Skip to content

Anypoint API Key

Service Name: MuleSoft Anypoint Platform

Service Description: MuleSoft's Anypoint Platform is an integration platform that enables organizations to build application networks using APIs, integrations, and automation. It allows businesses to connect applications, data, and devices across on-premises and cloud computing environments.

Service Address: https://anypoint.mulesoft.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through Anypoint Access Management.

Secret Access Scope: Grants programmatic access to Anypoint Platform APIs, allowing management of APIs, integrations, and other platform resources.

Secret Revokement URL: https://anypoint.mulesoft.com/accounts/

Secret Example: a1b2c3d4-5e6f-7g8h-9i0j-k1l2m3n4o5p6

Suspicious Activity Investigation Instructions:

  • Review Anypoint Platform audit logs for unusual API calls or access patterns
  • Check for unauthorized API registrations or modifications
  • Monitor for unexpected changes to API policies or gateway configurations
  • Examine access patterns from unfamiliar IP addresses or locations
  • Review any automated processes or integrations using the compromised key

Mitigation Instructions:

  • Log in to your Anypoint Platform account
  • Navigate to Access Management > API Clients
  • Locate the compromised client credentials

  • Click on the client and select "Revoke" or "Delete"

  • Create new API client credentials with appropriate permissions
  • Update all legitimate applications and services with the new credentials
  • Consider implementing additional security measures such as IP restrictions
  • Review and adjust the scope of permissions for API clients to follow least

privilege principles