API Basics
API Basics
In a Web service, Web technology such as HTTP, originally designed for human-to-machine
communication, is utilized for machine-to-machine communication, more specifically for transferring
machine readable file formats such as XML and JSON.
XML is used to encode all communications to a web service. For example, a client invokes a web
service by sending an XML message, then waits for a corresponding XML response. As all
communication is in XML, web services are not tied to any one operating system or programming
language—Java can talk with Perl; Windows applications can talk with UNIX applications and so on.
Web services are XML-based information exchange systems that use the Internet for direct
application-to-application interaction. These systems can include programs, objects, messages, or
documents.
Web services are self-contained, modular, distributed, dynamic applications that can be described,
published, located, or invoked over the network to create products, processes, and supply chains.
These applications can be local, distributed, or web-based. Web services are built on top of open
standards such as TCP/IP, HTTP, Java, HTML, and XML.
Characteristics:
XML Based
Loosely coupled
Coarse-Grained
Ability to be Synchronous or Asynchronous
Supports Remote Procedure Calls(RPCs)
Supports Document Exchange
Components of Web Services
The basic web services platform is XML + HTTP. All the standard web services work using the
following components:
XML-RPC
SOAP (Simple Object Access Protocol)
UDDI (Universal Description, Discovery and Integration)
WSDL (Web Services Description Language)
XML-RPC
This is the simplest XML-based protocol for exchanging information between computers.
A web service enables communication among various applications by using open standards such as
HTML, XML, WSDL, and SOAP. A web service takes the help of:
XML to tag the data
SOAP to transfer a message
WSDL to describe the availability of service.
XML Declaration
The XML declaration is a processing instruction that identifies the document as being XML.
This declaration also indicates whether the document can be validated by referring to an external
Document Type Definition (DTD).
NOTE: DTDs are the set of rules that describes the structure of an XML document.
An XML declaration consists of the literal sequence '<?xml', followed by the required version
information, followed by optional encoding and standalone declarations, followed by an optional
amount of white space, and terminating with the literal sequence '?>'. In this notation, a question
mark not contained in quotes means that the term that precedes it is optional.
<?xml
version="version_number"
encoding="encoding_declaration"
standalone="standalone_status" ?>
There are few things to keep in mind while declaring the XML
1. If the XML declaration is included, it must be suited at the first position of the first line in the
XML document.
2. If the XML definition is included, it must contain the version number attribute
3. If all of the attributes are declared in XML declaration, they must be placed in the order
shown above.
4. If any elements, attributes, or entities are used in XML document that are referred or
defined in an external DTD, standalone=”no” must be included.
5. The XML declaration must be in lower case (except for the encoding declarations).
6. The optional encoding part of the declaration tells the XML processor (parser) how to
interpret the bytes based on a particular character set. The default encoding is UTF-8, which
is one of seven character-encoding schemes used by the Unicode standard, also used as the
default for Java.
Attribute
Possible Attribute Value: Attribute Description:
Name:
The document type declaration follows the XML declaration. The purpose of this declaration
is to define the legal building blocks of an XML document.
The DTD consists of an internal, or references an external Document Type Definition (DTD).
It can also have both internal and external DTDs.
1. The Document Type Declaration must be placed between the XML declaration and the first
element (root element) in the document.
2. The keyword DOCTYPE must be followed by the name of the root element in the XML
document.
3. The keyword DOCTYPE must be in upper case.
4. If any elements, attributes, or entities are used in the XML document that are referenced or
defined in an external DTD, standlone=”no” must be included in the XML declaration.
Document Body
The document body, or instance, is the bulk of the information content of the document. Whereas
across multiple instances of a document of a given type (as identified by the DOCTYPE) the XML
prolog will remain constant, the document body changes with each document instance (in general).
This is because the prolog defines (either directly or indirectly) the overall structure while the body
contains the real instance-specific data.
Because the document type declaration specifies the root element, this must be the first element the
parser encounters. If any other element but the one identified by the DOCTYPE line appears first, the
document is immediately invalid.
Below shows a very simple XHTML 1.0 document. The DOCTYPE is "html" (not "xhtml"), so the
document body begins with <html ....> and ends with </html>.
<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2001/12/soap-envelope" SOAP-
ENV:encodingStyle="http://www.w3.org/2001/12/soap-encoding">
<SOAP-ENV:Header>
...
...
</SOAP-ENV:Header>
<SOAP-ENV:Body>
...
...
<SOAP-ENV:Fault>
...
...
</SOAP-ENV:Fault>
...
</SOAP-ENV:Body>
</SOAP_ENV:Envelope>
Envelope − Defines the start and the end of the message. It is a mandatory element.
Header − Contains any optional attributes of the message used in processing the message,
either at an intermediary point or at the ultimate end-point. It is an optional element.
Body − Contains the XML data comprising the message being sent. It is a mandatory
element.
Fault − An optional Fault element that provides information about errors that occur while
processing the message.
Below mentioned are some important points about SOAP envelope element −
Every SOAP message has a root Envelope element.
Envelope is a mandatory part of SOAP message.
Every Envelope element must contain exactly one Body element.
If an Envelope contains a Header element, it must contain no more than one, and it must
appear as the first child of the Envelope, before the Body.
The envelope changes when SOAP versions change.
The SOAP envelope is specified using the ENV namespace prefix and the Envelope element.
The optional SOAP encoding is also specified using a namespace name and the
optional encodingStyle element, which could also point to an encoding style other than the
SOAP one.
A v1.1-compliant SOAP processor generates a fault upon receiving a message containing the
v1.2 envelope namespace.
A v1.2-compliant SOAP processor generates a VersionMismatch fault if it receives a message
that does not include the v1.2 envelope namespace.
Actor attribute
The SOAP protocol defines a message path as a list of SOAP service nodes. Each of these
intermediate nodes can perform some processing and then forward the message to the next
node in the chain. By setting the Actor attribute, the client can specify the recipient of the
SOAP header.
Must-Understand attribute
It indicates whether a Header element is optional or mandatory. If set to true, the recipient
must understand and process the Header attribute according to its defined semantics, or
return a fault.
<?xml version="1.0"?>
<SOAP-ENV:Header>
<t:Transaction xmlns:t="http://www.tutorialspoint.com/transaction/" SOAP-
ENV:mustUnderstand="true">5</t:Transaction>
</SOAP-ENV:Header>
...
...
</SOAP-ENV:Envelope>
The SOAP body is a mandatory element that contains the application-defined XML data being
exchanged in the SOAP message. The body must be contained within the envelope and must follow
any headers that might be defined for the message.
The body is defined as a child element of the envelope, and the semantics for the body are defined
in the associated SOAP schema.
The body contains mandatory information intended for the ultimate receiver of the message. For
example –
<?xml version="1.0"?>
<SOAP-ENV:Envelope>
........
<SOAP-ENV:Body>
<m:GetQuotation xmlns:m="http://www.tp.com/Quotation">
<m:Item>Computers</m:Item>
</m:GetQuotation>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
The example above requests a quotation of computer sets. Note that the m:GetQuotation and the
Item elements above are application-specific elements. They are not a part of the SOAP standard.
Here is the response to the above query –
<?xml version="1.0"?>
<SOAP-ENV:Envelope>
........
<SOAP-ENV:Body>
<m:GetQuotationResponse xmlns:m="http://www.tp.com/Quotation">
<m:Quotation>This is Qutation</m:Quotation>
</m:GetQuotationResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Normally, the application also defines a schema to contain semantics associated with the request
and response elements.
The Quotation service might be implemented using an EJB running in an application server; if so,
the SOAP processor would be responsible for mapping the body information as parameters into and
out of the EJB implementation of the GetQuotationResponse service. The SOAP processor could also
be mapping the body information to a .NET object, a CORBA object, a COBOL program, and so on.
If an error occurs during processing, the response to a SOAP message is a SOAP fault element in the
body of the message, and the fault is returned to the sender of the SOAP message.
The SOAP fault mechanism returns specific information about the error, including a predefined
code, a description, and the address of the SOAP processor that generated the fault.
Below mentioned are few important points about SOAP fault element to take note of −
A SOAP message can carry only one fault block.
Fault is an optional part of a SOAP message.
For HTTP binding, a successful response is linked to the 200 to 299 range of status codes.
SOAP Fault is linked to the 500 to 599 range of status codes.
<faultCode> It is a text code used to indicate a class of errors. See the next Table for a listing of
predefined fault codes.
<faultActor> It is a text string indicating who caused the fault. It is useful if the SOAP message
travels through several nodes in the SOAP message path, and the client needs to
know which node caused the error. A node that does not act as the ultimate
destination must include a faultActor element.
The faultCode values defined below must be used in the faultcode element while describing faults.
Error Description
SOAP-ENV:Server There was a problem with the server, so the message could not
proceed.
The following code is a sample Fault. The client has requested a method named ValidateCreditCard,
but the service does not support such a method. This represents a client request error, and the
server returns the following SOAP response –
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/1999/XMLSchema">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode xsi:type="xsd:string">SOAP-ENV:Client</faultcode>
<faultstring xsi:type="xsd:string">
Failed to locate method (ValidateCreditCard) in class (examplesCreditCard) at
/usr/local/ActivePerl-5.6/lib/site_perl/5.6.0/SOAP/Lite.pm line 1555.
</faultstring>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
WSDL (Web Services Description Language)
WSDL is the standard format for describing a web service. It is often used in combination with SOAP
and XML Schema to provide web services over the Internet.
A client program connecting to a web service can read the WSDL to determine what functions are
available on the server.
Any special datatypes used are embedded in the WSDL file in the form of XML Schema. The client
can then use SOAP to actually call one of the functions listed in the WSDL.
Features of WSDL
WSDL is an XML-based protocol for information exchange in decentralized and distributed
environments.
WSDL definitions describe how to access a web service and what operations it will perform.
WSDL is a language for describing how to interface with XML-based services.
WSDL is an integral part of Universal Description, Discovery, and Integration (UDDI), an XML-
based worldwide business registry.
WSDL is the language that UDDI uses.
WSDL is pronounced as 'wiz-dull' and spelled out as 'W-S-D-L'.
WSDL – Elements
The three major elements of WSDL that can be defined separately are:
Types
Operations
Binding
A WSDL document has various elements, but they are contained within these three main elements,
which can be developed as separate documents and then they can be combined or reused to form
complete WSDL files.
A WSDL document contains the following elements:
Definition: It is the root element of all WSDL documents. It defines the name of the web
service, declares multiple namespaces used throughout the remainder of the document,
and contains all the service elements described here.
Data types: The data types to be used in the messages are in the form of XML schemas.
Message: It is an abstract definition of the data, in the form of a message presented either
as an entire document or as arguments to be mapped to a method invocation.
Operation: It is the abstract definition of the operation for a message, such as naming a
method, message queue, or business process, that will accept and process the message.
Port type: It is an abstract set of operations mapped to one or more end-points, defining the
collection of operations for a binding; the collection of operations, as it is abstract, can be
mapped to multiple transports through various bindings.
Binding: It is the concrete protocol and data formats for the operations and messages
defined for a particular port type.
Port: It is a combination of a binding and a network address, providing the target address of
the service communication.
Service: It is a collection of related end-points encompassing the service definitions in the
file; the services map the binding to the port and include any extensibility definitions.
Documentation: This element is used to provide human-readable documentation and can
be included inside any other WSDL element.
Import: This element is used to import other WSDL documents or XML Schemas.
Reference:
https://www.owasp.org/index.php/Web_Service_Security_Testing_Cheat_Sheet
http://www.soapui.org/
http://www.techrepublic.com/blog/software-engineer/how-to-test-web-services-
with-soapui/
http://www.techrepublic.com/blog/programming-and-development/easily-test-
web-services-with-soapui/699
http://cdn.softwaretestinghelp.com/wp-
content/qa/uploads/2006/12/Automated-Testing.png