The Cequence Unified API Protection (UAP) platform supports integration with the MuleSoft Anypoint API Manager (versions 4.0+). Using MuleSoft with the Cequence UAP platform requires a MuleSoft Enterprise Repository license.
Masking your sensitive data uses the Cequence Bridge in the passive integration between the Cequence UAP platform and MuleSoft. Deploy a custom MuleSoft policy to the MuleSoft Anypoint API Manager to enable this integration. Cequence has developed a Custom Policy and provides it to all current and prospective customers with detailed integration steps.
Passive integration between Mulesoft and the Cequence UAP platform
The Cequence Bridge examines a copy of the API transactions and masks data that matches the sensitive-data patterns before delivering the results asynchronously to the Cequence UAP platform.
Data flow
-
The API client sends a request to the MuleSoft Anypoint API Manager (API Manager) endpoint.
The Cequence Passive Policy in MuleSoft captures request metadata in a non-blocking mode. - The API Manager forwards the API request to the application API server.
-
The application API server processes the request and responds through the API Manager.
The Cequence Passive Policy once again captures response metadata and sends a copy to the Cequence Sideband API server. - The Cequence Bridge examines the request and response metadata for both transactions and masks any sensitive data.
- The Cequence Sideband API server sends the metadata to the Cequence UAP platform for analysis.
The API Manager sends the response downstream to the API client.
Deploying the Cequence custom MuleSoft policy
Before you deploy the custom policy, confirm that your environment satisfies the pre-requisites.
Pre-Requisites
- Have the correct MuleSoft version. The Cequence custom policy supports MuleSoft version 4.0 and above.
- Confirm that Apache Maven is installed on the development machine where MuleSoft custom policy will be built.
Cequence Passive Policy Deployment Steps
- Download Cequence custom policy bundle for Passive policy.
See attached: cequence-passive-policy.zip - Unzip the downloaded file to see the directory layout below.
- Edit pom.xml to update the MuleSoft Organization ID in two places:
Line 7:<groupId>26ff87f0-93cf-4353-811f-312cfc09fa02</groupId>
Line 18:<exchange.url>https://maven.anypoint.MuleSoft.com/api/v1/organizations/26ff87f0-93cf-4353-811f-312cfc09fa02/maven</exchange.url>
- Edit src/main/mule/template.xml and update Line 130 and Line 171 that has:
path="/auth/realms/defender-3/protocol/openid-connect/token"
change to:
path="/auth/realms/cequence/protocol/openid-connect/token"
Edit src/main/mule/template.xml to update the CEQUENCE_EDGE_DOMAIN and CEQUENCE_AUTH_DOMAIN with the unique domains provided by Cequence.
Line 28:<http:request-connection host="<CEQUENCE_EDGE_DOMAIN>" port="443" protocol="HTTPS">
Line 35:<http:request-connection host="<CEQUENCE_AUTH_DOMAIN>" port="443" protocol="HTTPS">
5. Download the attached settings.xml and place it under the $HOME/.m2/ directory.
6. Edit lines 7, 8 to with the credentials (username and password) for your MuleSoft account. These credentials will be used to authenticate before uploading the built Cequence policy JAR into MuleSoft Anypoint Exchange.
<server>
7. Next we’ll build the Cequence policy JAR and upload it into the MuleSoft Anypoint Exchange account.
<id>exchange-server</id>
<username>YOUR_USERNAME</username>
<password>YOUR_PASSWORD</password>
</server>$ mvn clean package
8. This builds the Cequence policy JAR and places it inside the target directory: /cequence-passive-policy/target/cequence-passive-policy-1.0.3-mule-policy.jar
$ mvn clean deploy
This uploads the Cequence policy JAR built in the previous step into the MuleSoft Anypoint Exchange account.
9. Now that the Cequence policy is available as an Asset inside of the MuleSoft Anypoint Exchange, it is ready to be applied either as an Automated policy (that applies to all API proxies deployed under API Manager) or as an API-level policy (to be individually applied to an API proxy under API Manager).
Below are reference steps for applying the Cequence Passive Policy at the API-level to an existing API Proxy Deployment with API name Users API.
API Administration > Policies > API-level policies > Add Policy
Configure and Apply the Policy:
Runtime Manager > Logs confirms that the policy was applied successfully to the API Proxy.
To remove API-level policies, use the Remove policy option as seen in the screenshot below.
Application as an Automated Policy
API Manager > Automated Policies > Add automated policy
Once configured, the Cequence Passive Policy appears on the Automated Policies list:
On API Manager > API Administration > Users API > Policies, the same policy will show up as an Automated Policy for the Users API automatically.
Once the Cequence Passive Policy is applied to an API Proxy, either at API-level or as an Automated Policy, the deployment is deemed complete and the Cequence ASP should start receiving the necessary request and response metadata from the API Manager.