Test

After API access is approved you can test the application in your sandbox or using the SOA Software Open Dev Console, and monitor performance using the SOA Software Open Charts and Logs performance monitoring tools.

What application testing tools does SOA Software Open provide?

How do I test my app in my sandbox?

What are some sample REST clients I can use to test my API?

What is the SOA Software Open Developer Console?

How do I test my app in the SOA Software Open Dev Console?

How do I test authorization of my app with OAuth using the Dev Console?

What application testing tools does SOA Software Open provide?

SOA Software Open provides the following application testing tools:

Dev Console

The SOA Software Open Developer Console (Dev Console) is a web-based REST client that allows you to test different APIs in the context of an application. It is accessible on the Apps > Dev Console page of all apps you add to SOA Software Open. It is accessible on the Apps > Dev Console page of all apps you add to SOA Software Open.

Performance Monitoring

The My Apps > Monitor section includes reporting tools for monitoring performance of your app. Based on real-time data reported through the monitoring tools, you can troubleshoot potential problems with your app and/or API.

Back to top

How do I test my app in my sandbox?

When you submit an API Access Request and receive an approval from the SOA Software Open Team, you are given access to an Sandbox Endpoint that you can use in your testing environment. Common areas to test include testing the behavior of apps with API calls to verify that the app is behaving as expected, testing an app with simulated transactions and data, checking that the flow of information to the app is predictable (i.e., the expected information in the expected format), check that the app is processing the API results correctly, and test error handling and usability.

By using a testing environment, you can experiment with different scenarios and make adjustments as needed to make sure that your app works as expected with the API.

Back to top

What are some sample REST clients I can use to test my API?

Examples of test clients you can use to send REST requests include: Google rest-client, RESTClient Firefox Add-on or soapUI.

Back to top

What is the SOA Software Open Developer Console?

The SOA Software Open Developer Console (Dev Console) is a web-based REST client that allows you to test different APIs in the context of an application. It is accessible on the Apps > Dev Console page of all apps you add to SOA Software Open.

When an API is added to SOA Software Open it is assigned an "API Consumer Application Security Policy" that is used to identify (authenticate) the application that is attempting to consume an API to determine if it is authorized or not. This policy type supports multiple mechanisms for the App to present its identity, including plain text App Id, signed header with x.509 or a shared secret, or OAuth (1.0 or 2.0). This is the default policy assigned to all APIs. Your policy administrator can add additional custom security policies based on your requirements.

When your application is connected to an API (through the API Access Request process), the application security credentials you've assigned to your app (via App Details > Security Credentials) work in conjunction with the API security policies. The request message that is sent to the API must obey the security policies assigned to the API or the request will be rejected.

The  Dev Console allows you to test different APIs in the context of an application so you can verify if you can use the API with your app.

For example, you may want to:

  1. Determine what is needed to send a request to an API.
  2. Verify if you can successfully send a request to an API.
  3. If your application is failing, verify if there is an issue in either the API or app.

    For example, if your app sends a request message to the API and it is rejected, you could receive errors if the security credentials in your app do not match those configured in the API policy (i.e., your app is configured with a SHA1 - Shared Secret, but the API Policy is configured with SHA with RSA - PKI). In this instance the security credential types would need to match.
  4. Test different operations in your app.

Before using the Dev Console, you must:

  1. Identity an API you would like to test with your app. This API can be one that is already available in SOA Software Open, or can be one that you've added using the Add a New API function via the Plus Menu.
  2. Add an app to SOA Software Open. This can be done using the Add a New App function via the Plus Menu. Make sure that you've assigned the desired security credentials in the App Details > Security Credentials section.
  3. Submit an API Access Request (via the Access link on the API Details page) for the API you would like to test with your app. The API Access Request must be approved by the API Administrator and activated before you can begin testing the API with the Dev Console. After your API Access Request has been approved and activated it will be available for use via the Dev Console.

The Dev Console includes an API drop-down that displays a list of all the API's your app is currently connected to. When you select an API from the drop-down, SOA Software Open analyzes the API configuration and the security policies assigned to the API and populates the fields with the appropriate information. After the Dev Console is populated, you configure each test case and click Run It.

The following illustration shows the Dev Console with the Bing VirtualEarth API loaded. Continue to How do I test my app in the SOA Software Open Dev Console? for a example walkthrough that illustrates how to test your app with the Dev Console.

Back to top

How do I test my app in the SOA Software Open Dev Console

The following procedure provides a typical example of how to use the SOA Software Open Dev Console to test your app. For more examples of how to test your app using the Dev Console, you can experiment with many of the popular API's that are currently available on this site. Many APIs include "Getting Started" documentation in the API > Documentation section that includes custom Dev Console testing procedures illustrating a variety of different test scenarios.

Part 1: Run REST Operation with Params:

The following example illustrates how to establish a GET request and verify the response header and content. The example uses the Facebook API.

Pre-conditions

  1. Add the "API User Security Policy" and "API Consumer Application Security Policy" to the Operational Policies folder of the Policy Manager SOA Software Open Tenant Organization.
    • Use the Policy Manager Copy Policy function, change the policy key, and then use Change Organization to move the policy to the SOA Software Open Tenant Organization.
  2. Add a REST API to SOA Software Open that includes an Operation with a GET Method. Specify the following parameters:

    Field Description
    API Name

    Facebook

    Version

    1.0

    Tag

    REST, 1.0, v1, Facebook

    API Description

    Connect to the social network with Graph API.

    Target URL

    https://graph.facebook.com

    Environment

    Production

    Advanced Option

    User REST operation, add an operation called "get_photo_album" with GET method and path=/{album}

    Advanced Option

    Select the two policies added in Step #1.

    CNAME

    Facebook.<host>

  3. Add an app and request access the the API added in the Step #2.

Procedure

  1. Use the Target URL (https://graph.facebook.com) of the API and open an existing Facebook account (using your login information)
  2. Copy the Album ID from the URL, the use a Rest Client to run this URL: https://graph.facebook.com/<album_id>
    • A set of response Header and Body will be returned.
  3. Go to App > App Name > Dev Console, and select the requested API from the API drop-down menu.
    • Note that the details of the API (End Point, Operation, Method, Accept, Content-Type, Path, Proxy URL, and Target URL) will be automatically filled in.
  4. Fill in the "Value" field with the <album_id> that was grabbed in Step #2.
    • Verify that the <album_id> is added to the Proxy and Target.
  5. Go to https://developers.facebook.com/apps, and create an app in Facebook.
  6. Copy the App ID and App Secret and paste to the App > Dev Console. Click on Get Token.
    • Note that the Access Token is generated.
  7. Click Run It.
    • Verify that a set of response Header and Body is returned.
  8. Compare result in Step #7 with Step #2.
    • Content for Header and Body should be consistent.

Part 2: Run REST Operation with Full URL:

The following example illustrates how to establish a GET request with Params and verify the response header and content. The example uses the Facebook API.

Pre-conditions

  1. Edit the API created in Example #1: Run REST Operation with Params by adding in the parameter <album_id> to the Target URL. Note, grab <album_id> from Example #1: Run REST Operation with Params > Procedure > Step #2.
Procedure

  1. Go to My Apps > App Name > Dev Console and select the API from the API drop-down menu.
    • Note that the details of the API (End Point, Operation, Method, Accept, Content-Type, Path, Proxy URL) are automatically filled in.
  2. Go to https://developers.facebook.com/apps, and create an app in Facebook. Copy the App ID and App Secret and paste to App > Dev Console. Click on Get Token.
    • Note that the Access Token is generated.
  3. Leave the "Value" field blank and then click Run It.
    • Verify that a set of response Header and Body returned.
  4. Verify the results.
    • Content for Header and Body are valid.

Back to top

How do I test authorization of my app with OAuth using the Dev Console?

The following procedure provides a simple example of how to use the SOA Software Open Dev Console to test authorizing your app with OAuth and then subsequently sending a request.

Pre-conditions

  1. Your app must be connected to the API. See How do I add APIs to my app?
  2. The API the app is connected to must be configured with an OAuth Provider.
  3. Your app security credentials must be configured to correctly support the OAuth Provider configuration that the API is using.

Procedure

  1. Go to App > App Name > Dev Console, and select the API from the API drop-down menu.
    • Note that the details of the API (End Point, Operation, Method, Accept, Content-Type, Path, Proxy URL, and Target URL) will be automatically filled in.
    • The "Security Method" will display the OAuth version the API is configured with (i.e., OAuth 1.0a or 2.0)
  2. If the API OAuth configuration does NOT use the Authentication Code grant, copy the App ID and App Secret and paste to the App > Dev Console. If the API OAuth configuration DOES use the Authentication Code grant, you do not have to copy in the App ID and App Security. Click on Get Token.
    • The Access Token is generated and the login screen associated with the OAuth Provider the API is configured with displays.
  3. Enter the login credentials and submit. An app authorization screen displays that typically includes some type of authorize option and can optionally include fields for entering any custom grant properties data. These screens are unique for each application.
  4. Enter any grant property values, and click Authorize. A token is given to the application and an authorization successful message is returned. The application can then use this token to start sending requests.
  5. To test sending a request to the application, click Run It.
    • Verify that a set of response Header and Body is returned.