A client of mine has a bunch of APIs in CloudHub that communicate with two APIs on premise in their runtime. The question I get asked, to which I don't really know the answer, is how to secure the communication between the APIs on CloudHub and on premise without using API Manager (since the client preferred not to pay for it) ? I thought of a middleware (middleware inception) that hashes the messages from one end to another, is this a viable idea? What could the best answer be?
How to secure Mule applications traffic
194 Views Asked by Zyoumir At
1
There are 1 best solutions below
Related Questions in SECURITY
- HTTPS configuration in Spring Boot, server returning timeout
- HSM ZKA control mask values
- OWASP Amass Subcommands
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- When sanitize/encode while implementing tags system like on SO
- spring security version in spring-boot-starter-security
- I am currently trying to implement a rudimentary firewall from a video I watched but the nimda worm detection is not working and i do not know why?
- Is it possible for `sudo` to fail temporarily with the correct password? Hacking suspected
- Is it viable proxying all my mobile apps requests, to some kind knowing that a request is coming from a secure source
- What abilities should I concentrate on while bug hunting, and how can I improve the quality of my bug bounty reports?
- System.ArgumentOutOfRangeException: I passed this error in every single program
- How to prevent users from creating custom client apps?
- Does server-side content security policy exist for youtube video player API, app, mod apks and website?
- Can we pass a hostname/IP address as a query string in a GET request in REST API
Related Questions in MULE
- How to compare two dates with only month and year in mule
- remove object from complex object if specific value is null
- Get flow name from subflow
- Convert a single column values into multiple rows using dataweave
- How to dynamically convert an list of strings into key value pair using dataweave 2.0
- Using $ in a string in a dataweave expression
- Generating an Array based on a total Count and split Number
- What should be my response body in raml if i am sending hashmap as response?
- Get Object from specific Bucket on AWS S3 in Mule 4
- How do I transform the incoming JSON payload having objects to a payload having a list of the objects expected by the downstream system
- Error while deploying app in Anypoint Platform using Azure DevOps
- Querriable properties available for the MuleSoft Anypoint Platform Cloudhub application log API?
- Import Java Jar in Mulesoft Project
- h2 In memory database private mode - unable to access console
- Dataweave Transformation- How can I reduce a payload array when condition is met
Related Questions in MIDDLEWARE
- How to implement Access / Refresh Tokens
- How to alter contents of the XHR object returned to Angular application from the middleware in C#?
- Redux deprecated code (thunk middleware related)
- Nextjs 14.Selection of server page redirection and client page redirection
- Argument of type '"save"' is not assignable to parameter of type 'RegExp | "createCollection"' error while using pre method before saving schema
- Next-Intl not working for nested routes in Next JS
- Error handler middleware is not running in express app
- How to create middleware API in .NET Core
- Cannot read properties of undefined (reading 'startsWith') Type Error In Node Js
- How do I add WebSocket with database connection to ASP.NET application?
- Scrapy handle closespider timeout in middleware
- Next.js Middleware for Session Authentication Redirects: Errors Encountered
- How can I modify a middleware or its registration to correctly use a scoped service?
- Middleware Protected Routes not Detecting Authentication?
- how to store access token using cookie in Java spring boot?
Related Questions in IBM-API-MANAGEMENT
- XSLT to remove soap envelope and soap namespaces and process the soap body
- No module named 'ibm_watson.natural_language_understanding_v3'
- Azure Developer Portal: How to update to new version
- Terraform API Management API Policy - All APIs
- Authentication failed when trying to download azure API Management locally
- Azure API Management Policy for validate Request Parameter Values
- Azure Apim Set-AzApiManagementPolicy gives Entity with specified identifier not found
- Azure APIM Validate-Content Inbound policy, Validate Request Body
- Azure api management not hitting azure redis cache when request have more than 10 MB
- How to secure Mule applications traffic
- What is the default timeout set in forward-request
- Update Azure APIM Name (Api.Id) after cloning using Azure Portal?
- Record and Persist API call details in KrakenD for API monetization
- Any API gateway solution which has plugin to output data into Kafka
- Azure APIM Instance - Failed to update API management service hostnames
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
The server applications should implement some basic security best practices like authentication and encryption.
Having applications deployed in any cloud environment without security is a big security risk. I assume that there is a secure link between the CloudHub environment and their on premise environment, like a VPN, but even so this architecture would not probably pass a security audit.
They should implement authentication using HTTP Basic authentication or OAuth 2. These are the most common authentication schemas used for REST APIs. Note that credentials go in clear text so they should also implement encryption.
To encrypt the traffic the server applications should use TLS, ie HTTPS connections instead of plain HTTP.
Optionally you could also implement mutual TLS authentication, requiring the client to have a valid certificate that the HTTPS server validates.
Hashing message could be an additional level of security, but that implies changing the applications logic to implement some custom security. The effort should be better put into implementing standard security practices as mentioned. If after that you want to add it feel free to do so.
You have not shared details of the technology of the on prem applications. Mule applications can implement both the client and server side of any of these methods. Read the documentation for details: