Search code examples
mulemulesoftmule4anypoint-platform

Unable to get bearer token for Anypoint Platform with MFA enabled

I was using the https://anypoint.mulesoft.com/accounts/login endpoint with my user credentials to get a bearer token earlier and it worked fine.

However I now have MFA enabled with Salesforce Authenticator on my Anypoint Platfrom and hence the above call returns

{
    "url": "https://verify.salesforce.com/verify/",
    "body": {
        "request": "eyJhbGciOiJFUzI1NiIsInR5cCI6Imp3dCIsImtpZCI6ImFueXBvaW50X2lhbV9wcm9kLWMyYy04MC0xNjc0OTUwNDIzNTQ1IiwidmVyIjoiMS4wIn0.eyJhdXQiOiJTRVJWSUNFIiwiY3R4Ijoic2ZkYy5naWQtYXV0aCIsImlzdCI6Miwic3R5IjoiVGVuYW50Iiwic2NvcGUiOiJ2ZXJpZnkiLCJ2YWFzX2FyZ3MiOnsiYWN0aW9uX2lkIjoibG9naW4iLCJhY3Rpb25fbmFtZSI6IkxvZ2luIiwidHJ1c3RfdmVyaWZpZWRfZGV2aWNlcyI6ZmFsc2UsImVtYWlsIjoiYXNpbmdoNkBzYWxlc2ZvcmNlLmNvbSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vYW55cG9pbnQubXVsZXNvZnQuY29tL2FjY291bnRzL2xvZ2luL21mYV9jYWxsYmFjayIsInN0YXRlIjoiYWIzYWNiMjUtZDIzMS00NWY2LWJlZDctMzQ1OGJkNzIzZTJiIiwidXNlcl9hY2NvdW50X2lkIjoiMTc0MDAwMWEtYjExMS00OWM3LWJhYzQtYWExZmNiMDU2ZmVmIiwidXNlcl9kaXNwbGF5X25hbWUiOiJhYnlzaW5naCJ9LCJpYXQiOjE2ODAyODMzODMsIm5iZiI6MTY4MDI4MzM4MywiZXhwIjoxNjgwMjgzNDAzLCJhdWQiOiJ2YWFzIiwiaXNzIjoiYW55cG9pbnRfYWNjZXNzX21hbmFnZW1lbnRfdXMxIiwianRpIjoiNGJiMmE5ZGEtYjIxZC00ZTY2LWE2MjAtMWIzNzFiYTljNDg0In0.oadOPrB54dJp0xEHQwmy14vwGx3_vpCg75FHrvmpga-ioUD-M9f06yCWp3BXUmt6b9YoDVo4iZzidEZXOA5g9w"
    }
}

This is not the bearer token and I am at a loss to understand what needs to be done to generate the bearer token with MFA enabled.

Solution

  • Obtaining an access token for a process will no longer work once Multi Factor Authentication (MFA) is enabled for an Anypoint Platform account. For security reasons user accounts should have MFA enabled, preventing them to use the same credentials to get a token. Usually a token is used in automated processes, scripts or applications. Though some exceptions are possible by the administrator of your org, MuleSoft will increasingly restrict such exceptions over time because of security concerns.

    For those situations the strongly recommended method is to create Connected Application credentials that can be used instead of user credentials.