API testing on SoapUI for Beginners
1. What is an API?
API (‘Application programming interface’.) is an intermediary that helps applications to interact with each other. API consists of set of rules that describes how one application interacts with another and there are mechanisms for that. In other words, API helps to exchange functions or data between applications.
2. How an API works?
When one application wants to access the data in another application or send data to that application, an interaction occurs. This also can happen when an application wants to request a service from another. The most important is API is not a user interface but an interaction that provides on software –to-software.
Real world scenario for API:
Here, waiter is like the API. The waiter (API) takes the customer’s order to the kitchen (System) and tells what to prepare (what to do) and returns with the ordered food. (brings back the response of what the customer asked for).
3. What is API testing ?
API testing directly involves with APIs and do the testing and API testing used to test as a part of integration testing to verify whether the API meets expectations. Business logic layer is the focus in API testing.
Simply, API testing is testing without GUI. This is very different from GUI testing because API testing is not based on look and the feel of the application. Here, testers pro grammatically simulate data and control follow scenarios. The focus here is on functionality not on customer experience.
4. Why is API Testing important?
1. The trend — There is a rapid growth in API testing throughout the last 10 years. It is quite popular comparing to other testing.
2. Time efficient — Parallel execution is possible which reduce test execution time.
3. Language independent — Can easily parse data using JSON or XML. Because of that, any language can be used to test the response.
4. Easy GUI integration
5. API Testing practices
1. Functional testing –Testing to verifies each function in the application whether it is operates correctly according to the requirement specification. Functional testing is a black box testing type that the testing is done without going to the internal implementation.
2. Penetration testing — Testing to identify vulnerabilities of an application to from attackers.
6. API testing tools
There are many API testing tools. Some of them are mentioned in the below. However, SOAP UI tool is used in the document.
1. SOAP UI
2. Katalon Studio
3. Postman
4. JMeter
5. Rest-Assured
7. What is SoapUI?
SOAP UI is an open source API testing tool that helps testers to do functional, regression, compliance and load testing on all kind of APIs. For example: APIs such as SOAP and REST, API.
NOTE:
· Functional testing — Testing to verifies each function in the application whether it is operates correctly according to the requirement specification. Functional testing is a black box testing type that the testing is done without going to the internal implementation.
· Regression testing — Testing to ensure that recently added program or code changes has not break the existing functionalities in the system.
· Compliance testing — Testing to determine that the system complies with the requirements in the specification, conditions and standards along with its documentation. Compliance testing are based on performance, interoperability etc.
· Load testing — Testing to determine the actual user load on any application or website. It helps to test how the application behaves during normal and high loads.
8. Testing on SoapUI
a. How to install SoapUI on windows?
There are two different versions.
1. SOAP UI — Free source version
2. SOAP UI Pro version
Step 1: First download SOAP UI free source version.[Current latest version is Version 5.5.0]
Step 2: Then install it as below.
1. Click on ‘Run’
2. Click on ‘Next’ for all steps.
3. Click on ‘Finish’
Step 3: Home page of SoapUI as below. Skip the dialogue box.
b. How to test web services on SoapUI?
There are two architectural types of web services that can test on SoapUI. They are,
1. SOAP web services
2. REST web services
c.What is a SOAP web service ?
SOAP service use SOAP protocol that built using HTTP. These services are HTTP POST type that pass data in XML format in request and response bodies. All requests goes to a same URL and special request headers or XML elements can be added to the request body to execute operations. Moreover, SOAP services use WDSL definitions.
d. What is a REST web service ?
REST service uses HTTP. These operations are executed by using combinations of HTTP methods and the request resource name.
For example:
REST service name of an online pet store: /pets
The POST/GET requests can be add information or retrieve data to /from the database as: http://petstore.io/pets
Moreover, SOAP services use WADL definitions, Swagger [Open API] etc.
e. Testing SOAP calls on SoapUI
Step 1: Create a SOAP project.
Step 2: A setup pop up will display on SoapUI interface. Some certain things need to do to fill out mandatory fields.
1. ‘Project Name’ — Enter a project name
2. ‘Initial WSDL’ –
a. Method 1 : [Method 1 is used in the document]
i. Search an example WDSL file on the internet.
ii. Copy the URL and paste it on ‘Initial WDSL’ field. [WSDL used: http://www.dataaccess.com/webservicesserver/numberconversion.wso?WSDL ]
b. Method 2: If there is, a file already download into the machine, click on the ‘Browse’ button and select the file.
NOTE:
What is a WSDL?
WSDL stands for Web Services Description Language. Basically , what a WSDL does is that it describes a web service specifying the location of the service and the methods of the service using major XML elements such as <types> , <message>,<portType> and <binding>.
It is not necessary to add WSDL services to SOAP projects but WSDL is used in many SOAP projects as a primary source. This can be added either when creating a new project or after creating the project. If WSDL is added to a file, the testing becomes a lot easier since WSDL file usually consists with all necessary information about the web service that need to test.
A sample WSDL structure would look like the below figure.
Since Method 1 is using for the project, fill out the fields as on the below screenshot.
Step 3: Click on ‘OK’ to create the new SOAP project.
The project hierarchy should come like the above figure if the WSDL has added successfully.
NOTE: Connection between Test Suite, Test Case and Test Steps.
Step 4: Create a test suite
Path: Right click on the created project > New Test Suite
Step 5: Add a new test case to test suite
Path: Right click on ‘Test Suite’ created > New Test case
Step 6: Add test steps to test case
Step 7: Add the relevant endpoint to the request. These endpoints list down here because of the WSDL added before.
Step 8: Run the test step using green arrow.
Request and response displays as xml format.
The actual content of request and response that are submitted on the above screenshot in xml formal can be displayed as raw request and response.
Only xml and raw formats are visible here since this is a SOAP project.
f. Testing REST calls on SoapUI
Step 1: Create a REST project.
Step 2: A setup pop up will display on SoapUI interface.
‘URL’ — Add a WADL on this field.
1. Method 1 : [Method 1 is used in the document]
· Search an example WADL/Swagger URL on the internet.
· Copy the URL and paste it on ‘URL field. [Swagger url used: http://petstore.swagger.io/v2/swagger.json ]
2. Method 2: If there is a file already download into the machine, click on ‘Import WADL…’ > ‘Browse’ button and select the file.
NOTE:
What is a WADL?
WADL stands for Web Application Description Language. WADL file is the equivalent file for WSDL file that used in SOAP project in the above sections. What a WADL does is that it describes REST web services.
Since Method 1 is using for the example,
Step 3: Click on ‘OK’ to create the new REST project.
NOTE: Connection between Service, resources and requests.
The project hierarchy should come like the above figure if the WADL has added successfully.
Step 4: Create a resource
Path: Right click on the endpoint > New Resource
Adding resources: http://petstore.swagger.io/#/
Step 5: Generate test suite.
Path: Right click on endpoint added > Generate Test Suite
Step 6: Add test steps to test case
Step 7: Add the relevant endpoint to the request. These endpoints list down here because of the Swagger URL added before.
Step 8: Run the test step using green arrow.
9. Adding Endpoints
What are endpoints?
Endpoints are one end of a communication channels. Endpoints are considers as touchpoints of a communication when an API interacts with another system.
How to add an endpoint?
1. Click on ‘Endpoint Explorer’ button.
2. Select the method type. Example : to retrieve > choose ‘GET’ method
3. Add the endpoint. Example : http://petstore.swagger.io
4. Click on ‘Send’ button and check whether there is a success raw response.
5. Click on ‘Save Request’ to save the request.
10. Properties and Parameterizing
- Custom HTTP Headers — Specific headers can be sent through this field. Click on ‘+’ sign to get the pop up window ‘Add HTTP Header’. Give a name for the header.
Before adding the header, the request body has no field called ‘key’:
After passing the header, request body gets ‘key’ field along with its value.
2. Parameterizing –
Simply adding properties to either project level, test suite level or test case level, parameterizing can be done.
For example:
A custom property is added to Test Suite level.
Custom properties can be added to the project level as well. Below example is extracted from PayPal project SoapUI script. The added custom properties are needed to work the PayPal fuel flow. Therefore, the custom properties are added in the project level.
11. Adding Assertions
Click on ‘+’ to add assertions.
There is a window pops up with various assertions.
Example Scenario of adding assertions
Response gets 200 as the valid https status for this script.
The http status can be asserted with the relevant http code.
Specify the http code that should come for the response
Since the response also retrieve with the http status as 200 and it matches with the assertion, the test case will pass with the assertion as below.
If the http status code doesn’t match with the status code on the response, the test case will fail with the assertion as below.
Http status code in the assertion = 400 [Bad request status code]. Therefore, the test case should fail.