How to Start Using the Anypoint CLI

byGonzalo Marcos -


We spend a lot of time in the Anypoint Platform UI. We click through environments, navigate Runtime Manager, check application statuses, and repeat the same actions across organizations. It works. But it does not scale.

What if we could do all of that from a terminal — and script it?

That is exactly what the Anypoint Platform CLI gives us. In this post, we install it on macOS, configure authentication, and run our first real command against a CloudHub 2.0 environment.


What Is the Anypoint CLI?

The Anypoint Platform CLI is a command-line tool that lets us interact with Anypoint Platform without opening a browser. It covers a wide range of platform operations — deploying applications, managing APIs, querying environments, and more.

The current version is Anypoint CLI 4.x. It runs only in batch mode. There is no interactive mode. Every command runs, returns a result, and exits. That design makes it perfect for automation.


When Should We Use It?

The CLI solves three real problems we face every day:

Problem Without CLI With CLI
Repetitive platform tasks Click through the UI every time Run a single command
Cross-environment consistency Manual, error-prone Scripted, repeatable
CI/CD pipeline integration Not possible via UI Native support


We use the CLI when we need to automate deployments, query application state from a pipeline, or apply consistent changes across multiple environments without touching the UI.


Step 1 — Install Node.js and npm on macOS

The Anypoint CLI is built on Node.js. Before we install the CLI, we'll need Node.js and npm on our machine.

The CLI requires Node.js version 18.0.0 to 20.0.0 and npm version 7 or later.


1.1 — Check if Node.js and npm are already installed

We'll open Terminal and run:

node --version
npm --version


If both commands return a version number, we'll check the values against the requirements. We need Node.js 18 or 20, and npm 7 or later:

v20.x.x   ← acceptable (18.x.x or 20.x.x)
10.x.x    ← acceptable (7 or later)


If the versions meet those requirements, we'll skip ahead to Step 2. If the commands return command not found, or the versions are outside the required range, we'll install Node.js using Homebrew.


1.2 — Install Homebrew (if not already installed)

Homebrew is a package manager for macOS. We'll check if it's already present:

brew --version


If Homebrew is installed, the command returns its version and we'll move on. If not, we'll install it:

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"


The installer will prompt us for our system password. After it completes, we'll follow any instructions it prints to add Homebrew to our shell PATH.


1.3 — Install Node.js 20 with Homebrew

We'll run:

brew install node@20


Homebrew installs both Node.js and npm together. After installation, we'll link the version so the terminal can find it:

brew link node@20 --force --overwrite


1.4 — Verify the installation

We'll confirm both tools are available and at the correct versions:

node --version
npm --version


Expected output:

v20.x.x
10.x.x


We need Node.js 18 or 20, and npm 7 or later. If the versions match, we're ready to install the CLI.


Step 2 — Install the Anypoint CLI

We'll install the Anypoint CLI core package and all default plugins with a single npm command:

npm install -g anypoint-cli-v4


The -g flag installs the package globally. The CLI will be available from any directory in our terminal.

Note on permissions: Depending on our macOS setup, we may need to prefix the command with sudo. If npm reports a permissions error, we'll run sudo npm install -g anypoint-cli-v4 and enter our system password.


The installation includes the following default plugins:

Plugin What It Manages
anypoint-cli-account-plugin Accounts and business groups
anypoint-cli-api-mgr-plugin API Manager
anypoint-cli-cloudhub-plugin CloudHub 1.0
anypoint-cli-runtime-mgr-plugin Runtime Manager (CloudHub 2.0)
anypoint-cli-exchange-plugin Anypoint Exchange
anypoint-cli-designcenter-plugin Design Center
anypoint-cli-governance-plugin API Governance


Step 3 — Verify the Installation

Before we configure authentication, we'll confirm the CLI installed correctly.

3.1 — Check the core version:

anypoint-cli-v4 --version


Expected output:

anypoint-cli-v4/1.x.x darwin-arm64 node-v20.x.x


3.2 — List installed plugins:

anypoint-cli-v4 plugins --core


We should see a list of all installed plugins with their version numbers. If anypoint-cli-runtime-mgr-plugin appears in that list, we're ready for the next step.


Step 4 — Configure Authentication

The CLI must authenticate against Anypoint Platform before we can run any commands. We have three authentication options:

  • Username and password
  • Client ID and client secret (via Connected Apps)
  • Bearer token (command-line only)

Important: Since MuleSoft enabled Multi-Factor Authentication (MFA) for all users starting October 2022, username and password authentication alone will not work for accounts with MFA enabled. For those accounts, we must use Connected Apps (client ID and client secret).


Option A — Username and Password (no MFA)

We'll store credentials in the CLI configuration file:

anypoint-cli-v4 conf username myUserName
anypoint-cli-v4 conf password myPassword
anypoint-cli-v4 conf organization myOrgId

On macOS, the CLI stores these values in:

~/Library/Preferences/anypoint-cli-v4-nodejs/config.json


Option B — Connected Apps (recommended for MFA accounts)

We'll generate a Connected App in Anypoint Platform's Access Management. The app needs the View Organization and View Environment scopes at minimum. Then we'll store those credentials:

anypoint-cli-v4 conf client_id myClientID
anypoint-cli-v4 conf client_secret myClientSecret
anypoint-cli-v4 conf organization myOrgId


Option C — Environment Variables (recommended for CI/CD)

For pipelines, we'll never store credentials in config files. We'll export them as environment variables before running any CLI commands:

export ANYPOINT_CLIENT_ID=myClientID
export ANYPOINT_CLIENT_SECRET=myClientSecret
export ANYPOINT_ORG=myOrgId


The CLI reads these variables automatically.

Authentication Override Order

The CLI applies credentials in this priority order:

  1. Command-line parameters (highest priority)
  2. Environment variables
  3. Credentials configuration file (lowest priority)


Step 5 — Test the Connection

Before we go further, we'll confirm authentication works. We'll run a simple command that lists our Anypoint environments:

anypoint-cli-v4 account:environment:list


A successful response returns a table of environments in our organization:


If we see this output, authentication is working. The CLI is connected to Anypoint Platform.

If we see an authentication error, we'll double-check our credentials. For MFA-enabled accounts, we must use Connected App credentials, not username and password.


Step 6 — List CloudHub 2.0 Applications

Now we'll run a real operational command. We'll list all applications deployed to CloudHub 2.0 in our organization. For this you'll need the Read Applications scope in Runtime Manager in your connected app.

The command is:

anypoint-cli-v4 runtime-mgr:application:list


We can also write it with spaces instead of colons:

anypoint-cli-v4 runtime-mgr application list


Both forms work identically.


Basic Usage

We'll run the command with our organization and target environment:

anypoint-cli-v4 runtime-mgr:application:list \
  --organization myOrgId \
  --environment Production

Expected output (table format by default):

ID                                    Name                Status    Target
────────────────────────────────────  ──────────────────  ────────  ───────────────────────
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  order-api           RUNNING   cloudhub-us-east-1
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  customer-api        RUNNING   cloudhub-us-east-1
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  inventory-api       STOPPED   cloudhub-us-east-1


JSON Output

The --output json flag returns structured data. This is what we'll use in scripts and pipelines:

anypoint-cli-v4 runtime-mgr:application:list \
  --organization myOrgId \
  --environment Production \
  --output json


The response is a JSON array. Each element represents one deployed application with full metadata.


Using Environment Variables Instead of Flags

If we've set ANYPOINT_ORG and ANYPOINT_ENV, we can skip those flags entirely:

export ANYPOINT_ORG=myOrgId
export ANYPOINT_ENV=Production

anypoint-cli-v4 runtime-mgr:application:list


The CLI picks up the values automatically.


What the Application IDs Give Us

The ID column in the output is the appID. We'll use this ID in follow-up commands. For example, to describe a specific app:

anypoint-cli-v4 runtime-mgr:application:describe <appID>



Or to stop it:

anypoint-cli-v4 runtime-mgr:application:stop <appID>


Every application management command in the Runtime Manager plugin takes this appID as input. The list command is always our starting point.


Summary

We covered the full setup path for the Anypoint CLI on macOS:

  • The CLI automates Anypoint Platform operations from the command line and integrates with CI/CD pipelines.
  • It requires Node.js 18–20 and npm 7+. We install it globally with npm install -g anypoint-cli-v4.
  • We authenticate with username/password, Connected Apps, or environment variables. For MFA-enabled accounts, Connected Apps are mandatory.
  • We verify the setup by listing environments with account:environment:list.
  • We list CloudHub 2.0 applications with runtime-mgr:application:list. The appID from that output drives every other application management command.

In our next post Anypoint CLI Best Practices we'll review some best practices on how to use the Anypoint CLI

You may like these posts

Previous Post Next Post