SOAPSonar
API Testing
Functional | Automation | Performance | Compliance | Security | Identity | Zero Trust | Custom
Functional Testing
Validate the functional behavior of API endpoints with client input simulations. Quality criteria rules provide validation and regression testing of API behavior. Tests can be run on-demand or automated.
Regression Testing
Create behavior baselines and run regression tests to determine if any breakage or change of behavior occurs. Includes JSON and XML Diff capability.
OpenAPI Testing
Supports latest OpenAPI standards for automatically parsing OpenAPI documents and building test cases for all of the defined functions.
Data Privacy Testing
Test encryption and decryption of JSON, XML, REST, and SOAP message patterns.
Fuzz Testing
Dynamic mutation engine intelligently generates input fuzzing and measures responses against criteria rules. Security tests provide risk posture and vulnerability profile reporting.
MFA and SSO Testing
Test authentication schemes including OAuth, SAML, PKI, Basic Auth, Amazon Auth, and Kerberos. Verify SSO tokens and cookies.
AWS Cloud API Testing
Built-in support for AWSv4 signatures to authenticate to and test Amazon AWS APIs.
Performance Testing
Simulate load from multiple virtual clients to measure and validate the performance criteria of the target APIs. Dynamic security and identity provide real world simulated inputs.
Product Features
Project Management
Built-in project management features allow for import and export of project data. The test data and rules are stored in portable project files which can be moved around for shared environment testing and also versioned using any source control tools.
Success Criteria Rules
Validating API behavior is simplified by creating expected behavior rules using the success criteria rule framework. Quickly enable functional and performance testing to detect and report API expected behavior.
Test Automation
Drive inputs and response analysis using dynamic data from File, Excel, or Database tables. Can be used for functional API validation or with virtual client performance testing. Supports data source splitting and synchronization across data sources.
Regression Testing
Embedded behavior variance engine provides XDiff technology to automatically detect behavior variances and regression between API tests and API versions. Capture API baseline behavior and then run regression tests to detect and report any regression of functionality or expected behavior.
PKI and Security
Built-in PKI engine for TLS, Digital Signature generation, and Encryption. Supports direct access to X.509 keys from Windows, Java keystore and dynamic SmartCard readers. Also support dynamic PKI for run-time specified PKI when API tests move from one environment to another.
Automatic Message Generation
OpenAPI and WSDL schema parsing with automatic JSON and XML generation. Enables simplified message generation by providing schema from OpenAPI, WSDL or stand-alone XSD schema. Messages can then be created via graphical form editor and resulting messages automatically created.
MFA and SSO
Protocol identity generation for Basic Auth, SSL X509 Auth, and NTLM. Message based identity generation for SAML, OAuth, Amazon AWSv4, X509, and Kerberos Identity Tokens
Test Reports
Detailed reports for results based on type of test performed including Functional, Performance, Compliance, and Vulnerability reports. Export formats XML, DOC, XLS, PDF, RTF, and RPT.
Test Variables
Variable substitution in message headers, message body, tasks, identity credentials. Dynamic X.509 aliases for PKI. Runtime variable, global variables, context functions, and automation variables.
Virtual Users
Virtual users provide real-time dynamic loading clients which simultaneously load the API and capture statistics for throughput, latency, and TPS. Scenarios include ramp-up, ramp-down, and weighted scenarios.
Flexible Test Types
Built-in types include OpenAPI, JSON, SOAP, XML, REST, Batch, WS-Trust, and Custom test variants. Any testing types can be linked together for testing of functional flows and test dependencies for asynchronous and synchronous testing.
Vulnerability and Zero Trust
Security testing with patented dynamic XSD mutation creates automatic parameter fuzzing. Vulnerability assessment of the target API includes risk assessment and risk mitigation reporting with configurable rule framework.