Amazon Sample Project

The Amazon API sample project uses SOAP instead of REST – which makes it somewhat easier to understand inside SoapUI since the WSDL (available at http://webservices.amazon.com/AWSECommerceService/AWSECommerceService.wsdl) defines all operations and request/response messages for you. The sample projects TestCase only contains one TestStep since Amazon is somewhat restrictive in allowing their APIs being used for demonstration purposes.

The project looks as follows:

The sample Amazon project

The ItemSearch Request in the TestCase is straightforward:

testrequest

It makes a search for “soapui” in all indexes and validates that the response contains the ASIN number of existing book on SoapUI.

Security for the the Amazon requests is twofold:

  1. An Access Key that can be obtained via an account at the AWS site (http://aws.amazon.com/iam/). In the request above this is saved in a project level property (highlighted bottom left) and used in the request via property expansion (highlighted top right).
  2. By adding a signed WS-Security timestamp header to the request – which is unfortunately a bit more cumbersome to set up. You will need to do as follows:
  3. Generate a certificate in the AWS console and import that into a java keystore (using for example Keystore Explorer)
  4. Open the WS-Security tab in the Amazon project window and specify your keystore there with its corresponding password:

    wss-keystore
     
  5. Go to the Outgoing WS-Security Configurations tab and make sure you have an outgoing configuration containing a Timestamp and a Signature token configured as below:

    The Timestamp:

    wss-timestamp

    The Signature:

    wss-signature

    You need to specify the Timestamp element explicitly in the bottom right table of parts to sign – otherwise SoapUI will sign the message body instead. Also make sure you select the alias of the amazon certificate in you keystore file in the Alias drop-down.
     
  6. Now go to the request and select this Outgoing WS configuration in the Auth tab below the request editor:

    wss-request
     
  7. Now when sending the request, the outgoing message will get a signed Timestamp header – as can be seen in the Raw request tab:

    wss-raw-request

Download Amazon Sample Project

No one knows APIs better than SmartBear. Find out what our Pro version of SoapUI can do to improve your testing.