DocumentationAPIChangelogTest your siteWatch a demoDashboard
Documentation

MuleSoft

MuleSoft Integration for Bot Protection

Suggest Edits

Before the MuleSoft API Gateway processes a client request, the request is evaluated by this custom policy, which in turn calls the DataDome API to determine whether to allow or block the request. This policy leverages the MuleSoft Policy Development Kit (PDK) to integrate seamlessly with the Anypoint API Manager.

Depending on the API response, the integration will either block the request and return the content provided by DataDome, or let MuleSoft proceed with the regular process. The policy has been developed to protect the users’ experience: if any errors occur during the DataDome process or if the call to DataDome reaches a timeout, the integration will automatically assume a 200 for that request and continue processing normally.

Compatibility

This integration is compatible with MuleSoft API Gateway deployments that support custom PDK policies.

Prerequisites

This article assumes that the user has already:

  1. Access to the MuleSoft Anypoint Platform: https://anypoint.mulesoft.com

  2. Appropriate permissions to publish and manage custom policies in API Manager, specifically:

    • Manage Policies
    • View Policies

  3. An installed and configured version of the Anypoint CLI v4: https://docs.mulesoft.com/anypoint-cli/latest/

  4. Installed the Anypoint PDK plugin:

anypoint-cli-v4 plugins:install anypoint-cli-pdk-plugin
  1. Install Rust Requirements for Using PDK

Setup before publishing

1. Authentication

Authenticate the anypoint-cli-v4 either by client ID and secret, or by username and password: https://docs.mulesoft.com/anypoint-cli/latest/auth

2. Update Cargo.toml

Update the organization-guid field with your Organization GUID. You can find it by accessing the API Manager and looking at the URL:

https://anypoint.mulesoft.com/apimanager/{company-name}/#/organizations/{organization-guid}/environments/{environment-guid}/apis

// Snippet taken from Cargo.toml

...
[package.metadata.anypoint]
group_id = "{organization-guid}"
definition_asset_id = "datadome"
implementation_asset_id = "datadome-flex"
...

3. Create a Connected App

  1. Click on Access Management

  2. Click on Connected Apps

  3. Click on Create App

  4. Provide a meaningful name, such as DataDomePolicyApp, and choose the option App acts on its own behalf (client credentials)

  5. Click on Add Scopes

  6. Assign the Exchange Contributor scope

  7. Select the business groups

  1. Review and Click Save
    You should be then redirected to the list of Connected Apps.

4. Update .cargo/config.toml

  1. Obtain the client-id and client-secret from the DataDomePolicyApp


  2. Update the following curl call and generate a token:

curl --location --request POST https://anypoint.mulesoft.com/accounts/api/v2/oauth2/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={connected-app-client-id}' \
--data-urlencode 'client_secret={connected-app-client-secret}' \
--data-urlencode 'grant_type=client_credentials'
  1. Copy the acess_token generated by the curl above
{"access_token":"YOUR-ACCESS-TOKEN", "expires_in":3600, "token_type":"bearer"}
  1. Replace {cargo-token} in .cargo/config.toml with the access_token generated above
[registries]
anypoint = { index = "https://anypoint.mulesoft.com/git/68ef9520-24e9-4cf2-b2f5-620025690913/19f9d123-5775-44d7-a67f-49328cfa00b0", token = "{cargo-token}" }

Setup

Run the following command at the root of the project:

make setup

This will install required dependencies and prepare the environment for publishing.

Release

To release the policy to your MuleSoft organization, run the following command:

make release

This will build and publish the policy to your configured Anypoint Platform. Once released, the policy will be visible in Anypoint Exchange, ready for deployment in API Manager.

Installation

  1. Access the API Manager

  2. Click on the API that you would like to set up the Policy on:

  3. Click on Policies

  4. Click on Add Inbound Policy

  5. Search for DataDome and click on Next

  6. You will be able to configure the DataDome policy

    The datadomeServerSideKey is mandatory and you can obtain it from: DataDome Dashboard > Management > Integrations. A breakdown of the full list of configs can be found in the next section.

  7. Click on Apply

  8. You will get redirected to the API screen, and will be able to successfully see DataDome applied on the API

Configuration

Option nameDescriptionDefault value
datadomeServerSideKeyCan be obtained from: DataDome Dashboard > Management > Integrations .
datadomeEndpointHost of the Protection API.https://api.datadome.co/
datadomeUrlPatternInclusionRegex to match to process the request with the Protection API.

If empty, all requests that don't match datadomeUrlPatternExclusion will be processed.
datadomeUrlPatternExclusionRegex to match to exclude requests from being processed with the Protection API.

If null, all requests will be processed.		\\.(avi|avif|bmp|css|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|json|less|map|mka|mkv|mov|mp3|mp4|mpeg|mpg|ogg|ogm|opus|otf|png|svg|svgz|swf|ttf|wav|webm|webp|woff|woff2|xml|zip)$
datadomeTimeoutTimeout in milliseconds, after which the request will be allowed.300

Updated about 7 hours ago