The Cequence Unified API Protection (UAP) platform can natively integrate with the MuleSoft Anypoint API Manager.
Inline integration is enabled by deploying a Cequence-provided custom MuleSoft policy through the MuleSoft Anypoint API Manager.
Inline Data flow - Hairpin Deployment:
- API Client sends a request to the application which will be received and handled by the API Manager.
- Within the API Manager, Cequence Inline Policy forwards the request to the Cequence UAP platform, where it is recorded, and processed for discovery, analysis, and threat mitigation. At this point the request can be blocked, redirected, or mitigated - by Cequence's threat mitigation policy action if configured.
- Vetted requests are forwarded by the Cequence UAP platform back to the API Manager.
- API Manager forwards the request to the application API server where it is handled.
- The API Server responds back through the API Manager.
- The API Response is forwarded back to the Cequence UAP platform.
- The Cequence UAP platform reviews the response for sensitive data, records relevant information, and returns it to the API Manager.
- The API Manager sends the response downstream to the API client.
Deploying the Cequence custom MuleSoft policy
Pre-Requisites
- Have the correct MuleSoft version. The Cequence custom policy supports MuleSoft version 4.0 and above.
- Installation of Apache Maven on the development machine where MuleSoft custom policy will be built.
Cequence Inline Policy Deployment Steps
1. Download Cequence custom policy bundle for Inline policy.
See attached: cequence-inline-policy.zip
2. Unzip it to see the directory layout below.
- Edit pom.xml to update the MuleSoft Organization ID in two places:
Line 7:<groupId>26ff87f0-93cf-4353-811f-312cfc09fa02</groupId>
Line 18:<exchange.url>https://maven.anypoint.MuleSoft.com/api/v1/organizations/26ff87f0-93cf-4353-811f-312cfc09fa02/maven</exchange.url>
4 Download the attached settings.xml and place it under the $HOME/.m2/ directory.
5. Edit lines 7, 8 to with the credentials (username and password) for your MuleSoft account. These credentials will be used to authenticate before uploading the built Cequence policy JAR into MuleSoft Anypoint Exchange.
<server>
<id>exchange-server</id>
<username>YOUR_USERNAME</username>
<password>YOUR_PASSWORD</password>
</server>
6. Next we’ll build the Cequence policy JAR and upload it into the MuleSoft Anypoint Exchange account.$ mvn clean package
7. This builds the Cequence policy JAR and places it inside the target directory: /cequence-passive-policy/target/cequence-inline-policy-1.0.3-mule-policy.jar
$ mvn clean deploy
This uploads the Cequence policy JAR built in the previous step into the MuleSoft Anypoint Exchange account.
- Now that the Cequence policy is available as an Asset inside of the MuleSoft Anypoint Exchange, it is ready to be applied either as an Automated policy (that applies to all API proxies deployed under API Manager) or as an API-level policy (to be individually applied to an API proxy under API Manager).
Below are reference steps for Applying the Cequence Passive Policy at API-level to an existing API Proxy Deployment with API Name: Users API.
API Administration > Policies > API-level policies > Add Policy
Configure and Apply the Policy:
Runtime Manager > Logs will indicate the policy was applied successfully to the API Proxy.
To Remove API-level policies > Use Remove policy option as seen in the screenshot below.
Application as an Automated Policy
API Manager > Automated Policies > Add automated policy
Once configured, the Cequence Inline Policy will show up on the Automated Policies list:
On API Manager > API Administration > Users API > Policies, the same policy will show up as an Automated Policy for the Users API automatically.
Once the Cequence Inline Policy is applied to an API Proxy, either at API-level or as an Automated Policy, the deployment is deemed complete and the Cequence UAP platform proceses traffic according to the inline integration pattern described above.
Attachments
Cequence Inline Policy and settings