Test an API in API Platform

 

The way to use an API from the API Platform is to go to the API Designer and then set the baseUri. This configuration will use this URL for invocation https://anypoint.mulesoft.com/apiplatform/proxy/{YOUR_BASE_URI} which is a way to overcome the CORS limitations.

 

If the application is not publicly accessible but you are able to access it (for example test an application running locally on Studio) you need to follow these steps in the API Designer:

2- Enable the check "API is behind a firewall".

3- Enable CORS in your API (see "How to enable CORS").

 

More information is provided in this link: 

https://developer.mulesoft.com/docs/display/current/Accessing+Your+API+Behind+a+Firewall

 

 

 

You can apply the "Cross-Origin Resource Sharing" policy directly from your API Administrator page. Look for it under the "Policies" tab.

 

If instead, you prefer to enable CORS directly into your flow, the simplest way is to add a "CORS Validate" component after the http:inbound-endpoint/http:listener and a simple cors:config. This is a simple configuration:

 

<cors:config name="corsConfig" doc:name="Simple CORS Config" />
    <flow name="flowWithCORS">
        <http:listener config-ref="songs-httpListenerConfig" path="/api/*" doc:name="HTTP" />
        <cors:validate config-ref="corsConfig" acceptsCredentials="false" publicResource="true" doc:name="CORS Validate"/>
        <!-- the rest of the flow goes here -->
    </flow>

 

Make sure that the mule tag contains this attribute: xmlns:cors="http://www.mulesoft.org/schema/mule/cors" and the value "http://www.mulesoft.org/schema/mule/cors http://www.mulesoft.org/schema/mule/cors/current/mule-cors.xsd" in the xsi:schemaLocation attribute.

 

If the API is implemented using Mule ESB/API Kit you will have to add the mule-module-cors library.

 

 

 

The best way to troubleshoot errors while trying to test your API from the API Platform is by using the network/JS console that the browsers provide. These are some common errors:

- You see that your request gets a "500 Internal Server Error". if the URL is https://anypoint.mulesoft.com/apiplatform/proxy/{YOUR_BASE_URI} and the content is "connect ECONNREFUSED". That means, the API Platform can't connect to the baseUri and that you should enable the check "API is behind a firewall".

- No error in the network console, but the following error in the JS Console "Mixed Content: The page at '{YOUR API URL}' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint '{YOUR URI}'. This request has been blocked; the content must be served over HTTPS.". This is because your baseUri is not HTTPS.

- In the console the request fails but you don't get any response and a CORS error like "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at {YOUR URL}.
(Reason: CORS request failed).". Is possible that you don't have the required certificates in your browser. Try accessing the URL directly and if it says that the connection is untrusted add it as an exception.