Once you have built the integration/ api the next step is the administration of the API. Good news is anypoint platform provides us an easy way to manage the APIs using API Gateways.
An API Gateway is essentially an wrapper over your application. The advantage of having an wrapper is you can apply API management with ease without much custom coding. Mulesoft provides set of custom pre-defined policies which we can leverage for API Management. Some of the standard policies along with their use cases are listed below –
- Authentication Policies – These policies enables an administrator of the API to apply authentication to the APIs, there are a variety of authentication methods available some of them are –
- Basic Authentication – Basic authentication as name suggests is just username and password based authentication, additionally use can have a basic authentication- LDAP version, we can utilize organizational LDAP resource to authenticate users based on the same.
Use Case – When you would like to keep the access generic and not the role/instance based you can use the basic authentication.
2. Client ID Enforcement – In this policy when a consumer of the API wants to access the resources, they have to go-to the anypoint exchange and request for the access for your application. After your access is approved you will get an Client-id and client-secret to be used in headers in your further requests to the api.
Use Case – Typically used in scenarios where you have multiple consumers of the API and you want to experience fine grained control over the consumers such as rate limiting etc.
3. OAUTH 2.0 Policy – In this policy typically a delegated authorization framework for your rest APIs. It allows applications to get limited access to the users data without the need of passwords. It basically decouples the actual implementation from the authentication logic by having an authentication server in place. Mulesoft provides a functionality to create your own OAUTH 2.0 provider using custom code or to integrate from a wide variety of the market vendors.
Use Case – Typically used in the scenarios where you have multiple consumers of the API and you don’t want to give platform access to all of them. This is also used in scenarios where you have user to app, app to app etc authentication without loading the actual implementation API with the authentication logic.
