Integrating MuleSoft Anypoint Exchange with Acunetix On-Premises

This feature is available with Invicti API Security Standalone or Bundle

Integrating Acunetix On-Premises with MuleSoft Anypoint Exchange allows you to fetch Swagger2 and OpenAPI3 specification files from MuleSoft to build an inventory of API endpoints that can be scanned for vulnerabilities with our DAST scanners. The integration leverages Connected Apps, where Acunetix is the application that integrates via user account with MuleSoft Anypoint Exchange. This guide explains how to set up an integration between MuleSoft Anypoint Exchange and Acunetix On-Premises.

Step 1: Create a connected app in MuleSoft Anypoint Exchange

In order for Acunetix to successfully fetch your Swagger2 and OpenAPI3 specification files from MuleSoft, you need to first set up a mirroring policy in MuleSoft Anypoint Exchange by creating a connected app to serve as the central point for authentication. Follow the instructions below to configure your MuleSoft Anypoint Exchange account for the integration.

How to create a connected app in MuleSoft Anypoint Exchange

1. Log in to the MuleSoft Anypoint platform: https://anypoint.mulesoft.com/
2. Open the menu in the upper-left corner and select Access Management.

3. Select Connected Apps from the left-side menu, then click Create app.

4. Enter a Name for the app. In the example below, we have used Acunetix API Importer.
5. In the Grant types section, select Authorization Code and Refresh Token. (Refresh Token appears after you select Authorization Code).

6. Enter your Website URL. In the example below, we used http://your-instance.com/.
7. Enter your callback URL in the Redirect URIs section, then click Add.

The callback URL should have the following format: http://your-instance.com/app/api-discovery/importer/callback

8. Click Add Scopes at the bottom of the Scopes section.

9. Use the Filter scopes field to find and then select the following scopes:

• Exchange Viewer 
• Profile 
• Background Access (this is necessary for the refresh token functionality)

10. Click Add Scopes.

11. Select Save. This completes the creation of a connected app in MuleSoft Anypoint Exchange.

Now that you have created a connected app in MuleSoft Anypoint Exchange, you are ready to set up the MuleSoft integration in Acunetix to import your API specification files. Keep MuleSoft open and continue with the steps below to configure the API import in Acunetix using a new browser tab or window.

Step 2: Configure the API import in Acunetix

1. Log in to Acunetix On-Premises.
2. Select APIs > Sources from the left-side menu.

3. Click Add New Source.

4. Enter a name for the API integration and select MuleSoft as the source type. 

5. Switch to your MuleSoft tab or window and click Copy Id.

6. Paste the Id from MuleSoft into the Client ID field in Acunetix.
7. Return to MuleSoft and click Copy Secret.

8. Paste the copied Secret into Acunetix.
9. Click Authenticate and Save. You will be navigated to your MuleSoft account to authorize the integration, after which you will be navigated back to Acunetix.
10. Click Grant access to… to authorize the integration.

Once complete, you will see a short message displayed in Acunetix: Authorization was successful. To synchronize the API import, continue with the final step below.

Step 3: Synchronize the API import

1. On the APIs > Sources page in Acunetix, click the sync icon to start importing your API specification files from MuleSoft into your Acunetix API Inventory.

2. When the sync is complete, your API specification files will be displayed on the API Inventory page in Acunetix. From this page, you can link your API specification files to targets so they can be scanned for vulnerabilities. For more information, refer to Linking and unlinking discovered APIs to targets.

Your MuleSoft Anypoint Exchange account is now integrated with Acunetix. After the initial synchronization, the integration will automatically sync your API specifications once every 24 hours.