Functional | Automation | Performance | Compliance | Security | Identity | Zero Trust | Custom
Built-in project management features allow for import and export of project data. The test data and rules are stored in portable project files which can be moved around for shared environment testing and also versioned using any source control tools.
Success Criteria Rules
Validating API behavior is simplified by creating expected behavior rules using the success criteria rule framework. Quickly enable functional and performance testing to detect and report API expected behavior.
Drive inputs and response analysis using dynamic data from File, Excel, or Database tables. Can be used for functional API validation or with virtual client performance testing. Supports data source splitting and synchronization across data sources.
Embedded behavior variance engine provides XDiff technology to automatically detect behavior variances and regression between API tests and API versions. Capture API baseline behavior and then run regression tests to detect and report any regression of functionality or expected behavior.
PKI and Security
Built-in PKI engine for TLS, Digital Signature generation, and Encryption. Supports direct access to X.509 keys from Windows, Java keystore and dynamic SmartCard readers. Also support dynamic PKI for run-time specified PKI when API tests move from one environment to another.
Automatic Message Generation
OpenAPI and WSDL schema parsing with automatic JSON and XML generation. Enables simplified message generation by providing schema from OpenAPI, WSDL or stand-alone XSD schema. Messages can then be created via graphical form editor and resulting messages automatically created.
MFA and SSO
Protocol identity generation for Basic Auth, SSL X509 Auth, and NTLM. Message based identity generation for SAML, OAuth, Amazon AWSv4, X509, and Kerberos Identity Tokens
Detailed reports for results based on type of test performed including Functional, Performance, Compliance, and Vulnerability reports. Export formats XML, DOC, XLS, PDF, RTF, and RPT.
Variable substitution in message headers, message body, tasks, identity credentials. Dynamic X.509 aliases for PKI. Runtime variable, global variables, context functions, and automation variables.
Virtual users provide real-time dynamic loading clients which simultaneously load the API and capture statistics for throughput, latency, and TPS. Scenarios include ramp-up, ramp-down, and weighted scenarios.
Flexible Test Types
Built-in types include OpenAPI, JSON, SOAP, XML, REST, Batch, WS-Trust, and Custom test variants. Any testing types can be linked together for testing of functional flows and test dependencies for asynchronous and synchronous testing.
Vulnerability and Zero Trust
Security testing with patented dynamic XSD mutation creates automatic parameter fuzzing. Vulnerability assessment of the target API includes risk assessment and risk mitigation reporting with configurable rule framework.