Home
Tester Guide
This guide describes the tasks that you can perform for testing various domains, technologies, and applications. To enable testing, you must configure and enable the environment for testing.
Tester Guide - API Testing
This guide describes the tasks that you can perform for testing various domains, technologies, and applications. To enable testing, you must configure and enable the environment for testing. This guide is intended for API testers.
API Testing
You can use find information about the tasks that you can perform for testing various domains, technologies, or applications.
Testing with the HTTP transport
To provide support for HTTP-based communications, you must configure and run HCL OneTest™ API by using the HTTP transport and SOAP message formatters.
Web services
To provide support for HTTP-based communications and communicate with Web Services, you must configure and run HCL OneTest™ API by using the HTTP transport and SOAP message formatters.
Web services security actions
HCL OneTest™ API supports the use of one or more security actions that can be layered on top of one another in an outgoing SOAP message.
Adding user tokens
You can add user tokens if you want a simple user name and password authentication.

Tester Guide
This guide describes the tasks that you can perform for testing various domains, technologies, and applications. To enable testing, you must configure and enable the environment for testing.
- Tester Guide - API Testing
  This guide describes the tasks that you can perform for testing various domains, technologies, and applications. To enable testing, you must configure and enable the environment for testing. This guide is intended for API testers.
  - API Testing
    You can use find information about the tasks that you can perform for testing various domains, technologies, or applications.
    - Testing Java™ applications
      You can use HCL OneTest™ API to test Java™ applications.
    - Testing Java™ Message Service (JMS) systems
      Use the generic JMS plug-in to connect HCL OneTest™ API to a wide range of EAI platforms, which includes any vendor that provides an implementation of this Java™ standard. JMS provides a way of separating the application from the transport layer of providing data. The same Java classes can be used to communicate with different JMS providers by using the JNDI information for a specific provider. The classes first use a connection factory to connect to the queue or topic, and then use populate and send or publish the messages. On the receiving side, the clients then receive or subscribe to the messages
    - Testing Java™ objects
      You can import Plain Old Java™ Objects (POJOs) from JAR files into HCL OneTest™ API in order to parse and construct messages containing the serialized forms of those objects. You can construct and parse the Java objects and perform validation, but you cannot test the objects directly.
    - Testing with Apache Camel components
      You can use HCL OneTest™ API to create tests and stubs by setting up an Apache Camel component in an HCL OneTest API project. You can configure the technology endpoints supported by the Camel component as the physical resources in the HCL OneTest API project and test for the services provided by the technology.
    - Testing with Apache Kafka
      Starting from HCL OneTest™ API 10.0.2 and later, you can create Kafka transports to test Kafka services.
    - Testing with Docker
      You can use Docker containers with HCL OneTest™ API to run stubs co-located with your test systems.
    - Testing with the email transport
      When you use applications in your test environment that use email services, you can use HCL OneTest™ API to create tests and stubs for testing the email services. You can set up an email transport in an HCL OneTest API project and configure the email servers as the physical resources in the HCL OneTest API project, and then test the email services.
    - Testing with Envoy Proxy (Experimental)
      You can use HCL OneTest™ API to record the HTTP traffic on the Envoy Proxy by using the Experimental HTTP Tap Filter feature of the Envoy Proxy.
    - Testing with the File transport
      As with any other transport, the File transport includes both logical and physical configurations. Tests and stubs are associated with the logical File resource, which represents an abstraction of the File resource and is the same for all environments. The physical File Access configuration includes connection details, and you can configure a different physical File Access for each environment.
    - Testing with the FIX transport
      You can use the Financial Information eXchange (FIX) transport and FIX dictionaries in HCL OneTest™ API to help you test trade-related messages and the systems that use them.
    - Testing with the HTTP transport
      To provide support for HTTP-based communications, you must configure and run HCL OneTest™ API by using the HTTP transport and SOAP message formatters.
      - Adding a synchronization source
        You can add any of the available synchronization sources to automatically create the resources that are required for testing the API that the definition describes.
      - WADL documents
        A Web Application Description Language (WADL) document is a machine-readable XML description of HTTP-based web applications (typically REST web services). WADL models the resources provided by a service and the relationships between them.
      - Swagger definitions
        A Swagger definition specifies a set of metadata that describes a REST API.
      - RAML definitions
        A RAML definition specifies a set of metadata that describes a REST API.
      - OpenAPI 3.0 definitions
        An OpenAPI 3.0 definition specifies a set of metadata that describes a REST API.
      - Common Schema Definition Language definitions
      - Web services
        To provide support for HTTP-based communications and communicate with Web Services, you must configure and run HCL OneTest™ API by using the HTTP transport and SOAP message formatters.
        Web services
        To test HTTP communications that are web services, you must understand W3C and what W3C standards/technologies can be configured with HCL OneTest™ API.
        WSDL documents
        A Web Services Description Language (WSDL) document is a schema that describes a web service, including information on how to locate that service and what operations are supported. Within HCL OneTest™ API, a WSDL document enables users to construct a SOAP message that can be sent to a web service and to construct a template message in order to validate replies from web services.
        Web services security actions
        HCL OneTest™ API supports the use of one or more security actions that can be layered on top of one another in an outgoing SOAP message.
        Adding user tokens
        You can add user tokens if you want a simple user name and password authentication.
        Adding timestamp tokens
        You can add timestamp tokens if you want to define a period during which the SOAP envelope is valid.
        Adding binary tokens
        You can add binary tokens if you want authentication by using a keystore and certificate alias.
        Adding signatures
        You can add signatures if you want to apply signature authentication to the header and body elements of a SOAP message.
        Encrypting SOAP messages
        You can add encrypt the header and body of a SOAP messages if you want web services security by using encryption.
        Decrypting SOAP messages
        To avoid console errors, you must decrypt incoming SOAP messages if any are encrypted.
        Validating signatures
        You can validate signatures in the incoming SOAP messages by using the signature validation option.
        Adding LTPA tokens
        You can add a Lightweight Third-Party Authentication (LTPA) token to a SOAP message if you want LPTA token authentication.
      - HTTP transport
        HCL OneTest™ API provides access to HTTP and HTTPS-based communications through an extension of its transport mechanism.
      - Troubleshooting: HTTP and Web Services
        You can use workarounds to common problems that you might encounter when you use HTTP and Web Services.
    - Testing with IBM® API Developer Portals
      You can configure HCL OneTest™ API to synchronize IBM API Connect™ Developer Portal resources or IBM® API Management Developer Portal resources.
    - Testing with IBM® App Connect Enterprise
      When you want to test the services on applications deployed by the integration node of IBM® App Connect Enterprise, you can use the synchronization feature in HCL OneTest™ API to import details of deployed applications into an HCL OneTest API project. You can select the tests and stubs to be created in your project during the synchronization process in HCL OneTest API.
    - Testing with IBM® Integration Bus
      When you want to test the services on applications deployed by the integration node of IBM® Integration Bus, you can use the synchronization feature in HCL OneTest™ API to import details of deployed applications into an HCL OneTest API project. You can select the tests and stubs to be created in your project during the synchronization process in HCL OneTest API.
    - Testing with IBM® WebSphere® Application Server
      You can configure HCL OneTest™ API to synchronize IBM® WebSphere® Application Server resources.
    - Testing with IBM® WebSphere® MQ messages
      You can test WebSphere® MQ messages using the WebSphere MQ transport method or JMS interface. HCL OneTest™ API also supports testing WebSphere MQ on z/OS systems.
    - Testing with WebSphere® Portal
      You can configure HCL OneTest™ API to synchronize IBM® WebSphere® Portal resources.
    - Testing with IBM® z/OS® Connect Enterprise Edition
      IBM® z/OS® Connect Enterprise Edition provides a framework for enabling z/OS®-based programs and data to fully participate in the new API economy for mobile and cloud applications. Use IBM® z/OS® Connect Enterprise Edition to access z/OS subsystems, such as CICS®, IMS™ and Batch, by using RESTful APIs with JSON formatted messages. You can access multiple z/OS subsystems concurrently through a common interface.
    - Testing with Istio
      When you have applications hosted in a Kubernetes cluster that have Istio as a service mesh, you can virtualize the services in the cluster by creating stubs and tests for testing with Istio in HCL OneTest™ API.
    - Testing with Kubernetes
      HCL OneTest™ API supports testing with Kubernetes after you set up a Kubernetes cluster. You can test the containerized applications that run as services in Kubernetes in HCL OneTest API. You can also create and publish stubs from HCL OneTest API to Kubernetes and then run the stubs in Kubernetes.
    - Testing with Microsoft™ .NET objects
      You can import serializable .NET objects from .NET assembly files (.exe or .dll) into HCL OneTest™ API and apply them to messages in the same way as you would apply a schema. A service-based test or stub can then send and receive a message containing a serialized form of a .NET object from the assembly file. You can construct and parse the .NET objects and perform validation, but you cannot test the objects directly.
    - Testing the migrated Postman collections
      You can migrate Postman collections and environments that you created in Postman to HCL OneTest™ API. Operations, transports, tests and stubs are automatically created during migration and you can run the tests and stubs in HCL OneTest API.
    - Testing with MongoDB
      If you are using HCL OneTest™ API 9.5.0 or later, you can create MongoDB transports and run tests against them.
    - Testing with the MQ telemetry transport
      If you are using HCL OneTest™ API 8.6.0 or later, you can create MQ telemetry transports.
    - Testing with Oracle Fusion
      Configure and run HCL OneTest™ API with the Oracle Fusion plug-in, which provides support for synchronization with and testing of the web services and composites that are available on a configured SOA server (that is, an Oracle WebLogic server with Oracle SOA Suite 11g deployed on it).
    - Testing with RabbitMQ
      If you are using HCL OneTest™ API 9.2.1.1 or later, you can create RabbitMQ transports.
    - Testing with SAP applications
      You can use HCL OneTest™ API to test SAP application server resources.
    - Testing with Software AG CentraSite
      You can incorporate governance in your SOA by using the integration of HCL OneTest™ API with Software AG CentraSite.
    - Testing with Software AG Universal Messaging
      You can use HCL OneTest™ API API to test Software AG Universal Messaging Broker server resources. From HCL OneTest API 10.0.2 or later, you can create Software AG Universal Messaging Broker transports, configure and run HCL OneTest API with the Software AG Universal Messaging server.
    - Testing with Software AG webMethods
      You can configure and run HCL OneTest™ API with the Software AG webMethods Integration Server to connect to Software AG webMethods Broker and Integration Server resources.
    - Testing with SSL
      To provide secure connections between clients and servers during testing, you can use the Secure Sockets Layer (SSL) technology supported by HCL OneTest™ API.
    - TCP and UDP
      In HCL OneTest™ API, you can create transports that facilitate communication between clients and servers by using both TCP- and UDP-based sockets.
    - Testing with TIBCO applications
      To use HCL OneTest™ API to test TIBCO messaging, you must configure and run HCL OneTest API with the TIBCO messaging plug-in. Doing so supports TIBCO Rendezvous messaging ("plain" TIBCO Rendezvous messaging and TIBCO ActiveEnterprise (AE) formats), TIBCO EMS messaging, and sending and receiving AE messages by using TIBCO EMS.
    - Testing applications on z/OS®
      You can test applications on IBM® z/OS® systems by using the capabilities that are supported for mainframes by HCL OneTest™ API.
    - Managing credentials
      If you have external resources that must be accessed by project or test resources in HCL OneTest™ API and you do not want to expose the credentials used to access the external resources, then you can implement a user-defined access in a credential management system.
    - Configuration of virtual IP addresses as virtual clients
      You can find information about how to configure virtual IP addresses in the operating system, and then use the virtual IP addresses to configure them as virtual clients in tests or as virtual servers in stubs.
    - Configuration of test runs in a GitHub Actions Workflow
      You can configure test runs of test resources that you create in HCL OneTest™ API in a GitHub Actions Workflow. You can choose to run test resources in the GitHub Workflow when you do not want to run the test resources without opening HCL OneTest API.
    - Security vulnerabilities testing by using HCL® AppScan
      You can use HCL® AppScan to scan all HTTP traffic that is generated as part of integration testing in HCL OneTest™ API for security vulnerabilities.
  - Extending HCL OneTest™ API functionality by using custom functions
    You can add more calculations and operations to tests by using the HCL OneTest™ API custom function class. HCL OneTest API custom function is a Java™ class that extends the com.ghc.ghTester.expressions function.
  - Working in non-GUI mode
    You can use the tools and executable files that are provided along with the product software. You can use these tools to perform different test actions in a non-GUI mode.
- Tester Guide - Service Virtualization
  This guide describes the tasks that you can perform for using virtual services or stubs to simulate parts of an environment if the real services are not yet available or because they are difficult or expensive to use. This guide is intended for API Testers.

Adding user tokens

You can add user tokens if you want a simple user name and password authentication.

About this task

To add a user token:

Procedure

Open a SOAP message for editing.
Right-click the message node, and then click Properties.
Click the WS-Security tab.
Select the Enable check box.
Select User Token from the list. The User Token editor is displayed.

A user token adds a <wsse:UsernameToken> element to the SOAP header. At a minimum, the user token defines a user name and password to authenticate the SOAP message.

More (optional) steps can be taken to further secure the token and the message (that is, password digest, nonce, created, actor/role, and mustUnderstand).

Note: If you want to sign a SOAP body with a User Token, the token must include the Nonce and Created elements.

The following fields and options are part of the user token.


Field	Description
Transformation Name (Required)	User-defined name for the security action (helps identify the action in the main list).
Username (Required)	User name to include with the token.
Password (Required)	Password for the corresponding user name.
Apply digest algorithm to password	If enabled, encrypts the clear-text password by using the nonce and created elements.
Generate Nonce	A random number that makes the message more unique, designed to prevent relay attacks (that is, by replaying recorded SOAP packets). This option is enabled automatically if a digest is applied to the password.
Created	Adds a timestamp to the outgoing message. This option is enabled automatically if a digest is applied to the password.
Millisecond precision for timestamps	If enabled, the timestamp for the <wsu:Created> element is generated with milliseconds (2009-03-31T02:41:16.817Z). If disabled, the timestamp is generated without milliseconds (2009-03-31T02:41:16Z).
Actor	Indicates a specific message receiver (either the ultimate receiver or an intermediary). For each actor/role that is defined (that is, in multiple tokens), a separate security header is added to the SOAP header.
Must understand	If enabled, makes the SOAP header mandatory for the specified actor/role. In this case, either the header block must be processed or the entire SOAP message is ignored, and a SOAP fault must be generated. If not enabled, the specified actor/role may or may not process the SOAP header