Home
Tester Guide
This guide describes the tasks that you can perform for testing various domains, technologies, and applications. To enable testing, you must configure and enable the environment for testing.
API Tester Reference
This guide provides the topics to help the API tester use the product by using the user interface, commands or scripts. This guide is intended for API testers.
API Tester Guide
This guide describes the tasks that you can perform for testing various domains, technologies, and applications. To enable testing, you must configure and enable the environment for testing. This guide is intended for API testers.
Testing with the HTTP transport
To provide support for HTTP-based communications, you must configure and run HCL OneTest™ API by using the HTTP transport and SOAP message formatters.
Web services
To provide support for HTTP-based communications and communicate with Web Services, you must configure and run HCL OneTest™ API by using the HTTP transport and SOAP message formatters.
Web services security actions
HCL OneTest™ API supports the use of one or more security actions that can be layered on top of one another in an outgoing SOAP message.
Validating signatures
You can add validate signatures of incoming SOAP messages if you want authentication by using signature validation.

Tester Guide
This guide describes the tasks that you can perform for testing various domains, technologies, and applications. To enable testing, you must configure and enable the environment for testing.
- API Tester Reference
  This guide provides the topics to help the API tester use the product by using the user interface, commands or scripts. This guide is intended for API testers.
  - API Tester Guide
    This guide describes the tasks that you can perform for testing various domains, technologies, and applications. To enable testing, you must configure and enable the environment for testing. This guide is intended for API testers.
    - Testing Java™ applications
      You can use HCL OneTest™ API to test Java™ applications.
    - Testing Java™ Message Service (JMS) systems
      Use the generic JMS plug-in to connect HCL OneTest™ API to a wide range of EAI platforms, which includes any vendor that provides an implementation of this Java™ standard. JMS provides a way of separating the application from the transport layer of providing data. The same Java classes can be used to communicate with different JMS providers by using the JNDI information for a specific provider. The classes first use a connection factory to connect to the queue or topic, and then use populate and send or publish the messages. On the receiving side, the clients then receive or subscribe to the messages
    - Testing Java™ objects
      You can import Plain Old Java™ Objects (POJOs) from JAR files into HCL OneTest™ API in order to parse and construct messages containing the serialized forms of those objects. You can construct and parse the Java objects and perform validation, but you cannot test the objects directly.
    - Testing with Camel components
      You can use HCL OneTest™ API to create tests and stubs by setting up an Camel component in an HCL OneTest API project. You can configure the technology endpoints supported by the Camel component as the physical resources in the HCL OneTest API project and test for the services provided by the technology.
    - Testing with Apache Kafka
      Starting from HCL OneTest™ API V10.0.2 and later, you can create Kafka transports to test Kafka services.
    - Testing with Docker
      You can use Docker containers with HCL OneTest™ API to run stubs co-located with your test systems.
    - Testing with the email transport
      When you use applications in your test environment that use email services, you can use HCL OneTest™ API to create tests and stubs for testing the email services. You can set up an email transport in an HCL OneTest API project and configure the email servers as the physical resources in the HCL OneTest API project, and then test the email services.
    - Testing with Envoy Proxy (Experimental)
      You can use HCL OneTest™ API to record the HTTP traffic on the Envoy Proxy by using the Experimental HTTP Tap Filter feature of the Envoy Proxy.
    - Testing with the File transport
      As with any other transport, the File transport includes both logical and physical configurations. Tests and stubs are associated with the logical File resource, which represents an abstraction of the File resource and is the same for all environments. The physical File Access configuration includes connection details, and you can configure a different physical File Access for each environment.
    - Testing with the FIX transport
      You can use the Financial Information eXchange (FIX) transport and FIX dictionaries in HCL OneTest™ API to help you test trade-related messages and the systems that use them.
    - Testing with the HTTP transport
      To provide support for HTTP-based communications, you must configure and run HCL OneTest™ API by using the HTTP transport and SOAP message formatters.
      - Adding a synchronization source
        You can add any of the available synchronization sources to automatically create the resources that are required for testing the API that the definition describes.
      - WADL documents
        A Web Application Description Language (WADL) document is a machine-readable XML description of HTTP-based web applications (typically REST web services). WADL models the resources provided by a service and the relationships between them.
      - Swagger definitions
        A Swagger definition specifies a set of metadata that describes a REST API.
      - RAML definitions
        A RAML definition specifies a set of metadata that describes a REST API.
      - OpenAPI 3.0 definitions
        An OpenAPI 3.0 definition specifies a set of metadata that describes a REST API.
      - Common Schema Definition Language definitions
      - Web services
        To provide support for HTTP-based communications and communicate with Web Services, you must configure and run HCL OneTest™ API by using the HTTP transport and SOAP message formatters.
        Web services
        To test HTTP communications that are web services, you must understand W3C and what W3C standards/technologies can be configured with HCL OneTest™ API.
        WSDL documents
        A Web Services Description Language (WSDL) document is a schema that describes a web service, including information on how to locate that service and what operations are supported. Within HCL OneTest™ API, a WSDL document enables users to construct a SOAP message that can be sent to a web service and to construct a template message in order to validate replies from web services.
        Web services security actions
        HCL OneTest™ API supports the use of one or more security actions that can be layered on top of one another in an outgoing SOAP message.
        Adding user tokens
        You can add user tokens if you want a simple user name and password authentication.
        Adding timestamp tokens
        You can add timestamp tokens if you want to define a period during which the SOAP envelope is valid.
        Adding binary tokens
        You can add binary tokens if you want authentication by using a keystore and certificate alias.
        Adding signatures
        You can add signatures if you want to apply signature authentication to the header and body elements of a SOAP message.
        Encrypting SOAP messages
        You can add encrypt the header and body of a SOAP messages if you want web services security by using encryption.
        Decrypting SOAP messages
        To avoid console errors, you must decrypt incoming SOAP messages if any are encrypted.
        Validating signatures
        You can add validate signatures of incoming SOAP messages if you want authentication by using signature validation.
        Adding LTPA tokens
        You can add a Lightweight Third-Party Authentication (LTPA) token to a SOAP message if you want LPTA token authentication.
      - HTTP transport
        HCL OneTest™ API provides access to HTTP and HTTPS-based communications through an extension of its transport mechanism.
      - Troubleshooting: HTTP and Web Services
        You can use workarounds to common problems that you might encounter when you use HTTP and Web Services.
    - Testing with IBM® API Developer Portals
      You can configure HCL OneTest™ API to synchronize IBM API Connect™ Developer Portal resources or IBM® API Management Developer Portal resources.
    - Testing with IBM® App Connect Enterprise
      When you want to test the services on applications deployed by the integration node of IBM® App Connect Enterprise, you can use the synchronization feature in HCL OneTest™ API to import details of deployed applications into an HCL OneTest API project. You can select the tests and stubs to be created in your project during the synchronization process in HCL OneTest API.
    - Testing with IBM® Integration Bus
      When you want to test the services on applications deployed by the integration node of IBM® Integration Bus, you can use the synchronization feature in HCL OneTest™ API to import details of deployed applications into an HCL OneTest API project. You can select the tests and stubs to be created in your project during the synchronization process in HCL OneTest API.
    - Testing with IBM® WebSphere® Application Server
      You can configure HCL OneTest™ API to synchronize IBM® WebSphere® Application Server resources.
    - Testing with IBM® WebSphere® MQ messages
      You can test WebSphere® MQ messages using the WebSphere MQ transport method or JMS interface. HCL OneTest™ API also supports testing WebSphere MQ on z/OS systems.
    - Testing with WebSphere® Portal
      You can configure HCL OneTest™ API to synchronize IBM® WebSphere® Portal resources.
    - Testing with IBM® z/OS® Connect Enterprise Edition
      IBM® z/OS® Connect Enterprise Edition provides a framework for enabling z/OS®-based programs and data to fully participate in the new API economy for mobile and cloud applications. Use IBM® z/OS® Connect Enterprise Edition to access z/OS subsystems, such as CICS®, IMS™ and Batch, by using RESTful APIs with JSON formatted messages. You can access multiple z/OS subsystems concurrently through a common interface.
    - Testing with Istio
      When you have applications hosted in a Kubernetes cluster that have Istio as a service mesh, you can virtualize the services in the cluster by creating stubs and tests for testing with Istio in HCL OneTest™ API.
    - Testing with Kubernetes
      For testing with Kubernetes set up a Kubernetes cluster, and then you can create and publish stubs from HCL OneTest™ API so that stubs can be run within Kubernetes. The stubs published can be co-located with existing services running within the Kubernetes cluster.
    - Testing with Microsoft™ .NET objects
      You can import serializable .NET objects from .NET assembly files (.exe or .dll) into HCL OneTest™ API and apply them to messages in the same way as you would apply a schema. A service-based test or stub can then send and receive a message containing a serialized form of a .NET object from the assembly file. You can construct and parse the .NET objects and perform validation, but you cannot test the objects directly.
    - Testing the migrated Postman collections
      You can migrate Postman collections and environments that you created in Postman to HCL OneTest™ API. Operations, transports, tests and stubs are automatically created during migration and you can run the tests and stubs in HCL OneTest API.
    - Testing with MongoDB
      If you are using HCL OneTest™ API V9.5.0 or later, you can create MongoDB transports and run tests against them.
    - Testing with the MQ telemetry transport
      If you are using HCL OneTest™ API 8.6.0 or later, you can create MQ telemetry transports.
    - Testing with Oracle Fusion
      Configure and run HCL OneTest™ API with the Oracle Fusion plug-in, which provides support for synchronization with and testing of the web services and composites that are available on a configured SOA server (that is, an Oracle WebLogic server with Oracle SOA Suite 11g deployed on it).
    - Testing with RabbitMQ
      If you are using HCL OneTest™ API V9.2.1.1 or later, you can create RabbitMQ transports.
    - Testing with SAP applications
      You can use HCL OneTest™ API to test SAP application server resources.
    - Testing with Software AG CentraSite
      You can incorporate governance in your SOA by using the integration of HCL OneTest™ API with Software AG CentraSite.
    - Testing with Software AG Universal Messaging
      You can use HCL OneTest™ API API to test Software AG Universal Messaging Broker server resources. From HCL OneTest API V10.0.2 or later, you can create Software AG Universal Messaging Broker transports, configure and run HCL OneTest API with the Software AG Universal Messaging server.
    - Testing with Software AG webMethods
      You can configure and run HCL OneTest™ API with the Software AG webMethods Integration Server to connect to Software AG webMethods Broker and Integration Server resources.
    - Testing with SSL
      To provide secure connections between clients and servers during testing, you can use the Secure Sockets Layer (SSL) technology supported by HCL OneTest™ API.
    - TCP and UDP
      In HCL OneTest™ API, you can create transports that facilitate communication between clients and servers by using both TCP- and UDP-based sockets.
    - Testing with TIBCO applications
      To use HCL OneTest™ API to test TIBCO messaging, you must configure and run HCL OneTest API with the TIBCO messaging plug-in. Doing so supports TIBCO Rendezvous messaging ("plain" TIBCO Rendezvous messaging and TIBCO ActiveEnterprise (AE) formats), TIBCO EMS messaging, and sending and receiving AE messages by using TIBCO EMS.
    - Testing applications on z/OS®
      You can test applications on IBM® z/OS® systems by using the capabilities that are supported for mainframes by HCL OneTest™ API.
    - Configuration of virtual IP addresses as virtual clients
      You can find information about how to configure virtual IP addresses in the operating system, and then use the virtual IP addresses to configure them as virtual clients in tests or as virtual servers in stubs.
  - Extending HCL OneTest™ API functionality by using custom functions
    You can add more calculations and operations to tests by using the HCL OneTest™ API custom function class. HCL OneTest API custom function is a Java™ class that extends the com.ghc.ghTester.expressions function.
  - Working in non-GUI mode
    You can use the tools and executable files that are provided along with the product software. You can use these tools to perform different test actions in a non-GUI mode.
- API Tester Guide (Service Virtualization)
  This guide describes the tasks that you can perform for using virtual services or stubs to simulate parts of an environment if the real services are not yet available or because they are difficult or expensive to use. This guide is intended for API Testers.

Validating signatures

You can add validate signatures of incoming SOAP messages if you want authentication by using signature validation.

About this task

The ability to validate signatures of SOAP messages is available only in HCL OneTest™ API 8.5.0 or later.

Procedure

Open a SOAP message for editing.
On the Config page, right-click the node and click Properties.
In the Field Properties dialog, click the WS-Security tab.
On the WS-Security page, ensure that the Enable field is selected.
Select Validate Signature from the list. The Validate Signature editor is displayed.

Configure the validate signature action.

The following table outlines the fields and options used for validating signatures.


Field/Option	Description
Transformation Name (Required)	Enter a name for the security action that will help identify the action in the main list.
Keystore (option)	You can use an HCL OneTest™ API identity store.
Username token	Alternatively, you can use a user name token if a user token action is listed above this action (under the toolbar on the WS-Security tab).
SAML Assertion token	Or, you can use a SAML assertion action if a SAML token action is listed above this action (under the toolbar on the WS-Security tab).
Keystore (list)	Select a HCL OneTest™ API identity store.
Certificate Alias	Select a public key alias (defined in the selected keystore).
Actor	Indicates a specific message receiver, either the ultimate receiver or an intermediary. For each actor/role that is defined (that is, in multiple tokens), a separate security header is added to the SOAP header.
Must understand?	Select this check box to make the SOAP header mandatory for the specified actor/role. In this case, either the header block must be processed or the entire SOAP message is ignored, and a SOAP fault is generated. If this check box is cleared (the default), the specified actor/role may or may not process the SOAP header.

Click OK.