Although not very specific to Mule, this post is a bit of a heads up to API users of Cornerstone and similar SaaS providers. It is becoming a very common API authentication design to use Session Tokens even though RESTful itself isn’t stateful. This design helps in avoiding to perform authentication checks for every request (which can create huge bottlenecks on Authentication Gateways).
The figure below enlists steps to a typical authentication in this design. In short, an initial request to authenticate will result in a response containing a session token and an expiry timestamp, which is then used in all subsequent requests until the token expires.