Anypoint Keys

Description

General

• Documentation: https://docs.mulesoft.com/api-manager/1.x/tutorials
• Summary: Anypoint is a platform used to connect and create APIs. This detector aims to detect client_id and client_secret used to connect to the APIs built with Anypoint.
• IPs allowlist: This feature is not currently available.
• Scopes: Keys can have a custom access to APIs.

Revoke the secret

This can be done by the administrator through the Anypoint dashboard.

Check for suspicious activity

This feature is not currently available.

Details for Anypoint keys

• Category: Identity provider

• Company: MuleSoft

• High recall: False

• Validity check available: True

• Only valid secrets raise an alert: True

• Minimum number of matches: 2

• Occurrences found for one million commits: 0.67

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - anypoint

Examples

- text: >    <anypoint.platform.client_id>431c62992fda9ee2b6a7f8dfc374e942</anypoint.platform.clientid>    <anypoint.platform.client_secret>e4D62e8c5c5a6c06eDE090a399ADDFeb</anypoint.platform.client_secret>  client_id: 431c62992fda9ee2b6a7f8dfc374e942  client_secret: e4D62e8c5c5a6c06eDE090a399ADDFeb