Home
Tester Guide
This guide describes the tasks that you can perform for testing various domains, technologies, and applications. To enable testing, you must configure and enable the environment for testing.
Tester Guide - API Testing
This guide describes the tasks that you can perform for testing various domains, technologies, and applications. To enable testing, you must configure and enable the environment for testing. This guide is intended for API testers.
API Testing
You can use find information about the tasks that you can perform for testing various domains, technologies, or applications.
Security vulnerabilities testing by using HCL® AppScan
You can use HCL® AppScan to scan all HTTP traffic that is generated as part of integration testing in HCL OneTest™ API for security vulnerabilities.

Tester Guide
This guide describes the tasks that you can perform for testing various domains, technologies, and applications. To enable testing, you must configure and enable the environment for testing.
- Tester Guide - API Testing
  This guide describes the tasks that you can perform for testing various domains, technologies, and applications. To enable testing, you must configure and enable the environment for testing. This guide is intended for API testers.
  - API Testing
    You can use find information about the tasks that you can perform for testing various domains, technologies, or applications.
    - Testing Java™ applications
      You can use HCL OneTest™ API to test Java™ applications.
    - Testing Java™ Message Service (JMS) systems
      Use the generic JMS plug-in to connect HCL OneTest™ API to a wide range of EAI platforms, which includes any vendor that provides an implementation of this Java™ standard. JMS provides a way of separating the application from the transport layer of providing data. The same Java classes can be used to communicate with different JMS providers by using the JNDI information for a specific provider. The classes first use a connection factory to connect to the queue or topic, and then use populate and send or publish the messages. On the receiving side, the clients then receive or subscribe to the messages
    - Testing Java™ objects
      You can import Plain Old Java™ Objects (POJOs) from JAR files into HCL OneTest™ API in order to parse and construct messages containing the serialized forms of those objects. You can construct and parse the Java objects and perform validation, but you cannot test the objects directly.
    - Testing with Apache Camel components
      You can use HCL OneTest™ API to create tests and stubs by setting up an Apache Camel component in an HCL OneTest API project. You can configure the technology endpoints supported by the Camel component as the physical resources in the HCL OneTest API project and test for the services provided by the technology.
    - Testing with Apache Kafka
      Starting from HCL OneTest™ API 10.0.2 and later, you can create Kafka transports to test Kafka services.
    - Testing with Docker
      You can use Docker containers with HCL OneTest™ API to run stubs co-located with your test systems.
    - Testing with the email transport
      When you use applications in your test environment that use email services, you can use HCL OneTest™ API to create tests and stubs for testing the email services. You can set up an email transport in an HCL OneTest API project and configure the email servers as the physical resources in the HCL OneTest API project, and then test the email services.
    - Testing with Envoy Proxy (Experimental)
      You can use HCL OneTest™ API to record the HTTP traffic on the Envoy Proxy by using the Experimental HTTP Tap Filter feature of the Envoy Proxy.
    - Testing with the File transport
      As with any other transport, the File transport includes both logical and physical configurations. Tests and stubs are associated with the logical File resource, which represents an abstraction of the File resource and is the same for all environments. The physical File Access configuration includes connection details, and you can configure a different physical File Access for each environment.
    - Testing with the FIX transport
      You can use the Financial Information eXchange (FIX) transport and FIX dictionaries in HCL OneTest™ API to help you test trade-related messages and the systems that use them.
    - Testing with the HTTP transport
      To provide support for HTTP-based communications, you must configure and run HCL OneTest™ API by using the HTTP transport and SOAP message formatters.
    - Testing with IBM® API Developer Portals
      You can configure HCL OneTest™ API to synchronize IBM API Connect™ Developer Portal resources or IBM® API Management Developer Portal resources.
    - Testing with IBM® App Connect Enterprise
      When you want to test the services on applications deployed by the integration node of IBM® App Connect Enterprise, you can use the synchronization feature in HCL OneTest™ API to import details of deployed applications into an HCL OneTest API project. You can select the tests and stubs to be created in your project during the synchronization process in HCL OneTest API.
    - Testing with IBM® Integration Bus
      When you want to test the services on applications deployed by the integration node of IBM® Integration Bus, you can use the synchronization feature in HCL OneTest™ API to import details of deployed applications into an HCL OneTest API project. You can select the tests and stubs to be created in your project during the synchronization process in HCL OneTest API.
    - Testing with IBM® WebSphere® Application Server
      You can configure HCL OneTest™ API to synchronize IBM® WebSphere® Application Server resources.
    - Testing with IBM® WebSphere® MQ messages
      You can test WebSphere® MQ messages using the WebSphere MQ transport method or JMS interface. HCL OneTest™ API also supports testing WebSphere MQ on z/OS systems.
    - Testing with WebSphere® Portal
      You can configure HCL OneTest™ API to synchronize IBM® WebSphere® Portal resources.
    - Testing with IBM® z/OS® Connect Enterprise Edition
      IBM® z/OS® Connect Enterprise Edition provides a framework for enabling z/OS®-based programs and data to fully participate in the new API economy for mobile and cloud applications. Use IBM® z/OS® Connect Enterprise Edition to access z/OS subsystems, such as CICS®, IMS™ and Batch, by using RESTful APIs with JSON formatted messages. You can access multiple z/OS subsystems concurrently through a common interface.
    - Testing with Istio
      When you have applications hosted in a Kubernetes cluster that have Istio as a service mesh, you can virtualize the services in the cluster by creating stubs and tests for testing with Istio in HCL OneTest™ API.
    - Testing with Kubernetes
      For testing with Kubernetes set up a Kubernetes cluster, and then you can create and publish stubs from HCL OneTest™ API so that stubs can be run within Kubernetes. The stubs published can be co-located with existing services running within the Kubernetes cluster.
    - Testing with Microsoft™ .NET objects
      You can import serializable .NET objects from .NET assembly files (.exe or .dll) into HCL OneTest™ API and apply them to messages in the same way as you would apply a schema. A service-based test or stub can then send and receive a message containing a serialized form of a .NET object from the assembly file. You can construct and parse the .NET objects and perform validation, but you cannot test the objects directly.
    - Testing the migrated Postman collections
      You can migrate Postman collections and environments that you created in Postman to HCL OneTest™ API. Operations, transports, tests and stubs are automatically created during migration and you can run the tests and stubs in HCL OneTest API.
    - Testing with MongoDB
      If you are using HCL OneTest™ API 9.5.0 or later, you can create MongoDB transports and run tests against them.
    - Testing with the MQ telemetry transport
      If you are using HCL OneTest™ API 8.6.0 or later, you can create MQ telemetry transports.
    - Testing with Oracle Fusion
      Configure and run HCL OneTest™ API with the Oracle Fusion plug-in, which provides support for synchronization with and testing of the web services and composites that are available on a configured SOA server (that is, an Oracle WebLogic server with Oracle SOA Suite 11g deployed on it).
    - Testing with RabbitMQ
      If you are using HCL OneTest™ API 9.2.1.1 or later, you can create RabbitMQ transports.
    - Testing with SAP applications
      You can use HCL OneTest™ API to test SAP application server resources.
    - Testing with Software AG CentraSite
      You can incorporate governance in your SOA by using the integration of HCL OneTest™ API with Software AG CentraSite.
    - Testing with Software AG Universal Messaging
      You can use HCL OneTest™ API API to test Software AG Universal Messaging Broker server resources. From HCL OneTest API 10.0.2 or later, you can create Software AG Universal Messaging Broker transports, configure and run HCL OneTest API with the Software AG Universal Messaging server.
    - Testing with Software AG webMethods
      You can configure and run HCL OneTest™ API with the Software AG webMethods Integration Server to connect to Software AG webMethods Broker and Integration Server resources.
    - Testing with SSL
      To provide secure connections between clients and servers during testing, you can use the Secure Sockets Layer (SSL) technology supported by HCL OneTest™ API.
    - TCP and UDP
      In HCL OneTest™ API, you can create transports that facilitate communication between clients and servers by using both TCP- and UDP-based sockets.
    - Testing with TIBCO applications
      To use HCL OneTest™ API to test TIBCO messaging, you must configure and run HCL OneTest API with the TIBCO messaging plug-in. Doing so supports TIBCO Rendezvous messaging ("plain" TIBCO Rendezvous messaging and TIBCO ActiveEnterprise (AE) formats), TIBCO EMS messaging, and sending and receiving AE messages by using TIBCO EMS.
    - Testing applications on z/OS®
      You can test applications on IBM® z/OS® systems by using the capabilities that are supported for mainframes by HCL OneTest™ API.
    - Managing credentials
      If you have external resources that must be accessed by project or test resources in HCL OneTest™ API and you do not want to expose the credentials used to access the external resources, then you can implement a user-defined access in a credential management system.
    - Configuration of virtual IP addresses as virtual clients
      You can find information about how to configure virtual IP addresses in the operating system, and then use the virtual IP addresses to configure them as virtual clients in tests or as virtual servers in stubs.
    - Configuration of test runs in a GitHub Actions Workflow
      You can configure test runs of test resources that you create in HCL OneTest™ API in a GitHub Actions Workflow. You can choose to run test resources in the GitHub Workflow when you do not want to run the test resources without opening HCL OneTest API.
    - Security vulnerabilities testing by using HCL® AppScan
      You can use HCL® AppScan to scan all HTTP traffic that is generated as part of integration testing in HCL OneTest™ API for security vulnerabilities.
      - Starting HCL OneTest™ API from the command line
        You must start HCL OneTest™ API from the command line by using the hostname and port of the computer on which you installed HCL® AppScan Dynamic Analysis Client when you want HCL AppScan Dynamic Analysis Client to capture and scan the HTTP traffic from and to HCL OneTest API. After you start HCL OneTest API and run tests, the HTP traffic is scanned by HCL AppScan Dynamic Analysis Client for security vulnerabilities.
  - Extending HCL OneTest™ API functionality by using custom functions
    You can add more calculations and operations to tests by using the HCL OneTest™ API custom function class. HCL OneTest API custom function is a Java™ class that extends the com.ghc.ghTester.expressions function.
  - Working in non-GUI mode
    You can use the tools and executable files that are provided along with the product software. You can use these tools to perform different test actions in a non-GUI mode.
- Tester Guide - Service Virtualization
  This guide describes the tasks that you can perform for using virtual services or stubs to simulate parts of an environment if the real services are not yet available or because they are difficult or expensive to use. This guide is intended for API Testers.

Security vulnerabilities testing by using HCL® AppScan

You can use HCL® AppScan to scan all HTTP traffic that is generated as part of integration testing in HCL OneTest™ API for security vulnerabilities.

Prerequisites

Before you use HCL® AppScan to scan the HTTP traffic to and from HCL OneTest™ API, you must consider the following prerequisites:

You must have installed a licensed version of HCL® AppScan Enterprise or HCL® AppScan Standard edition. Visit the AppScan family of products page to select your product and version to view the documentation. You can refer to the documentation for the installation instructions for the HCL® AppScan version that you want to use.
You must be familiar with configuring and using HCL® AppScan to scan applications or web services for security vulnerabilities.

Overview of tasks

You can find the tasks that you can perform for scanning the HTTP traffic to and fromHCL OneTest™ API in the following table:


	Task
1.	Install HCL® AppScan or the HCL® AppScan Dynamic Analysis Client.
2.	Set up HCL OneTest™ API as the application to scan, in the HCL® AppScan server or the HCL® AppScan Dynamic Analysis Client. You can use any of the following methods to set up the application: Login Management Manual Explore External Traffic Recorder Refer to the AppScan documentation for the details on these methods in the version of AppScan that you want to use.
3.	Start HCL OneTest™ API from the command line. See Starting HCL OneTest API from the command line.
4.	Verify if the HTTP traffic to and fromHCL OneTest™ API is scanned by HCL® AppScan by creating a project, setting up a physical transport, and creating tests to send and receive messages in HCL OneTest™ API. After you run the tests, you can view the scan reports in HCL® AppScan.