Resource Specific Client ID Enforcement - API Policy
home
Enforces use of client_id
and client_secret
as Basic authorization for specific resources on the API configurable with regular expression.
This topic describes how to create a custom policy.
The request must come from registered client via Anypoint Platform API Manager in Developer portal section (learn more)
If the request does not contain valid authentication credentials, the policy rejects the request and 401 Unauthorized HTTP status code is returned.
Request Requirements
The HTTP Authorization header must have the following form: Basic QWxhZGRpbjpPcGVuU2VzYW1l
The header content starts with 'Basic ' and is folowed by the result of Base64(client_id + ":" + client_secret)
Configuration
The policy configuration contains single mandatory parameter:
- resourceRegex - Regular expression that identifies the resource(s) relative to base URI on the API this policy is applied to (such as '/atms/*' - without quotes).
Example values:
/atms/*
/atms/*|/branches/*
Catalyst Accelerator for Banking
This API implementation is one of many components included in Catalyst Accelerator for Banking. It provides organizations with connectivity assets that accelerate project delivery in financial services, including pre-built API designs and implementations that support core banking business processes.
Contact mailto:info@mulesoft.com to find out more.