Request API Access - Anypoint Platform APIs

Overview

In AEH, "access" to an API is granted via a contract: a binding between one of your applications and a specific API instance (e.g., sandbox/production) under a chosen SLA tier. This workflow covers the full consumer-side request flow: discovering the tiers and grant types offered, creating a contract, listing your contracts, and adjusting the SLA tier later.

What you'll build: Active contracts between your applications and the APIs you need, on the right SLA tiers.

Prerequisites

Before starting, ensure:

Authentication ready
- Valid portal-consumer Bearer token
- Membership in the portal
Portal and application context
- targetOrganizationId, portalId
- An existing applicationId (see manage-portal-applications to create one)
- Target asset coordinates: groupId, assetId, minorVersion, instanceId (see discover-portal-apis Step 3)

Step 1: List Available SLA Tiers for an Instance

Tiers define throughput/quota limits and governance rules for an API instance. Some instances require a tier selection; others default to an implicit tier.

api-experience-hub-consumer.getTiers

$ curl -X GET ${baseUrl}/xapi/v1/portals/{targetOrganizationId}/{portalId}/assets/{groupId}/{assetId}/{minorVersion}/instances/{instanceId}/tiers \
  -H "Authorization: Bearer ${authToken}" \
  -H "Content-Type: application/json"

Captured Variables

tiers $.tiers[*]

SLA tiers offered on this instance

tierId $.tiers[*].id

Tier ID passed to the create-contract call

Step 2: List Grant Types Offered by the API Instance

Grant types (client_credentials, authorization_code, etc.) describe how your application will obtain tokens. Some APIs require that at least one grant type matches between API and application.

api-experience-hub-consumer.getGrantTypesByInstanceId

$ curl -X GET ${baseUrl}/xapi/v1/portals/{targetOrganizationId}/{portalId}/assets/{groupId}/{assetId}/{minorVersion}/instances/{instanceId}/provider/grantTypes \
  -H "Authorization: Bearer ${authToken}" \
  -H "Content-Type: application/json"

Captured Variables

instanceGrantTypes $.grantTypes[*]

Grant types the instance supports

Step 3: List Grant Types Supported by Your Application

Cross-check your application's supported grant types against the instance's.

api-experience-hub-consumer.getGrantTypesByApplicationId

$ curl -X GET ${baseUrl}/xapi/v1/portals/{targetOrganizationId}/{portalId}/applications/{applicationId}/provider/grantTypes \
  -H "Authorization: Bearer ${authToken}" \
  -H "Content-Type: application/json"

Captured Variables

applicationGrantTypes $.grantTypes[*]

Grant types the application can use

What happens next: Confirm at least one grant type overlaps between Step 2 and Step 3 before creating the contract.

Step 4: Create a Contract

Bind the application to the API instance under the chosen tier.

api-experience-hub-consumer.createContract

$ curl -X POST ${baseUrl}/xapi/v1/portals/{targetOrganizationId}/{portalId}/assets/{groupId}/{assetId}/{minorVersion}/contracts \
  -H "Authorization: Bearer ${authToken}" \
  -H "Content-Type: application/json"

Captured Variables

contractId $.id

The newly created contract ID (may be PENDING until approved)

contractStatus $.status

Current status — typically APPROVED or PENDING

What happens next: If the API requires admin approval, the contract is PENDING. Otherwise it is immediately APPROVED and the application can call the API.

Step 5: List Contracts for an Application

Audit which APIs a specific application currently has (or has requested) access to.

api-experience-hub-consumer.getContractsByApplicationId

$ curl -X GET ${baseUrl}/xapi/v1/portals/{targetOrganizationId}/{portalId}/applications/{applicationId}/contracts \
  -H "Authorization: Bearer ${authToken}" \
  -H "Content-Type: application/json"

Captured Variables

applicationContracts $.contracts[*]

Contracts held by this application

contractIds $.contracts[*].id

Contract IDs for deeper inspection

Step 6: Get Contract Details

Retrieve the full state of one contract — useful to verify status, tier, and SLA usage.

api-experience-hub-consumer.getContract

$ curl -X GET ${baseUrl}/xapi/v1/portals/{targetOrganizationId}/{portalId}/assets/{groupId}/{assetId}/{minorVersion}/contracts/{applicationId}/{instanceId} \
  -H "Authorization: Bearer ${authToken}" \
  -H "Content-Type: application/json"

Captured Variables

contractDetails $

Full contract details (status, tier, associated asset/instance)

Step 7: Change the SLA Tier on an Active Contract

Upgrade or downgrade the SLA tier — e.g., from Bronze to Gold as consumption grows.

api-experience-hub-consumer.assignSlaTierToContract

$ curl -X PATCH ${baseUrl}/xapi/v1/portals/{targetOrganizationId}/{portalId}/applications/{applicationId}/contracts/{contractId}/tiers/{tierId} \
  -H "Authorization: Bearer ${authToken}" \
  -H "Content-Type: application/json"

Captured Variables

updatedContractId $.id

Contract ID confirmed with the new tier applied

What happens next: Depending on portal policy, the new tier may apply immediately or wait for admin approval.

Name	Value	Source
No variables yet

Completion Checklist

[ ] Available tiers reviewed
[ ] Grant types cross-checked between application and instance
[ ] Contract created
[ ] Contract status verified (APPROVED vs PENDING)
[ ] Existing contracts for the application audited
[ ] SLA tier adjusted when consumption changes

What You've Built

✅ Active Contract(s) — Your applications are bound to the APIs you need on the correct SLA tiers, with grant types that match.

Next Steps

Call the API — Use the application's clientId / clientSecret (from manage-portal-applications) to obtain tokens per the chosen grant type.
Monitor usage — Track quota/throughput against the chosen tier; upgrade via Step 7 when you hit limits.