0

I am trying to stop/restart a CloudHub Mule application using the rest API endpoint.

I am following this link: https://help.mulesoft.com/s/article/How-to-start-stop-or-restart-a-CloudHub-Application-using-CloudHub-REST-APIs

I am trying to get a Bearer token as per this link (OAuth using a Client ID and secret): https://anypoint.mulesoft.com/exchange/portals/anypoint-platform/f1e97bc6-315a-4490-82a7-23abe036327a.anypoint-platform/access-management-api/minor/1.0/pages/Authentication/

But we have Organizational level client id and secret, Environment level client id and secret, and Application level client id and secret.

Which client id/secret is needed to restart the application? I tried all 3 but had no luck.

NOTE: We are using Single sign-on using Microsoft 360

The link says to pass EnvironmentID in the header, but is the key name "EnvironmentID" or different?

Vish
  • 346
  • 2
  • 13

1 Answers1

2

Short answer: the recommended method is to use a Connected App. See below to find details.

Long answer: The KB article that you share has a link on how to get the bearer token. It explicitly says that you can not use client id/client secret for CloudHub.

To get a bearer token from your user the detailed steps are detailed in the link. In a simple case you can get the token by requesting a POST to the https://anypoint.mulesoft.com/accounts/login endpoint.

Example:

curl -H "Content-Type: application/json" -X POST -d '{"username":"<USERNAME>","password":"<PASSWORD>' https://anypoint.mulesoft.com/accounts/login

This is not going to work if your organization has configured single sign on with a corporate Identity Provider. Find details in the article on how to get the token.

What you probably really need is to create a Connected App in Access Management for what you need to do, assign the permissions needed for CloudHub to it, and then use the client id and client secret generated for the Connected App.

The environment id is a unique identifier for the environment where the application is deployed, similar to how the org id identifies an organization. Again the KB article list the link to another article on how to find it.

aled
  • 21,330
  • 3
  • 27
  • 34
  • Thanks for the response, since we have "single sign-on" setup, I guess the "Connected App" is the solution. Thanks again – Vish Nov 24 '22 at 18:14
  • 1
    While you can work around that, Connected Apps is the recommended method for automations, like CI/CD pipelines, since they are not tied up to an user. – aled Nov 24 '22 at 19:01
  • 2
    Edited the answer to clarify that Connected App is the recommended method. – aled Nov 24 '22 at 19:12
  • 1
    In general you should NEVER use the organisational or environment secrets in your code. Security vulnerabilities can arise any time which can turn just a simple "restarting of application" to a fatal mistake for the organisation – Harshank Bansal Nov 27 '22 at 07:00