Web Service Security

Relevant for: API testing only

When building Web Service applications, there is a challenge in building scalable applications that are secure. You can secure Web Services by having the message sent over a secure transport, such as Secure Sockets Layer (SSL), or by applying security at the message level, also known as WS-Security.

For testing a secured service, answering the following questions will help you define your security scenario.

  • Is there transport security, such as SSL? What is the HTTPS URL?

  • Is basic authentication required?

  • Is mutual authentication required?

  • What type of security is required in the SOAP header?

UFT lets you set the security for a service on two levels—port or operation. If you define a security for a port, all of its methods use these settings, by default. When working in the canvas, you can override the default port security for a given test step and customize the security for a particular operation.

Note: You set the basic authentication information for your Web Service calls (including REST Service methods, HTTP Request, and SOAP Request steps) in the General tab of the Properties pane (for HTTP and REST method steps), the HTTP tab of the Security Settings dialog box, or Security tab in the Properties pane (for Web Service and SOAP request steps).