adding client id and secret as security model

[nlschott]

this is the most common security model used on API's for customers who have adopted mulesoft wall-to-wall

[kevinswiber]

@nlschott Is this different than the OAuth 2.0 client credentials grant type?

[netlify[bot]]

✔️ Deploy Preview for gateways ready!

🔨 Explore the source changes: c6b72d4c1e3dfe0377c485de0c5ba67765258255

🔍 Inspect the deploy log: https://app.netlify.com/sites/gateways/deploys/6176df7dc80df9000767036b

😎 Browse the preview: https://deploy-preview-1--gateways.netlify.app

[nlschott]

@nlschott Is this different than the OAuth 2.0 client credentials grant type?

Yes, it is different.

• Typically MuleSoft customers adopting OAuth 2.0 at scale for the API security model would use this: https://docs.mulesoft.com/api-manager/2.x/policy-openid-connect
• And this Client_Id one is here - different Policy provided by MuleSoft: https://docs.mulesoft.com/api-manager/2.x/client-id-based-policies

Here are all the current OOTB API (gateway) policies in MuleSoft: https://docs.mulesoft.com/api-manager/2.x/policies-ootb-landing-page

The MuleSoft-specific one is very prevalent in MuleSoft shops.

[kevinswiber]

Thank you!