Ctrlk

MuleSoft

Monitor MuleSoft API Gateway traffic by applying the Alma Capture Policy (custom policy) and exporting telemetry via OTLP/HTTP.

Deploy Alma on MuleSoft to capture API gateway HTTP traffic without app code changes.

The Alma Capture Policy is a MuleSoft API Gateway custom policy.

It captures HTTP request/response metadata + payloads and exports them asynchronously to an OpenTelemetry Collector over OTLP/HTTP(S).

If you’re new to Alma, start with Alma Overview.

How it works

When applied to an API (or as an automated policy), the policy:

  1. Intercepts inbound traffic at the Mule gateway.

  2. Captures HTTP request metadata and payload data.

  3. Invokes the downstream API (http-policy:execute-next).

  4. Captures HTTP response metadata and payload data.

  5. Exports captured telemetry asynchronously to an OpenTelemetry Collector.

The policy runs inline using the Mule 4 custom policy model (http-policy:proxy).

Telemetry export

  • Protocol: OTLP

  • Transport: HTTP(S)

  • Default port: 4318

  • Encoding: Protobuf (application/x-protobuf)

  • TLS: HTTPS

Typical gateway endpoint:

  • https://gw-<host>.alma-security.com/

Export is asynchronous and should not block API request processing.

Prerequisites

  • MuleSoft Anypoint Platform permissions to:

    • upload a custom policy to Anypoint Exchange

    • apply policies in API Manager

  • Maven (mvn) installed (for Maven-based publishing).

  • The Alma gateway endpoint reachable from Mule runtime over HTTPS on port 4318.

  • TLS trust configured so Mule trusts the collector’s certificate.

Install and apply the policy

Use the Maven flow below.

For MuleSoft’s baseline flow, see: Upload a Custom Policy to Exchange.

1

1) Download and unzip the policy bundle

  1. Download alma-mule-policy.zip from your Alma distribution channel.

  2. Unzip it.

  3. Open the extracted policy folder.

You should see the Mule 4 custom policy files, including pom.xml and template.xml.

2

2) Configure Maven credentials for Exchange

Update ~/.m2/settings.xml with your Anypoint credentials:

Keep the server ID as anypoint-exchange-v3. MuleSoft uses that value during mvn clean deploy.

3

3) Set the Organization ID and publish

  1. Open pom.xml.

  2. Set the groupId to your Anypoint Organization ID.

  3. You can copy the Organization ID from the Anypoint URL:

  1. From the policy folder, run:

Run the deploy command from the folder that contains the policy pom.xml.

4

4) Apply the policy in API Manager

After the Maven publish succeeds:

  1. Open API Manager in Anypoint Platform.

  2. Select the target API.

  3. On the API page, open Policies.

  4. In the policies list, find the uploaded Alma Capture Policy.

  5. Add it.

  6. Save and apply the configuration.

Use the screenshots below for the UI flow.

Policies view in API Manager showing the uploaded Alma Capture Policy.
From the API page, open Policies to see the uploaded Alma Capture Policy.
API Manager flow for adding the Alma Capture Policy.
Open the target API and start the policy flow.
Policy selection screen in Anypoint API Manager.
Select Alma Capture Policy from the available policies.
Policy configuration screen in Anypoint API Manager.
Review the policy configuration before applying it.

Optional: capture only specific APIs

If you only want to capture specific APIs, open the policy’s Advanced section.

Select the HTTP method, then add an API regex for the endpoints you want to capture.

Use this to limit capture to specific routes instead of all traffic on the API.

Advanced policy settings in MuleSoft API Manager for filtering by HTTP method and API regex.
Use the Advanced section to filter capture by HTTP method and API regex.

Verify

  1. Send traffic through the API.

  2. Confirm the gateway endpoint is receiving data on port 4318.

  3. Confirm traces and logs appear in your backend.

Upgrade and uninstall

Upgrade

  1. Publish a newer policy version to Exchange.

  2. In API Manager, select the existing policy and change the policy version.

  3. Apply the updated policy version.

Uninstall

API Manager → Policies → remove Alma Capture Policy.\

PreviousAPI GatewaysNextNGINX (contact support)

Last updated