How to use SoapUI NextGenPro to test RESTful web services?

The article describes how to create a functional Test Suite to validate the RESTful web services using SoapUI NG Pro.

What is a RESTful web service?

RESTful Web Services are REST architecture based web services. In REST Architecture everything is a resource. RESTful web services are lightweight, highly scalable and maintainable, commonly used to create APIs for web-based applications.

SoapUI can be used extensively to test RESTful web services. While the SoapUI free version allows creating functional test cases and test suites, SoapUI Next Generation (NG) Pro facilitates creation of functional tests, test suites, execution of test suites, security test suites and load test suites. SoapUI NG Pro is built on a platform called Ready API and it has separated functional testing, load testing and security testing with extensive built in support.

Having functionality test suites, security test suits and load test suits allows a tester to run the test cases with minimal effort and to execute the tests as and when required.

All this luxury comes with a fee and SoapUI NG Pro costs 500 USD per person annually. However anyone can experience the tool by downloading the 14 day trial version.

Tip User can install the SoapUI NG tool while having the SoapUI free version installed. Further, the same Test suites/Test cases created in free version in NG version can be used without re-creating these tests by using the Import feature.

How to set up SoapUI NG Pro?

SoapUI NG Pro is cross-platform compatible, and can be used on Windows, Mac or Linux/Unix according to project needs and preferences. The steps to setup the tool are as follows;

1. Install the SoapUI NG Pro trail version or the license version. This will take about 10 minutes.
2. Activate the trial license or the paid license
3. Open SoapUI NG Pro

SoapUI NG Pro landing screen

How to create functional Tests for REST Services?

It is simple to add functional tests if you just follow the following steps,

1. Import/create the REST web services
2. Create a test suite
3. Create test cases
4. Add test steps
5. Add assertions

When creating a functional test case in SoapUI, a common scenario is that you want to call a REST Resource and validate its response to check that the correct result is returned.

• File -> New REST Project
• Project -> New REST Service from URL
• Provide the REST URL
• Ex: https://www.movocard.com/jaguartx/api/v1/validate

This service will take a username and password, thereby validates from the back end to return the status as “Successful” or “Unauthorized” accordingly.

Create a new REST service

Add the authentication details and request parameters. Now it’s ready to create tests in order to verify the service.

How to create the Test Structure?

SoapUI structures functional tests into three levels, namely test suites, test cases and test steps.

A test suite is a collection of test cases that can be used for grouping functional tests into logical units. A test case is a collection of test steps that are assembled to test some specific aspect of the service(s). You can add any number of test cases to a containing test suite. Test steps are the “building blocks” of functional tests in SoapUI. They are added to a test case and used to control the flow of execution and validate the functionality of the service(s) to be tested.

Select the REST Service added and right click, thereby select the option “Add to test case” and this will prompt the user to give a name for the test suite.

Once a test suite is created, the user can start adding any number of test cases.

Test suite, test cases and test steps Structure

For this particular validation service, we can add following tests,

1. Pass valid username and valid password – > Expect “Success”
2. Pass valid username with empty password – > Expect “Unauthorized”
3. Pass valid username with incorrect password- > Expect “Unauthorized”
4. Pass empty username and password- > Expect “Unauthorized”

Test cases added for a REST Service

Once we have added test cases in order to get a pass/fail result in our test execution results, we need to add verification checks which we call as assertions in the SoapUI context.
There are predefined assertions inbuilt in the tool. Apart from these, testers can script their own assertions using Groovy language.

Pre-defined Assertions

In this particular “Validate” REST service test case, we can add the assertion “Property Content – Contains” where the assertion checks for the “Success” response when the correct user credentials has been passed and checks for “Unauthorized” when incorrect user credentials are passed.

Add an assertion to a test

How to execute the “Functional Tests”?

Now that the functional tests and their expected results in terms of assertions were set up, a tester can execute the tests. A tester can execute a single test or the entire collection of tests which is called a test suite.

A tester can specify whether to execute tests in parallel or one after the other.

In real life, when there hundreds of web services to test in a project it is efficient and effective to set up a test suite that covers all functional test cases in a test suite as it facilitates executing all test cases with just a single click.

Test Results History

Here is a history report of the overall test execution results. The tester is able to receive a detailed picture of the failed tests and then use these findings to report defects in a defect management tool. SoapUI NG Pro supports plugins to integrate with some defect management tools such as Jira.

SoapUI NG Pro – Test Execution Results History

How to create “Security Tests”?

The security testing tool built in SoapUI NG Pro provides a wide range of security scans to ensure that your API is not vulnerable to various security exploits.

Security tests are layered on top of an existing test case to which it then applies a configurable number of security scans which perform the actual vulnerability scanning and detection.

A security test consists of a number of scans, which each have a number of related assertions.

• • Create security tests

A tester can select a REST service and add a security test.

Case -> New Security Test

Thereafter, a pop up will appear to select the target test case and to select the applicable security scans which comes inbuilt with the tool.

• • Sample security scans available are;
    1. Boundary scan
    2. Cross site scripting
    3. Fuzzing scan
    4. Invalid types
    5. SQL injection
    6. Weak authentication & ttc.

A detailed article on above scans can be viewed at-
http://readyapi.smartbear.com/secure/scans/start

Add Security Scans required to validate a service

• • Execute the Security Tests

Tester can execute the security tests thereafter the results and values sent in the parameters can be seen in the log as follows.

Security Tests Execution Results

References:

• • Free 14 day Trail : https://smartbear.com/product/ready-api/SoapUI-ng/free-trial/
  • Features : https://smartbear.com/product/ready-api/SoapUI-ng/features/
  • Documentation : http://readyapi.smartbear.com/start