Resource Specific Client ID Enforcement - API Policy

Enforces use of client_id and client_secret as Basic authorization for specific resources on the API configurable with regular expression.

This topic describes how to create a custom policy.

The request must come from registered client via Anypoint Platform API Manager in Developer portal section (learn more)

If the request does not contain valid authentication credentials, the policy rejects the request and 401 Unauthorized HTTP status code is returned.

Request Requirements

The HTTP Authorization header must have the following form: Basic QWxhZGRpbjpPcGVuU2VzYW1l

The header content starts with 'Basic ' and is folowed by the result of Base64(client_id + ":" + client_secret)

Configuration

The policy configuration contains single mandatory parameter:

• resourceRegex - Regular expression that identifies the resource(s) relative to base URI on the API this policy is applied to (such as '/atms/*' - without quotes).

Example values:

• /atms/*
• /atms/*|/branches/*

Catalyst Accelerator for Banking

This API implementation is one of many components included in Catalyst Accelerator for Banking. It provides organizations with connectivity assets that accelerate project delivery in financial services, including pre-built API designs and implementations that support core banking business processes.

Contact mailto:info@mulesoft.com to find out more.