Basic Authentication – Client ID enforcement


Basic authentication – Client ID enforcement is simple and most widely used authentication mechanism in HTTP based services or APIs. The client sends HTTP requests with the Authorization HTTP header that contains the word Basic word followed by a space and a base64-encoded string username:password .

For example, to authorize as username/password the client would send below HTTP header

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

MuleSoft already provide OOTB Basic Authorization policy in API Manager which can be assigned to any mulesoft API to secure its endpoint

To Start with we first create a sample project in Design Center

Project – basic-auth-sample


#%RAML 1.0
title: basic-auth-sample
version: 1.0.0

    description: |
      This API supports Basic Authentication.
    type: Basic Authentication

    securedBy: [basic]
    description: retrieve route list
        type: string
        required: false


Design Center

Basic Authentication - Client ID enforcement


Now publish it to Exchange and API Manager


Basic Authentication - Client ID enforcement


Provide the asset version

Basic Authentication - Client ID enforcement


Exchange asset will be created

Basic Authentication - Client ID enforcement


Now create an API Manager configuration

Basic Authentication - Client ID enforcement


This will create the API Manager configuration for basic-auth-sample

Basic Authentication - Client ID enforcement


Click Policies -> Apply New Policy -> Client ID enforcement


Select Basic Authentication Header policy and apply


Now create mule application in Anypoint Studio


Add API Auto Discovery configurationmore on API Auto Discovery


Deploy the project on Cloudhub


API Manager Configuration should now come as active


Now if we test our API it will through 401 Unauthorized error


To call this service successfully we have to create Client application in Exchange and request for access


Create and assign the Application name


Client ID and Secret will be generated


Now we will use this Client ID as username and Client Secret as password while calling the API


Now we can see the 200 success response


Also if we look raw request then we can see Authorization header is also passed for basic authorization, this is done by SOAP UI internally for us.

Design Center project – basic-auth-sample

Sample mule application – basic-auth-sample

Sample SOAP UI project – basic-auth-sample-soapui-project


Thank you for taking out time to read the above post. Hope you found it useful. In case of any questions, feel free to comment below. Also, if you are keen on knowing about a specific topic, happy to explore your recommendations as well.
For any latest updates or posts on our website, you can follow us on LinkedIn. Look forward to connecting with you there.

Share this:
Notify of
Newest Most Voted
Inline Feedbacks
View all comments
6 months ago

on an onprem installation, what are the files under policies folder, and how the process use them?
exemple :  policies]$ ls -lrt client-id-enforcement*
-rw-rw-r–. 1 mcdev10 mule 1617 Apr  6  2022 client-id-enforcement-294466.xml
-rw-rw-r–. 1 mcdev10 mule 1626 Apr  6  2022 client-id-enforcement-294504.xml
-rw-rw-r–. 1 mcdev10 mule 1614 Apr  6  2022 client-id-enforcement-246209.xml
-rw-rw-r–. 1 mcdev10 mule 1620 Apr  6  2022 client-id-enforcement-294425.xml
-rw-rw-r–. 1 mcdev10 mule 1611 Apr  6  2022 client-id-enforcement-294427.xml
-rw-rw-r–. 1 mcdev10 mule 1612 Apr  6  2022 client-id-enforcement-294440.xml
-rw-rw-r–. 1 mcdev10 mule 1614 Apr  6  2022 client-id-enforcement-294481.xml
-rw-rw-r–. 1 mcdev10 mule 1619 Apr  6  2022 client-id-enforcement-294456.xml

5 months ago

hi bro

please check ss of

it mistakenly has ss of basic auth