SoapUI OSS - Demo of how to design an end-to-end test using a live service

exercise_soapui_bankground.md

Exercise - Create E2E (end to end) test in SoapUI for Bankground API

This api can be tested from a live server online or from a docker container.

repo

10K Overview

1. Import api definition
2. Explore and analyze the api endpoints, site and documentation
3. Business case analysis - How could users interact with this api?
4. Create test scenarios in plain English
5. Find api endpoints that match up with each scenario
6. Build the test in SoapUI
7. Look at ways to make it more automation-friendly

1. Import API to SoapUI

Download OpenAPI file ("openapi":"3.0.2", json format)

Unfortunately SoapUI has a bug where it cannot directly consume this version of OpenAPI from Json. however it does work for Yaml format.

Open Swagger online editor https://editor.swagger.io/#/

Copy paste the open API json into editor and “convert to yaml”

• this also provides a human readable view

In soapUI, open an EMPTY Project type. REST project type currently does not work

Right-click and use “import openAPI spec file” > Soapui creates an interface with all the endpoints (currently there are 8 )

In SoapUI, open Interface editor. Check Endpoints > empty That means we will need to define a baseURL to use this api

If the Interface was created correctly, open Interface Editor and generate a TestSuite

• Since we do not yet have an end-to-end test, defer creation of a Load test

2. Explore and Read about the api

• Return to docs and open the REST tutorial https://bankground.eu/tutorial/accounts/
• Note the options available in menu Authorization Accounts Transactions API Definition
• baseUrl = https://bankground.apimate.eu
  • Add this baseURL to your SoapUI Project in the Interface Editor > Endpoints tab
• Peruse the site for this api to get familiar with the content
• Try out requests (using SoapUI, cURL, Swagger-UI page, etc)
  • In soapui, this can be done with the Endpoint Explorer or TestStep Editor
• If there are errors, lean on SoapUI docs, alternate tools (ex. cURL), Smartbear Community and web searches to find root causes

3. Business Analysis - Ask How could users interact with this API? (human or machine)

Take inventory of the endopints and resources available. Make sure you understand the order in which things can be done.

ex. 
- To use any of these endpoints, you need a User
- The User must login in order to do anything
- All requests sent by the User must have a Bearer token

4. Create some scenarios for the User that would model real behavior

ex. 
1. Create user account. Save your password so you can use it later
2. Login to the site (authenticate). Save the token for later.   
3. verify your User details 
4. Create an Account
5. Verify Account details are correct
6. Add money to the account
7. Check the balance

5. Match each step with API operations that support the scenario

1. Create user => POST /users

• provide a payload as per the openapi doc

2. Login => POST /token

• watch out for the Media Type in your payload

3. Verify User => GET /user

4. Create an Account => POST /accounts

5. Verify Account details => GET /accounts/{account_id}

6. Fund the account => POST /accounts/{account_id}

• pay special attention to the request and response schema values for this request

7. Check Account balance => GET /accounts/{account_id}

6. Build tests In SoapUI

1. Create a new TestSuite named "End-to-End-Test".
2. Name it after this business scenario
3. In the TestCase, add a REST request TestStep for each step from the business process

7. Automation Modifications

1. Get the test working with hard-coded values
2. Identify where the values are located and how they are used. This will determine which SoapUI component is most appropriate.

• Property Transfer
• Property Expansion
• Groovy Script

Highlights from Analysis

Create User Endpoint

Each page is well linked to point out the appropriate action you need to take. ex. Transactions -> Accounts -> Authorization

• by creating a user, we establish our identify with the system (the authentication)

/users operation

• POST http method is used to create a record

• the payload is empty, so we'll need to send a Json formatted payload. See the swagger doc for examples.

• use the SoapUI Endpoint Explorer or Interface Request Editor to submit a request to the server

• example response (new User)

HTTP/1.1 201 Created
Date: Fri, 10 May 2024 19:02:08 GMT
Server: Apache
content-length: 139
content-type: application/json
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

{"first_name":"Martha","last_name":"Marsalis","email":"[email protected]","company":"APImate","last_login":"2024-05-10T19:02:09.234351+00:00"}

Token (Security)

A specific header and format is needed for the payload of this request.

header -Content-Type:application/x-www-form-urlencoded

payload/body - Media Type -> application/x-www-form-urlencoded

• this is an adHoc value that you can type into the Dropdown list

• for more details on this format, see this article

• encoded format will look like this: [email protected]&password=hello_goodbye

• sample request using cURL

curl -X 'POST' \
  'https://bankground.apimate.eu/token' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'username=mm%40example.net&password=hello_goodbye'

Server returns a token that can be sent with any subsequent requests of the API

Other Endpoints

todo: try these out on your own. Use the Swagger-UI doc and website as references.

Delete Account

This is a less common request. please do try it out

References

• SUT https://bankground.eu/tutorial/api_definition/

• Tutorial

• swagger online editor https://editor.swagger.io/#/

• smartbear docs https://smartbear.com/ppc/ebooks/beginners-guide-to-rest-testing/?_gl=1*1rqzap2*_gcl_au*MTkxNjM0NDAyMC4xNzA5ODY4NzIy&_ga=2.43907943.351673814.1715370561-99489630.1709868976

https://www.soapui.org/docs/rest-testing/working-with-rest-requests/?sbsearch=http%20POST%20form

• javadocs https://www.soapui.org/apidocs/soapui/index-all.html