This article describes how one could retrieve the
client_id that is consuming an API protected by client ID enforcement policy in
API Manager.
Assumptions:
1. The API is exposed from Anypoint Runtime - API Manager
2. The API policy is applied - Client ID enforcement
3. The client is has requested access to the API via exchange
4. The client is using
Basic Authentication to login to the API with client id and secret key.
How it works:
Since the client
application is using Basic Authentication to access Mulesoft API, we will
always have the header value as below. This value is in a fixed format, which
is username:password encoded with Base64.
Note: this is not a very secure method as anyone with
basic understanding of authentication would be able to decode and decipher the
information. As such, this should always be used together with SSL to avoid
unauthorized users from retrieving login information.
We can use Dataweave
2.0 to retrieve the header from attributes.headers.authorization.
Following that,
Base64 decode the value and split the value to extract the client id.
Example of Dataweave
which sets the payload to be the extracted client id:
%dw 2.0
import * from
dw::core::Binaries
output
application/java
---
(fromBase64((attributes.headers.authorization
replace "Basic " with "")) splitBy(":"))[0]
default ""