This document discusses SoapUI and Postman, two popular tools for API testing. SoapUI is an open-source testing tool that can be used to test web services and APIs. It supports protocols like HTTP, SOAP, REST, and others. Postman is also commonly used for API testing. It allows testing HTTP requests using features like collections for organizing tests, parameters for data-driven testing, and environments for managing test data. Both tools automate testing of APIs to validate functionality, security, and performance.
2. Introduction
Web services overview
A Web service, in very broad terms, is a method of communication between
two applications or electronic devices over the World Wide Web (WWW).
Web services are of two kinds:
Simple Object Access Protocol (SOAP)
Representational State Transfer (REST).
3. What is API and What is API Testing ?
API (Full form Application Programming Interface) enables
communication and data exchange between two separate
software systems. A software system implementing an API
contains functions/sub-routines which can be executed by
another software system.
The purpose of API Testing is to check the functionality,
reliability, performance, and security of the programming
interfaces. In API Testing, instead of using standard user
inputs(keyboard) and outputs, you use software to send calls to
the API, get output, and note down the system's response. API
tests are very different from GUI Tests and won't concentrate on
the look and feel of an application. It mainly concentrates on the
business logic layer of the software architecture.
4. What is SOAP & REST ?
SOAP stands for Simple Object Access Protocol. It is a protocol which is used to
exchange information in the form of structured data like XML, JSON or plain data
etc. with the help of Web Services or Web API in computer networks. XML format
information is negotiated and transferred on the application layer of computer
networks using protocol like HTTP (Hyper Text Transfer Protocol), SMTP (Simple
Mail Transfer Protocol) etc.
REST determines how the API looks like. It stands for “Representational State
Transfer”. It is a set of rules that developers follow when they create their API.
One of these rules states that you should be able to get a piece of data (called a
resource) when you link to a specific URL. Each URL is called a request while the data
sent back to you is called a response
5. SOAP VS REST
SOAP REST
Standardized protocol with pre-defined rules
to follow.
Architectural style with loose guidelines and
recommendations.
Function-driven (data available as services,
e.g.: “getUser”)
Data-driven (data available as resources, e.g.
“user”).
Only XML. Plain text, HTML, XML, JSON, YAML, and
others.
Enterprise apps, high-security apps,
distributed environment, financial services,
payment gateways, telecommunication
services.
Public APIs for web services, mobile services,
social networks.
High security, standardized, extensibility. Scalability, better performance, browser-
friendliness, flexibility.
Poorer performance, more complexity, less
flexibility.
Less security, not suitable for distributed
environments.
6. What is SOAP UI ?
SoapUI is an open-source testing tool which can operate in
cross-platforms.
It is mainly used to test Web services and Web APIs.
It has very simple User Interface which is very easy to handle
by both technical and non-technical users.
Using SoapUI tool, tester can automate both functional tests
as well non-functional tests and can execute compliance,
regression, security and load tests for Web APIs.
All standard protocols like HTTP, HTTPS, SOAP, WSDL, REST,
JDBC, JMS, etc. are supported by SoapUI and has in-built
technologies to test all kind of APIs. Diagram below
represents the protocols supported by SoapUI
7. What is WSDL ?
WSDL - WSDL stands for Web Services Description Language
WSDL is used to describe web services
WSDL is written in XML
An WSDL document describes a web service. It specifies the location of the
service, and the methods of the service, using these major elements:
8.
9. Advantages of SOAP
Functional Testing - Powerful and innovative features help you validate
and improve the quality of your services and applications.
Data Driven - Use the Data Source Test Step to read and loop test data.
Regression Testing - it is used to find any side effects of the new change
or fix.
Load Testing - Load testing is conducted to analyze the load that a web
service or web API can withhold before it breaks
Security Testing: This kind of testing is supported by SoapUI to ensure
authorization and authentically in request and response model of web
services and web APIs
11. Creating a SoapUI Project
Step1: File New Generic Project
Enter Project Name and select the Add Rest Service check
box.
12. Step2: New Rest Service Dialog
Enter the Service Name and select the Create Resource check
box.
13. Postman
Postman is currently one of the most popular tools used
in API testing. It started in 2012 as a side project by
Abhinav Asthana to simplify API workflow in testing and
development. API stands for Application Programming
Interface which allows software applications to
communicate with each other via API calls
Some of the features of Postman are :- Accessibility ,
Use of Collections, Collaboration, Creating
Environments, Creation of Tests, Debugging
14. GET Requests
Get requests are used to retrieve information from the
given URL. There will be no changes done to the
endpoint.
15. POST Requests
Post requests are different from Get request as there is
data manipulation with the user adding data to the
endpoint.
16.
17. Parameterization of Requests
Data Parameterization is one of the most useful features
of Postman. Instead of creating the same requests with
different data, you can use variables with parameters.
These data can be from a data file or an environment
variable. Parameterization helps to avoid repetition of
the same tests and iterations can be used for
automation testing.
Parameters are created through the use of double curly
brackets: {{sample}}
18.
19. Collections
Collections play an important role in organizing test suites. It can be
imported and exported making it easy to share collections amongst the
team.
20.
21.
22. Generic Meanings of HTTP Response Status
Codes
Response Status Code Meaning
200 Ok Successful requests other than creations and deletions.
201 Created Successful creation of a queue, topic, temporary queue, temporary topic, session,
producer, consumer, listener, queue browser, or message.
204 No Content Successful deletion of a queue, topic, session, producer, or listener.
400 Bad Request The path info doesn't have the right format, or a parameter or request body value
doesn't have the right format, or a required parameter is missing, or values have the
right format but are invalid in some way (for example, destination parameter does
not exist, content is too big, or client ID is in use).
403 Forbidden The invoker is not authorized to invoke the operation.
404 Not Found The object referenced by the path does not exist.
405 Method Not Allowed The method is not one of those allowed for the path.
409 Conflict An attempt was made to create an object that already exists.
500 Internal Server Error The execution of the service failed in some way.