by Luke Marshall • July 27, 2021
REST and SOAP are two critical web services technologies that revolutionize how businesses use APIs. Since APIs are so common, it’s important to test them regularly to find vulnerabilities or potential operating problems within the web service. Testing a SOAP web service or a REST web service can seem daunting, but various platforms help you properly monitor and test your API solutions. Before going through the technical process of testing a web service, it’s worth taking the time to understand the basics of SOAP and REST APIs and some other essential terms. This article will explain SOAP vs. REST, how to test SOAP and REST web services, and show you some of the top SOAP and REST testing tools available for your use today.
Sign up for our free 14 day hosted trial to learn how.
SOAP stands for Simple Object Access Protocol. Microsoft originally came up with SOAP to facilitate messaging services on the internet. It uses XML exclusively for sending and receiving data. When SOAP was first released, reliance on XML was a big reason to adopt it as a standard. Since XML is a text-based language well-supported on all major platforms, it was a perfect fit for sending data via APIs.
After the initial release of SOAP, Microsoft handed over development and maintenance to the Internet Engineering Task Force (IETF), where it eventually became a web standard. As the first popular web service, a long list of protocols and standards have been developed for use with SOAP, most of them starting with the initials WS (Web Services). One of the most important is WS Security, the security protocol that secures SOAP transmissions.
Developers tend to like SOAP’s built-in error handling. If there’s a problem with a SOAP request, a detailed error message is sent in response to help troubleshoot the issue. There is a standard list of error codes used, which can be used to automate error handling in code.
SOAP is primarily associated with HTTP, the web protocol native to all modern platforms. It can also be used with other internet protocols, such as SMTP. While SOAP has had a long run as a widely-used protocol, over time, developers started to want something more flexible. Not all programming languages are good at exporting the required XML needed to make a SOAP request, creating the need for a protocol that can use other messaging formats.
The need for more flexibility in web services developers to create several alternatives. Today, REST is the most popular. REST stands for Representational State Transfer, and it is now the default choice for the majority of APIs. Unlike SOAP, REST is not exclusively dependent on the use of XML. The most commonly used language with REST is JSON.
REST gives developers a broad architectural framework to work from. It usually just relies on a simple URL for sending information. Through the URL format, REST can use common HTTP 1.1 tasks like GET, POST, PUT and DELETE to accomplish tasks. REST supports HTTPS but without the stringent security requirements of SOAP.
Developers call APIs that comply with REST standards RESTful APIs or simply REST APIs. DreamFactory is a REST API-as-a-service platform. We help companies build and manage secure REST APIs and monitor and test their solutions.
Each SOAP web service testing tool may use a slightly different approach, but here we will use Postman to demonstrate the basic steps for testing a SOAP service.
Postman is an open-source tool that you can use for both REST and SOAP. You can download the app here.
Once you have downloaded the app, you will want to open a new request tab by pressing the orange New button in the upper left corner of the screen and entering a name to save the file.
Once you have opened the new request tab, Postman will show you an address field where you can enter the URL. Postman offers a simple example for testing: https://postman-echo.com/get. You can also try anything in their list of free and public SOAP APIs. This permits you to enter a SOAP endpoint URL to make a request.
Then you will have to choose what type of request you want to make. There is a drop-down menu from which you can choose GET, POST, PUT, PATCH or DELETE. Postman’s default is GET. For the purpose of this test, select POST and use this URL: https://www.dataaccess.com/webservicesserver/NumberConversion.wso.
At the top of the request tab, there are several subsections including Params, Authorization Headers, Body, Pre-request Script, Tests and Settings. Under the Body tab, choose raw.
You will now be able to enter your XML. Any such entry must include the Envelope, Header and Body tags. You must also include any namespaces, the name of the operation and the values you want to post.
Postman automatically adds a content type header. The default is application/xml. You will have to check your SOAP service to know whether you need to use application/xml or if you should change it to text/xml. To do this, open the Headers tab next to the Body tab and view your hidden headers.
To do this, open the Headers tab next to the Body tab and view your hidden headers.
Then you have to deselect the Content-Type header, which is the default addition and add a new row with Content-Type in the Key column and text/xml in the Value column.
Now you simply have to press Send. If the action is successful, you can see the response in the lower tab as shown below.
You have finished testing your SOAP service. For some further testing, you can also perform schema validation in Postman. This will ensure that your XML syntax is correct and that all tags are properly opened and closed.
As with SOAP, there are a lot of options for REST testing. The processes may vary depending on the tool you use, but we will use SoapUI as the API testing tool in this example. Despite its name, you can utilize SoapUI for either SOAP or REST web services. It is perhaps the most commonly-used solution for REST services testing.
Like Postman, SoapUI is also open-source. You can download the tool for free here. After downloading, follow the installation directions. Once SoapUI is up and running, open your file. These are the steps for creating a REST project using the GET method from an endpoint.
SoapUI offers several different ways to get started. SoapUI automatically opens a REST dialog on startup that you can then use to work without creating a new project. You can disable this, however. The second is to click the folder icon marked REST in the upper left of your screen, opening your New REST Project dialog box. The third is to click Projects in the navigation panel and select New REST Project. The fourth is to use hotkeys. On Windows, the hotkey combination is CTRL+ALT+N, while in Mac OS it is CMD+ALT+N. Finally, you can simply press New Rest Project on the start page.
SoapUI offers several different ways to get started.
The result is that a box opens up for you to enter the URI. Using the URL that SoapUI offers for testing, https://petstore.swagger.io/v2/pet/findByStatus?status=available, will let you get started.
Now click OK. SoapUI automatically chooses a default Method (GET). The result will include a Service, Resource and Request.
You have made your first project and should now see the Request editor pictured below. Simply clicking the Green Play Button in the top left corner of the screen (indicated by the red arrow) will let you view the response in the right panel. The default is XML, so you will need to select the tab that correctly describes the language of your service. The options are XML, JSON, HTML or Raw. For this example you will select JSON, which is the most common for REST APIs.
In your left navigation pane, right-click on Request 1. Then choose the Add to TestCase option. Alternatively, you can simply use the hotkey combination CTRL+ALT+A.
You may need to create a new TestSuite simply by entering the name in the window that comes up and click Accept. You will also need to specify the TestCase name and set your specifications for adding the request to the TestCase.
The TestCase window will open. Press the Green Play Button again to view your response. You can then create your assertion.
With the TestCase window maximized, click on the Assertions tab as shown below and select the green plus symbol that appears to add the assertion.
Under the Property Content tab, click the Contains assertion and click Add.
Under the Property Content tab, click the Contains assertion and click Add.
A new window will appear. In this case, we must verify that ‘Petstore’ is present by entering it in the content box and pressing OK.
You can see You can see your new project and the web service operations available for your API in the Navigator. Double-click the name of the project or service to get an overview of each.
For performing deeper testing, take a look at SoapUI’s extensive documentation.
Dreamfactory also helps with API testing and monitoring as a comprehensive REST API management platform.
Several apps and services are available for SOAP and REST testing. Here is some additional information on four of the top options for SOAP and REST API testing.
The question of SOAP vs. REST does not have a definitive answer. Both have their place, along with some advantages and disadvantages–depending on your needs. Choosing which is right for you really depends on your environment, how you need to deploy APIs, and the programming languages you will be working in. An analysis of the pros and cons of both protocols would be prudent before you decide on either SOAP or REST. It’s quite likely you’ll find a need for both. Whichever protocol you pick, make sure you test your APIs regularly. Catching errors or security issues in a test environment before they make it into production can save you from disaster later on.
If the process of testing a SOAP service or REST web service looks pretty complex for you, you are not alone. Many companies outsource their API testing to an API management platform like DreamFactory. We provide Restful services to help you build IoT, mobile, and web applications. We also help you monitor and test APIs using little or no code. DreamFactory is available in the cloud or on-premise. We offer such powerful security options as Active Directory, OAuth2, Okta, and more.
If you are seeking a solution to generate customizable REST APIs and build secure SOAP services automatically, contact DreamFactory today and receive a free trial.
SOAP vs REST: What’s The Difference?
Join the DreamFactory newsletter list.