Implementing MCP Server with Tool on MuleSoft

Hello there Muley! 👋 I’m so excited to bring you the latest on expanding your integration capabilities! I’ve got some fantastic news and insights to share about implementing an MCP (Model Context Protocol) Server with MuleSoft. This is a game-changer for connecting my existing APIs to the world of AI agents! 🚀 What is an MCP Server and Why it Matters for MuleSoft? You might be wondering, what exactly is an MCP Server? 🤔 Simply put, it’s a way for AI agents to discover and interact with various tools and resources. An MCP service acts as a bridge, allowing AI models to understand and utilize external capabilities, effectively extending their reach beyond their core functions. You can read more about unlocking AI’s potential with MCP in this article: Unlocking AI’s Potential with MCP. ...

July 7, 2025 · 5 min · Patryk Bandurski

MuleSoft APIs as AI Assets: A Practical Guide to x-SFDC Tags

Unlock AI Power: How to Enable Your MuleSoft APIs as AI Assets! Are you ready to make your APIs smarter and open them up to the world of Artificial Intelligence? The future of integration is here, and it involves turning your APIs into powerful AI assets. This means your APIs can be understood and used directly by AI tools, like Salesforce’s Agentforce. Let’s dive into how you can enable your APIs to become these intelligent assets, using practical examples from an OAS 3 specification. ...

July 4, 2025 · 5 min · Patryk Bandurski

Agentforce, API Catalog, MuleSoft Topics: Your AI Integration Guide

Get Ready! Agentforce, API Catalog, and MuleSoft Topics Explained for Developers! Do you want to know about the newest technology? Do you want ideas that help you build powerful solutions? Then this is for you! The latest changes in Agentforce, the Salesforce API Catalog, and MuleSoft Topics are amazing and will change how you connect systems! We talked about these exciting new things at the Warsaw MuleSoft Meetup, and the message is clear: smart automation is here now. ...

July 2, 2025 · 4 min · Patryk Bandurski

AsyncAPI: Describing Event-Driven APIs

What You’ll Learn When and why to use AsyncAPI in real projects How to describe asynchronous APIs using version 2.0–2.6 Key components of an AsyncAPI document Practical, MuleSoft-compatible examples using Anypoint MQ The Challenge: Describing Event-Driven APIs Imagine you’re building a system that integrates with Anypoint MQ. Instead of REST calls, components exchange messages — events that trigger behavior or transfer data asynchronously. You need a way to: Describe how events flow between producers and consumers Ensure alignment between teams Maintain consistent, machine-readable documentation This is exactly where AsyncAPI comes in. ...

June 4, 2025 · 3 min · Patryk Bandurski

Understanding One-Way vs. Two-Way TLS for APIs

When building secure APIs, TLS (Transport Layer Security) is a must. But not all TLS setups are created equal. If you’ve ever wondered what exactly two-way TLS is — or when to use it — you’re in the right place. Let’s break it down in a simple way. 🔐 One-Way TLS (Standard TLS) We all use it every day. Every time you log in to your bank account or shop online, you’re using one-way TLS. Your browser verifies the identity of the server via a certificate, usually signed by a trusted Certificate Authority (CA). ...

April 3, 2025 · 3 min · Patryk Bandurski

Step-by-Step Guide: Configuring 2-Way TLS on MuleSoft DLB

Setting up 2-Way TLS (mutual TLS) on MuleSoft’s Dedicated Load Balancer (DLB) can feel daunting. We get it — there are keystores, truststores, certs, and configurations across systems. But don’t worry — this guide walks you through it clearly, step by step. 🔧 What You’ll Need Before starting, make sure you have: ✅ A working MuleSoft application deployed to CloudHub ✅ A configured Dedicated Load Balancer (DLB) ✅ Your client certificate (X.509 PEM) ✅ Your truststore (to trust the client’s cert) ✅ Access to Anypoint Platform & Runtime Manager ...

April 3, 2025 · 4 min · Patryk Bandurski

One Client Cert, All APIs? A Hidden Security Gap in MuleSoft DLB

When it comes to 2-Way TLS in MuleSoft, many assume that once the DLB (Dedicated Load Balancer) is configured and client certificates are validated — all is secure. But there’s a subtle and important security gap you should know about. 🔍 The Problem: Validation Isn’t Context-Aware Imagine this: Your DLB is set up for 2-Way TLS ✅ You’ve uploaded multiple client certificates to the DLB’s truststore ✅ Everything works — clients can call your APIs over HTTPS using their certificates ✅ But here’s the catch: ...

April 3, 2025 · 3 min · Patryk Bandurski

Designing GET for a Single Resource in REST APIs

In REST APIs, we often need to get a single resource. In this article, we explore how to structure those GET requests properly. 🧍‍♂️ Get a Single Account by ID To get one specific account, use: /accounts/{id} Example: /accounts/adoe This will return the account with ID adoe. You can apply the same idea to other resources, like: /applications/872233 🧠 Get Resource(s) by Field Value Sometimes you want to retrieve a resource or a small list of resources based on a specific field, like email or region. Instead of creating multiple endpoints, use query parameters. ...

March 22, 2025 · 2 min · Patryk Bandurski

Designing GET for Collections in REST APIs

When designing APIs, the GET method is one of the most commonly used HTTP methods. It’s used to retrieve data, either as a full list or a single resource. In this article, we focus on getting collections of resources. 🔍 Use Case Let’s say we’re building a service that allows users to manage accounts. We want to allow users to: List all accounts 📄 Designing the Endpoint Use a plural noun for the resource name: ...

March 20, 2025 · 2 min · Patryk Bandurski

Nailing RESTful API Design: A Straightforward Guide

Hey there! Ready to make your API as friendly and reliable? Let’s unpack some RESTful API design practices that are easy to digest and will save you a headache down the road. Dive in for a guide that distills my hands-on experience into practical wisdom for crafting APIs that hit the sweet spot of functionality and user-friendliness. Naming: Clear, Concise Naming your endpoints should be clear-cut and intuitive. Hyphens are your clarity heroes: Separate words for the sake of readability. Go with /customers/saving-accounts rather than a jumble of characters. Lowercase for the win: URLs can be case-sensitive, so let’s avoid the confusion and stick with lowercase, like /customers/saving-accounts. Extensions are passé: This is the web, not your file system. Drop the .xml and keep it clean with /customers/saving-accounts. URIs Done Right Let’s cut through the clutter when it comes to URIs. ...

February 13, 2025 · 2 min · Patryk Bandurski