Treblle Policy for MuleSoft

This is Treblle’s official MuleSoft policy that enables organizations to discover and get full visibility into all their APIs.

The policy also enables features like payload masking and captures detailed API-specific metadata to give you the best Treblle experience.

Prerequisites

Before you begin, make sure you have:

• MuleSoft API Gateway 4+
• Java 17 or higher
• Anypoint Studio 7.21.0 or later
• An active MuleSoft account with API Manager access
• Maven 3.8+ configured with proper settings.xml
• A Treblle account  with API key and SDK token

Creating and Deploying the Custom Policy

This guide will walk you through creating, configuring, and deploying a custom Mule 4 policy that sends incoming request payloads and headers to Treblle when a request is received.

Obtaining Organization ID

1. Navigate to Anypoint Platform Business Groups 
2. Select your business group
3. Note the Business Group ID from the URL or page details. You’ll need this for the next step.

Updating Policy Configuration

1. Clone the Treblle MuleSoft repository:

   git clone https://github.com/Treblle/treblle-mulesoft.git
   cd treblle-mulesoft

2. Open treblle-policy/pom.xml and update the groupId with your Business Group ID:

   <groupId>{BUSINESS_GROUP_ID}</groupId>

Configuring Maven Settings

1. Navigate to the samples/.m2/settings.xml file

2. Update your MuleSoft credentials:

   <username>{YOUR_MULESOFT_USERNAME}</username>
   <password>{YOUR_MULESOFT_PASSWORD}</password>

Building and Deploying the Policy

1. Navigate to the treblle-policy directory:

   cd treblle-policy

2. Build the policy:

   mvn -s ../samples/.m2/settings.xml clean package

3. Deploy to MuleSoft Exchange:

   mvn -s ../samples/.m2/settings.xml clean deploy

Verifying Policy Installation

1. Visit Anypoint Exchange 
2. Search for “treblle policy”
3. Confirm the policy is available in your organization

The policy should appear with version 1.0.0 and display as a Custom Policy.

Applying the Treblle Policy to Your API

Configuring API Manager

1. Log in to Anypoint Platform 
2. Navigate to API Manager
3. Select your API (e.g., hello-world)
4. Go to the Policies tab
5. Click Apply New Policy

Configuring Treblle Policy

1. Choose treblle-policy from the list of available policies
2. Configure the policy with your Treblle credentials:
   • API Key: Enter your Treblle API key
   • SDK Token: Enter your Treblle SDK token

Applying and Testing

1. Save the policy configuration
2. Apply the policy to your API
3. Invoke your API endpoint with a test request
4. Check your Treblle Dashboard  to see the API traffic

The request should appear in Treblle within a few seconds, including headers, payload, and response data.

Using Automated Policy for Multiple APIs

If you want to group all your APIs under a single Treblle policy configuration, you can use the Automated Policy feature. This approach means that all your APIs will share the same data masking settings and appear as one unified API on the Treblle platform, rather than adding the Treblle policy to each API manually.

Setting up Automated Policy

1. Navigate to Automated Policies

• Go to API Manager in your Anypoint Platform
• On the left sidebar, locate and click on Automated Policies

2. Configure the Treblle Policy

• Click Add to create a new automated policy

• Select the treblle-policy from the available policies

• Configure the following required fields:

  • API Key: Enter your Treblle API Key
  • SDK Token: Enter your Treblle SDK Token
  • Mask Keywords: Add any sensitive data fields you want to mask (e.g., email,id)

3. Advanced Configuration Options

• Click on Advanced options to configure policy version and application rules:

• Policy version: Select the appropriate version (e.g., 1.0.6 latest)

• Rule of application: Choose how the policy should be applied:

  • All runtimes: Apply to all APIs with Flex and Mule (4.1.1 and above)
  • Flex gateways only: Apply only to Flex gateways (note: this version may not support implementations)
  • Mule gateways only: Apply only to Mule gateways
  • Version range: Specify the Mule runtime version range (e.g., from 4.1.1)
  • Java Versions: Choose to apply to all Java versions or specify particular versions

Benefits of Automated Policy

• Centralized Management: Manage all your API monitoring from a single policy configuration
• Consistent Data Masking: Apply the same masking rules across all your APIs
• Unified Dashboard: View all API traffic in one consolidated view on the Treblle platform
• Reduced Maintenance: No need to individually configure each API
• Automatic Coverage: New APIs automatically inherit the policy configuration

Masking Fields

To mask fields in MuleSoft:

• Go to your API
• Navigate to Policies
• Click Edit Treblle Policy Configuration
• Add Masking Fields and separate them with commas

This is how it will look in the Treblle dashboard:

Masking the Entire Payload

To mask the entire payload in MuleSoft:

1. Check the Mask Payload option while adding a policy to your API

2. View the masked payload in your API requests - it will appear like this in your Treblle dashboard:

When the “Mask Payload” option is enabled, the entire request and response payload will be masked with asterisks (*****) while preserving the structure and length of the original data.

How It Works

The Treblle MuleSoft policy acts as a middleware that:

1. Intercepts incoming API requests before they reach your implementation
2. Captures request payloads and headers without modifying them
3. Sends the data asynchronously to Treblle’s servers
4. Allows the request to continue to your API implementation without delay