SOAP and XML Testing

Yuri Kan

SOAP and XML Testing

Learn SOAP and XML API testing — WSDL, XML messages, SoapUI, and when SOAP is still relevant. Essential knowledge for enterprise QA engineers.

Quick Answer

SOAP and XML Testing covers essential QA skills — after this lesson you can understand SOAP architecture, WSDL, and XML message structure.

— Yuri Kan, Senior QA Lead

What You Will Learn

Understand SOAP architecture, WSDL, and XML message structure
Test SOAP services using SoapUI and cURL
Compare SOAP with REST and identify when SOAP is still used

Table of Contents

What Is SOAP?

SOAP (Simple Object Access Protocol) is a messaging protocol for exchanging structured data between systems. It uses XML for message formatting and typically runs over HTTP, though it can use other protocols like SMTP.

SOAP was the dominant web service technology before REST emerged. While newer APIs overwhelmingly use REST or GraphQL, SOAP remains critical in enterprise environments.

Where SOAP Is Still Used

Banking and finance — payment processing, interbank communication (SWIFT)
Healthcare — HL7/FHIR integrations, insurance claims
Government — tax filing, regulatory reporting
Enterprise — SAP, Salesforce SOAP API, legacy CRM/ERP systems
Telecommunications — provisioning, billing systems

SOAP vs. REST

Feature	SOAP	REST
Format	XML only	JSON, XML, others
Contract	Required (WSDL)	Optional (OpenAPI)
Protocol	HTTP, SMTP, JMS	HTTP only
Security	WS-Security (built-in)	HTTPS + custom
Transactions	WS-AtomicTransaction	Custom
State	Stateful supported	Stateless
Error handling	SOAP Faults	HTTP status codes
Learning curve	High	Low

SOAP Message Structure

Every SOAP message has this structure:

<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
               xmlns:usr="http://example.com/users">
  <soap:Header>
    <usr:AuthToken>token123</usr:AuthToken>
  </soap:Header>
  <soap:Body>
    <usr:GetUser>
      <usr:userId>42</usr:userId>
    </usr:GetUser>
  </soap:Body>
</soap:Envelope>

Response:

<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <GetUserResponse>
      <user>
        <id>42</id>
        <name>Alice Johnson</name>
        <email>alice@example.com</email>
      </user>
    </GetUserResponse>
  </soap:Body>
</soap:Envelope>

SOAP Faults (Error Responses)

<soap:Body>
  <soap:Fault>
    <faultcode>soap:Client</faultcode>
    <faultstring>User not found</faultstring>
    <detail>
      <errorCode>USER_404</errorCode>
      <message>No user with ID 99999 exists</message>
    </detail>
  </soap:Fault>
</soap:Body>

Fault codes: soap:Client (client error), soap:Server (server error), soap:MustUnderstand, soap:VersionMismatch.

WSDL — The Contract

WSDL (Web Service Description Language) defines everything about the SOAP service. It is your primary testing reference:

Types — XML Schema definitions for request/response messages
Messages — Abstract definitions of the data being communicated
Operations — Available methods (GetUser, CreateUser, etc.)
Bindings — How messages are transmitted (SOAP over HTTP)
Services — The endpoint URL where the service is available

# Access WSDL
https://api.example.com/UserService?wsdl

Testing SOAP Services

Using SoapUI

SoapUI is the standard tool for SOAP testing:

Import WSDL: File > New SOAP Project > Enter WSDL URL
SoapUI auto-generates sample requests for all operations
Modify the XML values and send requests
Add assertions for response validation
Create test suites and data-driven tests

Using cURL

curl -X POST \
  -H "Content-Type: text/xml; charset=utf-8" \
  -H "SOAPAction: http://example.com/GetUser" \
  -d '<?xml version="1.0"?>
  <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Body>
      <GetUser xmlns="http://example.com/users">
        <userId>42</userId>
      </GetUser>
    </soap:Body>
  </soap:Envelope>' \
  https://api.example.com/UserService

SOAP Test Scenarios

Category	Tests
Functional	Valid requests for each operation; verify response data
Validation	Missing required elements, wrong data types, invalid XML
Security	WS-Security tokens, expired tokens, SQL/XML injection
Faults	Verify fault codes, fault strings, and detail elements
WSDL compliance	Response matches WSDL-defined schema
Performance	Response time under load
Interoperability	Different SOAP clients produce same results

XML Validation Tests

Test	Expected
Well-formed XML	Missing closing tags should fail
Schema validation	Elements must match WSDL types
Namespace errors	Wrong namespace should return fault
Empty required elements	Should return validation fault
XML injection	`<script>` tags should be escaped/rejected
XXE attack	External entity references should be blocked

Hands-On Exercise

Explore a public SOAP service: Find a public SOAP API (many countries have public government SOAP services). Import the WSDL into SoapUI or use cURL.
Test with cURL: Send a SOAP request via cURL and parse the XML response.
Error testing: Send malformed XML, missing required elements, and invalid data types.
Compare SOAP and REST: If an API offers both SOAP and REST interfaces, compare the request/response size and complexity.

Key Takeaways

SOAP uses XML messages with a strict Envelope/Header/Body structure and WSDL contracts
While REST dominates new APIs, SOAP remains critical in banking, healthcare, government, and enterprise
WSDL is the complete API contract — it defines operations, messages, types, and endpoints
SoapUI is the industry-standard tool for SOAP testing; cURL works for simple requests
SOAP Faults are the error mechanism — test for proper fault codes, strings, and detail elements
XML-specific vulnerabilities (XXE, XML injection) must be tested in addition to standard API security

Knowledge Check

1. What does WSDL stand for?

2. What is the SOAP Envelope?

3. In which industries is SOAP still commonly used?

Frequently Asked Questions

What is soap and xml testing?

SOAP and XML Testing is a key concept in API and Backend Testing. This lesson teaches you to understand SOAP architecture, WSDL, and XML message structure, providing practical skills you can apply immediately in your testing work.

How do I apply soap and xml testing in real projects?

Start by practicing the core techniques covered in this lesson. Specifically, you should test SOAP services using SoapUI and cURL. Apply these skills in your current project to see immediate results.

Why is soap and xml testing important for QA engineers?

SOAP and XML Testing is a core skill that employers look for in QA professionals. It directly impacts test coverage, defect detection, and team efficiency. Mastering it strengthens your API and Backend Testing capabilities and makes you more effective at delivering quality software.

What should I know before learning soap and xml testing?

You should have a basic understanding of software testing fundamentals. Familiarity with soap testing will help, but the lesson includes review sections for key prerequisites.

How does soap and xml testing help my QA career?

Knowledge of soap and xml testing is frequently listed in QA job descriptions and interview questions. It demonstrates expertise in soap testing, xml api testing and shows you can contribute to quality assurance at a professional level. Senior roles especially value this competency.

Further Reading SoapUI Tutorial: Complete Guide to REST and SOAP API Testing →

SOAP and XML Testing

What You Will Learn

What Is SOAP? #

Where SOAP Is Still Used #

SOAP vs. REST #

SOAP Message Structure #

SOAP Faults (Error Responses) #

WSDL — The Contract #

Testing SOAP Services #

Using SoapUI #

Using cURL #

SOAP Test Scenarios #

XML Validation Tests #

Hands-On Exercise #

Key Takeaways #

Knowledge Check

Frequently Asked Questions

What Is SOAP?

Where SOAP Is Still Used

SOAP vs. REST

SOAP Message Structure

SOAP Faults (Error Responses)

WSDL — The Contract

Testing SOAP Services

Using SoapUI

Using cURL

SOAP Test Scenarios

XML Validation Tests

Hands-On Exercise

Key Takeaways