The SOAtest Smart API Test Generator enables you to capture traffic and create API tests from interactions with a web application. The test generator consists of a web proxy and a Chrome plug-in (traffic recorder). This tutorial includes the following topics:
In order to complete this tutorial, you will need remote access to a SOAtest desktop or server, as well as an Advanced Test Generation feature activated for your license. See SOAtest Smart API Test Generator for details.
Deploying the Smart API Test Generator Web Proxy
- Run the Smart API Test Generator installer for your platform: parasoft_soatest_smart_api_test_generator_<version>_win32.exe for Windows or parasoft_soatest_smart_api_test_generator_<version>_macos.dmg for installation on Mac OS. For Mac OS, double-click the SOAtest Smart API Test Generator.pkg once the installer is mounted.
- Accept the license agreement when prompted.
- Choose an installation location when prompted. Default is
C:\Program Files\Parasoft\SOAtest Smart API Test Generatoron Windows and
/Applications/Parasofton Mac OS.
- If you are on Windows, the installer will prompt you to install the SOAtest Web Proxy as a Windows service. This enables you to control the proxy using Windows services. The default port is 40090. Choose Yes and click Next.
- Choose Yes and click Next when prompted to install the SOAtest Traffic Recorder Chrome Extension. An Internet connection with access to the Google Chrome store is required.
- If you are on Mac OS, the installer will prompt you to confirm that you want to start the web proxy after installation, as well as start the proxy every time you log into the installation machine. The default port is 40090. Enable both options and click Continue. The web proxy must be running to use Smart API Test Generator. You can disable automatic startup later.
- Click Install to finish.
- The installer will look for the Parasoft Web Root Certificate Authority (CA) and prompt you to install the CA if it cannot be found. The CA is normally installed as part of a normal SOAtest or Virtualize desktop installation and is required for recording traffic over SSL (see Installation). Confirm that you want to install the CA if prompted and continue.
- Open your Chrome browser and enter
chrome://extensionsin the the address bar.
- Click the slider to enable the plug-in.
After enabling the plug-in, you will need to configure your connection to the SOAtest server.
Connecting to SOAtest Server
- Click the Parasoft icon that appears by the address bar. You can also right-click the icon and choose Options if you need to change the configuration later.
- Click the Options link to access the connection settings.
- Specify the following settings:
- Web Proxy API Port: 40090 (default).
- SOAtest host: machine name or IP address where SOAtest server is running.
- SOAtest port: port number for the SOAtest server host.
- If SOAtest server is configured to communicate over SSL, enable the Secure (HTTPS) option.
- Username/Password: your login credentials for SOAtest server.
- Click Test Connection to verify that the settings are correct and click Save to finish configuring the connection settings.
In this section, we'll create a set of test scenarios for the ParaBank demo application. We'll also demonstrate how to modify the test generation settings and how to teach the Smart API Test Generator to apply HTTP authentication, HTTP headers, and JSON assertion settings from Resource Templates. Start the ParaBank server before beginning this tutorial (see Setting Up ParaBank).
Scenario 1 - Logging In
Open ParaBank in your Chrome browser.
- Click the Parasoft logo and choose Start Recording.
- Log into the application (username: john, password: demo).
- Click the Parasoft logo and choose Stop Recording.
- Name the test "parabank-login" when prompted and click Create Test Asset.
- Click the confirmation dialog when prompted to open the test asset in CTP.
You can also view the asset in the SOAtest desktop
- Double-click Test 1 and review it's configuration. The test posts login credentials.
- Double-click Test 2 and review it's configuration. The test gets the account overview information.
- As long as the values remain constant, the tests will pass on consecutive executions.
Scenario 2 - Transfer Funds
- Log into Parabank start recording a new scenario.
- Click the Transfer Funds link and enter 100 in the Amount field.
- Set the default From and To account fields to account number 12345 and click Transfer.
- Stop recording and specify a name for the test (e.g., parabank-transfer) when prompted
- Create Test Asset and click the notification to log to view the test in CTP. You can also review the test in the SOAtest desktop. We'll use CTP for this scenario.
- You will be directed to the API Testing module to review the test. The test will appear in the users directory under your user name.
- Click test 1 ("GET parabank . . .") to review the configuration. The test is similar to Test 2 in the log in scenario, but a JSON Data Bank was added, which captures and stored the response values.
- Click test 2 to review the configuration. The transfer data is appended to the API call URL.
- Rerun the tests. The tests will fail.
- Click on the View Report link to investigate the errors.
- There are several problems, but the most important is the 401 error, which refers to unauthorized access. Click the View Traffic link for details. The response shows that SOAtest could not log on to execute the scenario.
- Click test 1 in the transfer scenario and enable the Enable HTTP authentication option.
- Specify the login credentials and save your changes.
- Rerun the test. Test 1 passes, but test 2 still fails because the authentication settings have not been configured for that particular test. Specify the authentication settings as you did for test 1.
- We want a more scalable way to enable authentication for future tests, so we'll train the Smart API Test Generator to enable authentication settings for all tests generated for the selected endpoints. In the SOAtest desktop, right-click the parabank-transfer.tst file and choose Train Smart Test Generator.
- Confirm that the HTTP authentication settings will be added to the Smart API Test Generation Resource Template when prompted.
- Click on the new resource in the Smart Test Templates view and verify that authentication settings appear.
We'll record another scenario to verify that the authentication settings are used.
Scenario 3 - Open New Account
- Log into ParaBank and start recording a new scenario.
- Click the Open New Account link and specify that you want to open a new checking account using funds from account 12345.
- Click Open New Account and stop recording.
- Specify parabank-new-account as the name for the new asset when prompted and click Create Test Asset.
- Log out of ParaBank and view the new test asset in SOAtest desktop or in CTP. You'll see that the HTTP authentication settings have been included in the tests, even though we logged in before recording the scenario.
- Execute the tests, which fail because the balances associated with the accounts change each time the test executes.
- If the change in value is unimportant, you could delete the Diff tools that were generated with the test so that the initial values aren't considered.
- Re-run the test and it will now pass. See Configuring Test Creation for details on how to configure the Diff and JSON Assertor tools are handled during test generation.
- Rerun the parabank-login test. Test 2 will fail because the values returned in the response have changed.
- Delete the Diff tool and rerun the test. It will pass.
- Although we are not concerned about the values returned by the GET call at this phase, we want to verify that the call returns data by adding a JSON Assertor. Right-click Test 2 and choose Add Output... in the SOAtest desktop.
- Choose Response> Traffic in the left panel and choose JSON Assertor in the tool selection panel.
- Click Finish and click the Configuration tab.
- Click Add and choose Has Content Assertion from the Structure Assertions folder.
- Click Next and choose an id element.
- Click Next and choose the "Apply to All "item[*]" option so that the assertor is applied to all siblings in the response.
- In the Configuration tab, choose Fixed from set the Has content drop-down and set the value to
- Save your changes and run the test.
- The test passes, but we want to ensure that all generated tests assert that on id elements in the same way. Right-click on the test and choose Train Smart Test Template.
- Review the changes and click OK.
- A JSON Assertor tool is added to the Resource Template. The tool is configured to use the values from traffic.
- Create a new test called
parabank-login2following the process described in Scenario 1 -Logging In.
- The test will have the authentication and assertion settings configured in the Smart Test Templates.
- Run the test to verify that it passes.
Configuring Test Creation
Tests that have Diffs and JSON Assertor tools expect specific values during test execution. If your test scenario does not require specific values, you can prevent the web proxy from creating these tools automatically by disabling them in the tst_creation.properties configuration file. See Advanced SOAtest Smart API Test Generator Configuration for details.
- Open the configuration file. The file is locate TestAssets directory of the SOAtest desktop workspace. If you use CTP instead of the SOAtest desktop to create and execute API tests, you can configure the tst_creation.properties file shipped with the SOAtest Smart API Test Generator in its installation directory. For Mac OS, you will need to right-click the SOAtest Web Proxy application icon and choose Show Package Contents.
- Uncomment the
disableAssertorCreationproperties and set it to
- Save the file
- You can verify the test creation settings by creating a new test.