Skip to Content
Author's profile photo Lars Hvam

Test POST request to Gateway with SoapUI

This blog describes how to make POST calls containing CSRF tokens to Gateway using SoapUI.

The testcase contains 3 steps, and a property named CSRF,

Setup.png

Check field “Maintain HTTP session” under testcase options, this will make sure that the cookies set in the GET request are reused in the POST request,

TestCase Options.png

1: Get CSRF

This will fetch the token via a GET request, add header “X-CSRF-Token” and value “Fetch”

Get CSRF.png

2: Groovy Script

The script will take the token from the GET request and store it in the testcase “CSRF” property

Groovy.png

def headerValue = testRunner.testCase.getTestStepByName(“Get CSRF”).httpRequest.response.responseHeaders[“x-csrf-token”];

log.info( headerValue[0] );

testRunner.testCase.setPropertyValue( “CSRF”, headerValue[0] );

3: POST

The actual request using the token, add header “X-CSRF-Token” with value “${#TestCase#CSRF}”, set content type according to input data

POST.png

Assigned Tags

      6 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Thanks, good article. But why headerValue[0] ? Only first char.

      Author's profile photo Lars Hvam
      Lars Hvam
      Blog Post Author

      its the first entry in the array containing a string value

      Author's profile photo Former Member
      Former Member

      In my situation I had the first character. No matter.

      Author's profile photo Lars Hvam
      Lars Hvam
      Blog Post Author

      Hmm, something might be broken then, below is the expected result where "GZHmg4qIi5noiw5RLUM5Nw==" is the token value

      /wp-content/uploads/2015/03/expected_670158.png

      Author's profile photo Former Member
      Former Member

      Hi Lars,

      We have tried the above  for our ABAP odata  for Post method ( ie Batch create ).

      We are not getting any response .

      The required entry is not getting created in our tables.

      Any special configuration needs to be maintained?

      Thanks

      Anupama

      Author's profile photo Former Member
      Former Member

      Hi

      Thanks for the post, but the first step is the key and could please show some more details?

      In my situation, I need to login the test box at first then get the Cookies and token. The first step of request would be Post, instead of Get.

      Many thanks.

      Cheers