MuleSoft

Name: QuantaSeal
Brand: QuantaSeal
Price: 69 AUD

Integration Platform

system_type: "mulesoft"

Proxy MuleSoft Anypoint Platform API calls for runtime management and integration flow monitoring.

Overview#

The MuleSoft connector proxies Anypoint Platform REST API calls. OAuth2 client credentials from a Connected App are sealed in QuantaVault. Supports application management, API analytics, and Exchange operations.

Base URL: https://api.quantaseal.io/api/v2/proxy/outbound
Auth header: X-API-Key: qs_live_…

Prerequisites#

1A MuleSoft Anypoint Platform account
2A Connected App with the required scopes (Runtime Manager, API Manager)
3Client ID and Client Secret from Anypoint Platform → Access Management → Connected Apps

Configuration#

Follow these steps to connect MuleSoft to QuantaSeal. You can configure integrations via the Admin Console or directly via the API.

1
In Anypoint Platform → Access Management → Connected Apps, create a new Connected App.
2
Select scopes: Runtime Manager, API Manager.
3
Copy Client ID and Client Secret.
4
Seal: POST /api/v2/vault/seal with credential_type: oauth2_client.
5
Create integration with system_type: mulesoft.

Authentication Types#

Seal client_id and client_secret as oauth2_client. QuantaSeal obtains a Bearer token from accounts.mulesoft.com/accounts/api/v2/oauth2/token automatically.

OAuth2 Client

All credential types are sealed in QuantaVault with ML-KEM-768 + AES-256-GCM and wrapped by your tenant AWS KMS CMK before storage. See the Vault API reference for the full list of credential types and seal/unseal endpoints.

Available Operations#

QuantaSeal enforces a default-deny operation policy. Only operations listed in your integration's allowed_operations array will be permitted. Add operations when creating or updating the integration.

Operation	Description
`list_applications`	List all deployed Mule applications.
`get_application`	Get application deployment status.
`list_apis`	List managed APIs in API Manager.
`get_analytics`	Retrieve API analytics data.

Code Example#

Every proxy call returns a HybridCryptoEnvelope - the response is ML-KEM-768 key-encapsulated, AES-256-GCM encrypted, and signed with ML-DSA-65 + HMAC-SHA-512. Verify both signatures before trusting the decrypted payload.

bashCopy

curl -X POST https://api.quantaseal.io/api/v2/proxy/outbound \
  -H "X-API-Key: qs_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"integration_id":"int_MULE001","operation":"list_applications","payload":{"environment_id":"env-prod-guid"}}'

Decrypt the response using the QuantaSeal SDK: client.encryption.decrypt(envelope). Both the ML-DSA-65 signature and the HMAC-SHA-512 signature must pass - QuantaSeal uses a bitwise & check, not short-circuit and.

Troubleshooting#

401 - Invalid client

MuleSoft Connected App credentials are environment-specific. Verify the client_id belongs to the correct Anypoint Platform org.

Still stuck? Check the Security Events page in the Admin Console for detailed proxy error logs, or open a support ticket at quantaseal.io/support.

All Connectors API Reference

Overview#

Base URL: https://api.quantaseal.io/api/v2/proxy/outbound
Auth header: X-API-Key: qs_live_…

Configuration#

Follow these steps to connect MuleSoft to QuantaSeal. You can configure integrations via the Admin Console or directly via the API.

In Anypoint Platform → Access Management → Connected Apps, create a new Connected App.

Select scopes: Runtime Manager, API Manager.

Copy Client ID and Client Secret.

Seal: POST /api/v2/vault/seal with credential_type: oauth2_client.

Create integration with system_type: mulesoft.