enables you to extend your microservices network by including your non-MuleSoft applications into the Anypoint Platform sphere. You can then manage and secure your application network, including your non-Mule applications, seamlessly from a single pane.
  • 9. Anypoint Mule Gateway Anypoint Runtime includes embedded Mule Gateway. Using this gateway, user can apply various policies on top of a Mule application. User can also enrich an incoming/outgoing message or add any other complex capability to an API without having to write any code. Overall, Mule Gateway allows user to add a dedicated orchestration layer on top of backend APIs and services to help them separate orchestration from implementation concerns.
  • 10. Policies 10 A policy extends the functionality of an API and enforces certain capabilities such as security, control access and traffic.
  • 11. Default/Included Policies 01 Ready-to-use policies for areas such as Authentication, Security Management Threat protection and Tokenization. Policy Types Custom Policies 03 Policy that is applied to satisfy specific business application. Automated Policies 02 You Can apply any default or a custom policy to all apis in particular environment.
  • 12. Policy Categories Default Policies Security Transformation IP Allowlist/ Blacklist JWT Validation Basic Authentication Tokenization/Det okenization Compliance Quality Of Service Troubleshooting Open AM Access Token Enforcement Mule OAuth 2.0 Access Token Enforcement JSON/XML Threat Protection Client Id Enforcement CORS Header Injection Header Removal HTTP Caching Rate Limiting Rate Limiting SLA Based Spike Control Message Logging
  • 13. Custom Policies If we come across a requirement to create a policy that is not included in the default set of policies provided by AnyPoint API Manager, then we can create our own custom policy.
  • 14. Custom Policy Development Lifecycle 1. Develop the policy. 2. Package the policy. 3. Upload the resulting policy assets to Exchange. 4. Apply the policy to any API through API Manager.
  • 15. Use Case Create a custom policy to log below parameters from the inbound and outbound properties. 1. Inbound Payload 1. Outbound payload 1. Inbound Headers 1. Outbound Headers
  • 17. Develop the Policy Maven Archetype Anypoint platform Organization Id
  • 18. Develop the Policy Definition (policy_name.yaml) File Custom Policy will be applied through Anypoint Manager using the configuration made in the definition (PolicyName.yaml) file.
  • 19. Develop the Policy Mule Configuration (template.xml) File Configuration file contains the actual logic of custom policy.
  • 20. Package The Policy From the command line in your project’s folder, run the install phase and the deploy phase. mvn clean install The packager then packages your application and creates the deployable JAR file into the target directory within your project’s folder. Upload the resulting policy assets to Exchange mvn deploy Mvn deploy will publish the custom policy application into AnyPoint Exchange
  • 21. Apply the policy to any API through API Manager Add the custom policy in your proxy and test it using postman with department header
  • 22. Anypoint Mule Gateway Best Practices
  • 23. Best Practices for Using Policies On-premises/Hybrid Cloud IaaS Fully Managed PaaS MuleSoft CloudHub 2.0 Which policies make sense for you to apply?
  • 24. API Manager Best Practices (General) On-premises/Hybrid Cloud IaaS Fully Managed PaaS MuleSoft CloudHub 2.0 • Always label your API Instances in API Manager. • Use Automated policies only when it makes sense. • Order of policies matters. • Use API Autodiscovery whenever possible to save resources. • Define guidelines for API policies to apply to System, Process and Experience APIs. • Create reusable RAML fragments for API policies and publish them to Anypoint Exchange.
  • 25. API Manager Best Practices (Policies) On-premises/Hybrid Cloud IaaS Fully Managed PaaS MuleSoft CloudHub 2.0 • Client Id Enforcement. Should always be the minimum for all APIs • OAuth 2.0: should be standard for Experience APIs • IP Allow list and Blacklist Consider allowing only traffic from your internal network for certain APIs. • JSON/XML threat protection Protect your Experience APIs from heavy payload sizes.
  • 26. API Manager Best Practices (Policies) On-premises/Hybrid Cloud IaaS Fully Managed PaaS MuleSoft CloudHub 2.0 • Rate limiting / Rate limiting SLA: System APIs: Work with SLA to protect your backend systems and use manual approval SLA to keep an overview of apps. Process APIs: Work with SLA; if rate limiting without SLA use Client Id enforcement Experience API: Work with SLA; no exposure of ‘X-RateLimit’ header. • Spike Control: System APIs: to protect the backend system from temporary API invocation bursts. Process APIs: to protect from temporary API invocation bursts. Experience API: No spike control
  • 27. Q&A
  • 28. Get ready to WIN a MuleSoft Training/Certification Voucher Quiz Time
  • 29. 29 Scan the below QR or Type in URL in browser : https://sfdc.co/bng-meetups-trivia Trivia Time
  • 30. 30 ● Share: ○ Tweet using the hashtag #MuleSoftMeetups #MuleSoftCommunity ○ Join Bangalore Group: https://meetups.mulesoft.com/bangalore ● Feedback: ○ Fill out the survey feedback and suggest topics for upcoming events ○ Contact MuleSoft at meetups@mulesoft.com for ways to improve the program What’s next?
  • 31. Take a stand ! 31 ●Nominate yourself for the next meetup speaker and suggest a topic as well. https://sfdc.co/hyd-meetup-nomination