Using CloudHub VPC to create a private API
In this short tutorial, I will show you how to create an API that can only be accessed only by APIs within the same VPC.
APIs enable communication between different systems and applications, allowing them to exchange data and perform various functions seamlessly. However, with the growing use of APIs, there’s an increased need for security measures to ensure that sensitive data and resources are protected from unauthorized access.
For example, you have a client that needs two different systems integrated and there is no real need for that API to be accessible from the outside. Just to be clear, this is not a substitute for other security measures but an extra layer of security.
Let’s assume you created the two APIs. In your properties (yaml files) add two ports. 8082 port will be for the API you want to access from the outside and 8092 will be for the API you don’t want to access from the outside.
CloudHub setup:
Note: VPC is a premium service so it won’t be available if you use a trail account.
The next step is to go to Runtime Manager -> VPC. Create a VPC.
When you create a VPC you need to provide the following:
- Name — Any name you like
- Region — Your Region
- CIDR Block — Provided by the client.
- Business groups — Pick your business group
- Environment — Pick your environment
- Firewall rules — 4 ports are added by default but you can configure your own
Now, you have configured the VPC in CH. Now let’s see the example of two APIs trying to talk to each other but you can only access one of them from your local postman.
Implementation:
Example of response application:
Example of request application:
Deploy everything to CloudHub and give it a try. If everything is setup correctly you should be able to connect to requestMockApplication and it should be able to connect ot responseMockApplication.
Now, if you try connecting directly to responseMockApplication you should get status 500.
That’s all folks. By following these steps, you can create an API in MuleSoft that is secure and can only be accessed from within your network. This ensures that your sensitive data and resources are protected from unauthorized access, providing peace of mind and increased security for your organization.
If you have any questions or trouble with the setup please feel free to contact me. :)
