Mastering Anypoint Platform Connected Apps: A Secure Integration Guide

Managing integrations securely is the backbone of any robust MuleSoft architecture. If you are tired of sharing user credentials, worrying about password rotation breaking your CI/CD pipelines, or dealing with the security risks of shared accounts, Connected Apps are the solution you have been looking for.


Think of a Connected App as a "Service Account" on steroids. It allows external systems to interact with the Anypoint Platform securely using modern protocols, without ever needing a specific human's username or password. In this guide, we will break down what they are, why you need them, and how to implement them for automated deployments.

What is a Connected Application?

The Connected App functionality is your gateway to integrating external applications with the Anypoint Platform seamlessly. By leveraging OAuth 2.0 or OpenID Connect, you grant access to specific resources without exposing sensitive user credentials.

Supported Authentication Protocols

  • OAuth 2.0: This is the industry standard for safe API authorization. It works like a "valet key," permitting apps to access resources on your behalf without handing over your master keys (your actual login credentials).
  • OpenID Connect: This works in tandem with OAuth. It focuses on identifying who the end-user is and collecting that data to send to the connected app.

Why You Should Switch to Connected Apps

Beyond just security, there are distinct operational advantages to using this feature. It creates a decoupling between a specific employee's account and the automated processes running in your ecosystem.

Note on Scalability: Be aware that there are limits to how many apps you can manage (typically up to 200 Connected Apps per user/context), so plan your architecture accordingly.

How to Create a Connected App (Step-by-Step)

Setting this up is straightforward, but there is one critical prerequisite regarding your access level.

CRITICAL NOTE: You must be at the Root Organisation level. If you are logged into a sub-business group, the "Connected Apps" option will not appear in your Access Management menu.

Configuration Steps

  1. Navigate to Access Management: Sign in to your Anypoint Platform account. Go to Access Management and select Connected Apps from the left-hand menu.
  2. Start the Setup: Under the Owned Apps section, click the Create App button.
  3. Name and Type:
    • Enter a recognisable name in the Name field.
    • Select App acts on its own behalf (client credentials). This is the standard choice for CI/CD and server-to-server communication.
  4. Define Permissions: Click Add scopes. Here, you select exactly what this app is allowed to do (e.g., "CloudHub Network Viewer" or "Design Centre Developer").
  5. Finalise Context: Once scopes are picked, click Next. You will need to choose the specific Business Group and Environments (Dev, QA, Prod) these permissions apply to.
  6. Save: Click Review, then Add Scope, and finally SAVE.
  7. Verification: You should now be redirected back to the Connected Apps list where your new app is visible.

Automating Deployment to CloudHub

One of the most powerful use cases for Connected Apps is automating deployment via Maven. This allows your build pipelines (Jenkins, Azure DevOps, GitLab CI, etc.) to deploy applications without a user's login details.

1. Update Your pom.xml

You need to configure the mule-maven-plugin to use your new Connected App credentials. Add the following snippet to the plugins section of your pom.xml.

Note: Ensure you replace the placeholders (like ${connectedApp-ClientID}) with your actual values or property references.

<plugin>
 <groupId>org.mule.tools.maven</groupId>
 <artifactId>mule-maven-plugin</artifactId>
 <version>3.4.2</version>
 <extensions>true</extensions>
 <configuration>
  <cloudHubDeployment>
   <uri>https://anypoint.mulesoft.com</uri>
   <muleVersion>${app.runtime}</muleVersion>
   <connectedAppClientId>${connectedApp-ClientID}</connectedAppClientId>
   <connectedAppClientSecret>${connectedApp-ClientSecret}</connectedAppClientSecret>
   <connectedAppGrantType>client_credentials</connectedAppGrantType>
   <applicationName>${cloudhub.application.name}</applicationName>
   <environment>${environment}</environment>
   <region>${region}</region>
   <workers>${workers}</workers>
   <workerType>${workerType}</workerType>
   <objectStoreV2>true</objectStoreV2>
  </cloudHubDeployment>
 </configuration>
</plugin>

2. Retrieve Your Credentials

Where do you get the ID and Secret? Follow these steps:

  1. Go back to the Connected Apps section in Anypoint Platform.
  2. Click on the app you just created.
  3. Copy the Client ID and Client Secret displayed on the right side of the screen.

3. Deploy

To deploy your Mule application to CloudHub using these new credentials, run the standard Maven deploy command in your terminal:

mvn clean package deploy -DmuleDeploy

Conclusion

By switching to Connected Apps, you secure your pipeline and remove the dependency on individual user accounts. This robust approach ensures that your CI/CD process remains uninterrupted even if team members change or passwords rotate.

Post a Comment (0)
Previous Post Next Post