---
name: Certyo + MuleSoft Anypoint Integration
version: 1.0.0
description: Generate MuleSoft Anypoint → Certyo integration code with DataWeave transforms, API-led connectivity, auth, and working examples
api_base: https://www.certyos.com
auth: X-API-Key header
last_updated: 2026-04-14
---
# Certyo + MuleSoft Anypoint Integration Skill
This skill generates production-ready MuleSoft Anypoint integrations that ingest records into Certyo's blockchain-anchored authenticity platform. It follows API-led connectivity patterns with DataWeave transforms, encrypted credential management, and robust error handling.
## Certyo API Reference
### Endpoints
| Method | Path | Description | Response |
|--------|------|-------------|----------|
| `POST` | `/api/v1/records` | Ingest a single record | `202 Accepted` |
| `POST` | `/api/v1/records/bulk` | Ingest up to 1000 records | `202 Accepted` |
| `POST` | `/api/v1/verify/record` | Verify blockchain anchoring | `200 OK` |
| `GET` | `/api/v1/records` | Query records | `200 OK` |
### Authentication
All requests require the `X-API-Key` header with a valid Certyo API key.
### Record Payload
```json
{
"tenantId": "string (required)",
"database": "string (required)",
"collection": "string (required)",
"recordId": "string (required)",
"recordPayload": { "...any JSON (required)" },
"clientId": "string (optional)",
"recordVersion": "string (optional, default '1')",
"operationType": "upsert|insert|update|delete (optional)",
"sourceTimestamp": "ISO 8601 (optional)",
"idempotencyKey": "string (optional)"
}
```
### Response (202 Accepted)
```json
{
"recordId": "string",
"recordHash": "string (SHA-256)",
"tenantId": "string",
"acceptedAt": "ISO 8601",
"idempotencyReplayed": false
}
```
### Pipeline
Record ingestion flows through: Kafka accumulation (1000 records or 60s flush) then Merkle tree computation then IPFS pin then Polygon anchor (~60-90s end to end).
## Integration Pattern
This integration follows MuleSoft's **API-led connectivity** three-layer architecture:
```
Source System API (Experience/System)
|
Process API (DataWeave transform + orchestration)
|
Certyo System API (HTTP Requester to Certyo)
```
- **Source System API**: Receives data from upstream systems (ERP, CRM, databases) via HTTP Listener, polling, or watermark-based triggers.
- **Process API**: Transforms source payloads into Certyo record format using DataWeave 2.0, applies business rules, and routes to the correct endpoint.
- **Certyo System API**: Manages the HTTP connection to Certyo, handles authentication, retries, and error responses.
## Authentication
### Anypoint Connected App (for Anypoint Platform access)
Use a Connected App with client credentials for deploying and managing the Mule application via Anypoint Platform APIs.
### Certyo API Key in Mule Secure Properties
Store the Certyo API key in an encrypted properties file using Mule Secure Properties module. Never place API keys in plain-text `.properties` or `.yaml` files.
**`src/main/resources/config-secure.yaml`** (encrypted values):
```yaml
certyo:
apiKey: "![encryptedValue]"
baseUrl: "https://www.certyos.com"
tenantId: "your-tenant-id"
```
**Encryption command** (AES algorithm with a key stored in a runtime property):
```bash
# Encrypt the API key value
mvn com.mulesoft.tools:secure-properties-tool:1.2.0:string-encrypt \
-Dalgorithm=AES -Dmode=CBC \
-Dkey=${MULE_ENCRYPTION_KEY} \
-Dvalue="your-certyo-api-key"
```
**Global configuration referencing secure properties:**
```xml
```
## Field Mapping
MuleSoft connects to any source system, so the mapping is generic. Adapt the source fields to match your upstream data.
| Certyo Field | Source (Generic) | DataWeave Expression | Notes |
|---|---|---|---|
| `tenantId` | Config property | `p('certyo.tenantId')` | From secure properties |
| `database` | Source system name | `vars.sourceSystem` | Set as flow variable |
| `collection` | Source entity type | `vars.entityType` | e.g., "orders", "invoices" |
| `recordId` | Source record ID | `payload.id` | Unique in source system |
| `recordPayload` | Full source record | `payload` | Entire source payload |
| `clientId` | Anypoint client ID | `p('anypoint.clientId')` | Optional traceability |
| `operationType` | Derived from trigger | `vars.operationType` | "insert", "update", etc. |
| `sourceTimestamp` | Source timestamp | `payload.lastModified` | ISO 8601 format |
| `idempotencyKey` | Composite key | `vars.sourceSystem ++ ":" ++ payload.id ++ ":" ++ payload.version` | Prevents duplicates |
## Code Examples
### DataWeave 2.0 Transform: Source Record to Certyo Payload
**`src/main/resources/dw/transform-to-certyo-record.dwl`**:
```dataweave
%dw 2.0
output application/json
var sourceSystem = vars.sourceSystem default "unknown"
var entityType = vars.entityType default "records"
var opType = vars.operationType default "upsert"
---
{
tenantId: p('certyo.tenantId'),
database: sourceSystem,
collection: entityType,
recordId: payload.id as String,
recordPayload: payload,
clientId: p('anypoint.clientId') default null,
recordVersion: (payload.version default "1") as String,
operationType: opType,
sourceTimestamp: payload.lastModified
default payload.updatedAt
default now() as String { format: "yyyy-MM-dd'T'HH:mm:ss'Z'" },
idempotencyKey: sourceSystem ++ ":" ++ (payload.id as String) ++ ":" ++ (payload.version default "1") as String
}
```
### DataWeave 2.0 Transform: Bulk Records
**`src/main/resources/dw/transform-to-certyo-bulk.dwl`**:
```dataweave
%dw 2.0
output application/json
var sourceSystem = vars.sourceSystem default "unknown"
var entityType = vars.entityType default "records"
---
payload map ((item, index) -> {
tenantId: p('certyo.tenantId'),
database: sourceSystem,
collection: entityType,
recordId: item.id as String,
recordPayload: item,
recordVersion: (item.version default "1") as String,
operationType: vars.operationType default "upsert",
sourceTimestamp: item.lastModified
default now() as String { format: "yyyy-MM-dd'T'HH:mm:ss'Z'" },
idempotencyKey: sourceSystem ++ ":" ++ (item.id as String) ++ ":" ++ (item.version default "1") as String
})
```
### Mule 4 Flow XML: Single Record Ingestion
**`src/main/mule/certyo-process-api.xml`**:
```xml
```
### Mule 4 Flow XML: Batch Job for Bulk Ingestion
**`src/main/mule/certyo-batch-flow.xml`**:
```xml
```
### Retry Configuration with Until-Successful
For critical record ingestion that must not be lost, wrap the HTTP request in an `until-successful` scope:
```xml
```
### Dead Letter Queue (DLQ) Flow
Route permanently failed records to a DLQ for manual review:
```xml
#[output application/json --- {
record: payload,
error: vars.errorDescription,
failedAt: now() as String {format: "yyyy-MM-dd'T'HH:mm:ss'Z'"},
retryCount: vars.retryCount default 0
}]
```
## Verification & Write-back
After records are anchored (~60-90 seconds), verify and write the blockchain proof back to the source system.
### Verification Flow
```xml
```
## Code Generation Rules
1. **Use API-led three-layer architecture.** Always separate Source System API, Process API, and Certyo System API into distinct Mule applications or at minimum distinct flows. Never combine source-system polling and Certyo API calls in a single flow without a process layer.
2. **Store the Certyo API key in Secure Properties (encrypted), never in plain-text properties files.** Use `secure-properties:config` with AES/CBC encryption. Reference values with `${secure::certyo.apiKey}`. Never hard-code API keys in flow XML.
3. **Use DataWeave 2.0 for all data transformations.** Never use Set Payload with inline expressions for building JSON. Always create `.dwl` files in `src/main/resources/dw/` and reference them with `resource="dw/filename.dwl"`. This keeps transforms testable and maintainable.
4. **Implement `on-error-propagate` with retry for HTTP errors.** Use `until-successful` for transient errors (HTTP:CONNECTIVITY, HTTP:TIMEOUT) with exponential backoff. Use `on-error-propagate` to catch and categorize errors. Route permanently failed records to a DLQ (VM queue or Object Store).
5. **Use Batch Job for datasets exceeding 100 records.** Configure `batch:aggregator` with `size="1000"` to match the Certyo bulk endpoint limit. Set `maxFailedRecords="-1"` to process all records even if some fail. Log batch completion stats in `batch:on-complete`.
6. **Log with a custom logger category (`com.certyo.integration`).** Always specify `category` on every `` element. Use INFO for successful operations, WARN for retries, ERROR for failures. Include `recordId` and `recordHash` in log messages for traceability.
7. **Use externalized properties for all URLs, tenant IDs, and configuration values.** Never hard-code `https://www.certyos.com` or tenant IDs in flow XML. Use `${certyo.baseUrl}` and `${certyo.tenantId}` from properties files, with environment-specific overrides via `config-${env}.yaml`.
8. **Validate payloads before sending to Certyo.** Add a DataWeave validation step that checks all required fields (`tenantId`, `database`, `collection`, `recordId`, `recordPayload`) are present and non-null. Route invalid records to an error flow rather than sending them to the API.
9. **Use Object Store for state management across flows.** Track pending verifications, batch results, and DLQ entries in persistent Object Stores with appropriate TTLs. Never rely on in-memory state for cross-flow coordination.
10. **Generate `mule-artifact.json` with correct classloader isolation.** Include all required connectors (HTTP, Secure Properties, VM, Object Store, Batch) in the artifact descriptor. Set `minMuleVersion` to `4.4.0` or higher. Include MUnit test scaffolding for every flow.