by Luke Marshall • July 27, 2020
REST and SOAP are two important technologies for web services that revolutionize the way businesses use APIs. Since APIs are so common, it is important to test them on a regular basis to reveal vulnerabilities or potential operating problems within the web service. Testing a SOAP web service or a REST web service can seem daunting, but thankfully there are various platforms that help you to properly monitor and test your API solutions.
Before going through the highly technical process of testing a web service, it is important to understand the basics of SOAP and REST APIs as well as some other essential terms. This article will explain SOAP vs. REST, how to test SOAP and REST web services, and show you some of the top SOAP and REST testing tools available for your use today.
1. What is SOAP?
2. What is REST?
3. Testing SOAP Services
4. Testing REST Services
5. SOAP and REST Testing Tools
6. Manage and Test APIs with DreamFactory
SOAP stands for Simple Object Access Protocol. It is a messaging protocol that uses XML and highly-developed standards to share and protect data. Historically, this was the most commonly-used solution. That has since changed with the introduction of REST, but SOAP continues to be a viable alternative, thanks in great part to the great options it offers for extensibility.
Sign up for our free 14 day hosted trial to learn how.
SOAP security relies on the WS (Web Services) security protocols, as well as various other WS standards. Additionally, you can use SOAP with such important protocols as HTTP (Hypertext Transfer Protocol Secure) or SMTP (Simple Mail Transfer Protocol).
REST stands for Representational State Transfer, which is now the default choice for the majority of APIs. It is not a messaging protocol. Rather, REST is a software style or format. It gives developers an architectural framework to work from. REST supports HTTPS, but it does not include the stringent security guidelines of SOAP. Unlike SOAP, it is also not exclusively dependent on the use of XML. REST uses a basic URL to send requests and is often used in conjunction with JSON.
Developers call APIs that comply with REST standards RESTful APIs or simply REST APIs. DreamFactory is a REST API-as-a-service platform. We help companies to build and manage secure REST APIs, in addition to monitoring and testing their solutions.
Each SOAP web service testing tool may use a slightly different approach, but here we will use Postman to demonstrate the basic steps for testing a SOAP service.
Postman is an open-source tool that you can use for both REST and SOAP. You can download the app here.
Once you have downloaded the app, you will want to open a new request tab, indicated by the arrow in the picture below. Alternatively, you can press the orange New button in the upper left corner of the screen and enter a name to save the file.
Once you have opened the new request tab, Postman will show you an address field where you can enter the URL. Postman offers a simple example for testing: https://postman-echo.com/get. You can also try anything in their list of free and public SOAP APIs. This permits you to enter a SOAP endpoint URL to make a request.
Then you will have to choose what type of request you want to make. There is a drop-down menu from which you can choose GET, POST, PUT, PATCH or DELETE. Postman’s default is GET. For the purpose of this test, select POST and use this URL: https://www.dataaccess.com/webservicesserver/NumberConversion.wso.
At the top of the request tab, there are several subsections including Params, Authorization Headers, Body, Pre-request Script, Tests and Settings. Under the Body tab, choose raw.
You will now be able to enter your XML. Any such entry must include the Envelope, Header and Body tags. You must also include any namespaces, the name of the operation and the values you want to post.
Postman automatically adds a content type header. The default is application/xml. You will have to check your SOAP service to know whether you need an application/xml or you should change it to text/xml.
To do this, open the Headers tab next to the Body tab and view your hidden headers.
Then you have to deselect the Content-Type header, which is the default addition and add a new row with Content-Type in the Key column and text/xml in the Value column.
Now you simply have to press Send. If the action is successful, you can see the response in the lower tab as shown below.
You have finished testing your SOAP service. For some further testing, you can also perform schema validation in Postman.
Again, REST testing processes may vary, so SoapUI is the API testing tool we will use for testing a REST web service in this example. You can utilize SoapUI for either SOAP or REST web services, and it is the most commonly-used solution.
SoapUI is also open-source. You can download the tool for free here.
After downloading, you can follow the installation directions and then open your file. These are the steps for creating a REST project from an Endpoint using the GET method.
This is the SoapUI start page.
SoapUI offers several different ways to get started.
The result is that a box opens up for you to enter the URI. Using the URL that SoapUI offers for testing, https://petstore.swagger.io/v2/pet/findByStatus?status=available, will let you get started.
Now click OK. SoapUI automatically chooses a default Method (GET). The result will include a Service, Resource and Request.
You have made your first project and should now see the Request editor pictured below. Simply clicking the Green Play Button in the top left corner of the screen (indicated by the red arrow) will let you view the response in the right panel. The default is XML, so you will need to select the tab that correctly describes the language of your service. The options are XML, JSON, HTML or Raw. For this example you will select JSON, which is the most common for REST APIs.
In your left navigation pane, right-click on Request 1. Then choose the Add to TestCase option. Alternatively, you can simply use the hotkey combination CTRL+ALT+A.
You may need to create a new TestSuite simply by entering the name in the window that comes up and click Accept. You will also need to specify the TestCase name and set your specifications for adding the request to the TestCase.
The TestCase window will open. Press the Green Play Button again to view your response. You can then create your assertion.
With the TestCase window maximized, click on the Assertions tab as shown below and select the green plus symbol that appears to add the assertion.
Under the Property Content tab, click the Contains assertion and click Add.
A new window will appear. In this case, we must verify that ‘Petstore’ is present by entering it in the content box and pressing OK.
You can see your new project and the web service operations available for your API in the Navigator. Double-click the name of the project or service to get an overview of each.
For performing deeper testing, take a look at SoapUI’s extensive documentation.
Dreamfactory also helps with API testing and monitoring as a comprehensive Rest API management platform.
While we used two of these tools as examples already, here is some additional information on four of the top options for SOAP and REST API testing.
If the process of testing a SOAP service or REST web service looks pretty complex for you, you are not alone. Many companies choose to outsource their API testing to an API management platform like DreamFactory. We provide Restful services to help you build IoT, mobile and web applications. We also help you monitor and test APIs using little or no code. DreamFactory is available in the cloud or on-premise. We offer such powerful security options as Active Directory, OAuth2, Okta and more.
If you are seeking a solution to automatically generate customizable REST APIs and build secure SOAP services, contact DreamFactory today and receive a free trial.
Join the DreamFactory newsletter list.