I have implemented the Anypoint API Manager for our 3 clients. For us, Anypoint API Manager is the main and only point of entry to access our Web APIs hosted in a hybrid environment (on CloudHub and on-premise). We are managing our API access policies from the API Manager. It's really very easy to control the access of API through API manager. One can easily enable or disable policies without much effort and with zero downtime cost. Below are few policies which we majorly implement for our clients-
1. Rate Limiting
2. Basic Authentication with LDAP
3. SLA Based Rate limiting
4. IP whitelist/blacklisting etc.
There are many other cool features provided by Mulesoft API manager but above ones are commonly used. OAuth 2.0 Token authorization is also very easy to implement with API Manager.