The Cequence Unified API Protection (UAP) platform natively integrates with the MuleSoft Anypoint API Manager by deploying a Cequence provided Custom MuleSoft Policy through the MuleSoft Anypoint API Manager.
In a passive integration, a copy of each API transaction is sent asynchronously to the Cequence UAP platform.
Passive Data flow:
- Mulesoft Runtime receives request from downstream.
- The Cequence policy sits inline and captures all request & response that flows through the Gateway runtime (if the policy is enabled globally).
- The policy packages the incoming requests and responses and asynchronously sends to a
Cequence API Proxy. - The Cequence API Proxy collates and processes the API Request & Response Payload and sends the formatted transaction to the Cequence UAP Platform.
Integration prerequisites
Before you integrate the Cequence UAP platform with MuleSoft, verify that your environment meets the following prerequisites:
- Mulesoft runtime version 4.1.1 or newer
- Java version 8 , 11, 17
- Maven version 3.9.6
- Cequence UAP platform version 7.3.10 or newer
- Generated ClientId and Secret
- Access to the authentication and API edge endpoints from the
Cequence UAP Platform - Download the ZIP file that contains the required files: a MuleSoft policy file, a Cequence API proxy JAR file, and the settings.xml configuration file.
Generating a client ID and client secret
Several Cequence components must authenticate to the Cequence UAP platform in order to transmit and receive data. Create authentication credentials in the Cequence UAP platform to enable this authentication.
- Log in to the UAP management portal UI.
The URL for the management portal is typically of the form https://ui.<your-tenant-name>.<domain>. Replace <your-tenant-name> with the name of your Cequence tenant organization. Replace <domain> with your domain name. - Select General Settings > User Management.
The User Management pane appears. - Click the Clients tab.
- Click Add New Client.
The new client dialog box appears. - Type the client name in the Client Name field.
This name is the client ID. Note the client ID for later use. - Enable the Traffic Ingestion toggle.
- (Optional) To change the token lifespan from the default of 1800 seconds, type a whole number of seconds in Token Lifespan.
- Click Save.
A dialog box with the client secret appears. - Click the blue Copy icon to copy the secret to the clipboard, then click Close.
The client is now set up. Note the client name for future use.
The client list appears. - Note the value of the client secret for later use. This value will not be shown again later on the UI for security reasons.
Deploying the Cequence API proxy
- Login to the Mulesoft Anypoint Platform.
- Go to the Runtime Manager.
- Click Applications > Deploy Application > Deployment Target (Cloudhub 2.0).
- Enter a name for the application, such as cequence-api-proxy, then upload the JAR file provided by Cequence.
MuleSoft deploys the application to the runtime. - In Properties, switch to Text View and paste the following.
cequence_transactions_endpoint_url=https://edge.<UAP-FQDN>/api-transactions
Make the following replacements.
cequence_client_id=<Client ID>
cequence_client_secret=<Client Secret>
cequence_auth_endpoint_url=https://auth.<UAP-FQDN>/auth/realms/cequence/protocol/openid-connect/token
send_to_uap=true
cequence_log_level=WARNING
cequence_listener_port=8081
<UAP-FQDN>: The fully-qualified domain name of your Cequence UAP platform instance.
<Client ID>: The Client ID generated earlier.
<Client Secret>: The Client secret generated earlier. - (Optional) To disable logging, use the following settings.
Cequence Proxy API = INFO
MainPolicy = OFF - (Optional) To enable logs, use the following settings.
Cequence Proxy API = WARNING
MainPolicy = WARN - Click Applications and choose your new application.
- From the left menu, click Logs.
The deployment process logs appear. - After the application jar file deploys, the public endpoint is automatically generated and displayed. Copy and save the endpoint for future use.
A public endpoint takes a form similar to the example https://cequence-api-proxy-1d9hpv.5sc6y6-4.usa-e2.cloudhub.io
Deploying the policy
- Download the Cequence custom policy bundle for Passive policy.
See attached: cequence-passive-policy.zip - Unzip the policy bundle to see the directory layout below.
- Edit the pom.xml file to update the MuleSoft Organization ID in two places:
Line 5:<groupId>26ff87f0-93cf-4353-811f-312cfc09fa02</groupId>
Line 16:<exchange.url>https://maven.anypoint.MuleSoft.com/api/v1/organizations/26ff87f0-93cf-4353-811f-312cfc09fa02/maven</exchange.url>
Note that changes to pom.xml may place the groupId and exchange.url elements on different lines. -
Download the attached settings.xml file to the $HOME/.m2/ directory.
-
Edit the credentials (username and password) for your MuleSoft account.
These credentials authenticate to MuleSoft in order to upload the Cequence policy JAR to the MuleSoft Anypoint Exchange. -
<server>
<id>exchange-server</id>
<username>YOUR_USERNAME</username>
<password>YOUR_PASSWORD</password>
</server> - In case if SSO is enable in the Organisation then Create an App called CequenceApp under AccessManagement>>ConnectedApps>>CreateApp. Once the app is created copy the clientID and clientSecret and replace it the password tag below. Make sure that the client app has the appropriate scope to upload the policy to the Exchange Server. These credentials authenticate to MuleSoft in order to upload the Cequence policy JAR to the MuleSoft Anypoint Exchange.
-
<server>
<id>exchange-server</id>
<username>~~~Client~~~</username>
<password>clientID~?~clientSecret</password>
</server> -
Run the following command.
mvn clean package
This command builds the Cequence policy JAR in the /main-policy-plugin/target/cequence-passive-policy-1.0.0-mule-policy.jar file. -
Run the following command.
-
mvn clean deploy
This command uploads the Cequence policy JAR built in the previous step into the MuleSoft Anypoint Exchange account.
The Cequence policy is now available as an asset inside of the MuleSoft Anypoint Exchange and is ready to be applied as either an Automated policy that applies to all API proxies deployed under API Manager or as an API-level policy to apply individually to an API proxy under the API Manager.
Enable Cequence Policy Globally
To enable Cequence logging, add the policy to all other APIs.
- Go to the API Manager section.
- Go to Automated Policies.
- Search for a custom policy and select the policy, then click Next.
- Click Advanced options.
- Paste the public API endpoint from the Deploying the Cequence API proxy procedure, omitting the https:// at the beginning of the endpoint URL.
- Provide the value of Cequence Proxy App URL Protocol as HTTPS and Cequence Proxy App Url Port as 443 (or the port on which the Cequence API Proxy is exposed in your environment)
- In Mulesoft gateways, in the from version field, enter 4.1.1.
- Click APPLY.
The policy is now applied.
Testing the integration
Invoke any API endpoint to which the Policy was applied. Policies applied as automated policies apply to all deployed APIs.
To view the Mulesoft logs, go to Anypoint Platform, log in, then go to the Runtime Manager. In the runtime Manager, choose the API, then choose the Logs section on the left side menu.
Disable the Cequence policy
To disable the Cequence policy, remove the policy from all APIs. In the API Manager section, go to Automated Policies, click on the 3 dots on the right of the box and click on Remove Policy.
Uninstalling the Cequence policy
To uninstall the Cequence policy, remove the policies by following instructions from the Disable the Cequence policy section. After removing the policies, go to the Exchange Assets section and delete all the artifacts that have been installed, including the Cequence passive policy and cequence-api-proxy.
Troubleshooting
In order to view the Mulesoft logs, go to Anypoint Platform, login and then go to Runtime Manager. In the runtime Manager, choose the cequence-api-proxy, and then choose the Logs section on the left side menu.