Different ways to compose a Request Body

In this post we will show you the different ways you can compose a Request Body: from the simplest to the most complex.

Copy and paste the body from somewhere

The first and easiest way is when we have a body from somewhere to copy and paste as is into the call. Let’s see how this is done:
      1. In the composer we add the POST component and type the url and all of the required fields.
        Url: https://mydomain.com/myPost (the url of the resource you want to test)
        Variable: payload (the name of the variable that contains the response)
        Mode: json (the type of the response)
      2. Now we add the Body component and after selecting the Content-Type we paste the body in Content field.
        Content-Type: application/json
        Content: {"method":"post","url":"http://www.testme.com/api/run/test"} (the body required in your call)
      3. Now we can execute the call and proceed with the test. final_call

        Using Variables in the Request Body

        Another way to compose a request is using variables in the body.
        1. In the composer we add the POST component typing the url and all the required fields.
          Url: https://mydomain.com/myPost (the url of the resource you want to test)
          Variable: payload (the name of the variable that contains the response)
          Mode: json (the type of the response)
        2. We add the Body component. In the Content-Type we choose the proper one, let’s say application/json. In this scenario we need to use a variable so in the Content field we enter the following:
           "user": ${user},
           "password": ${password},
           "url": "http://www.testme.com/api/run/test"
          In this scenario “user” and “password” are not directly passed in the body but they are variables defined as global parameters in the data set. var_body data_set
        3. The POST has been done and can be executed. final_call2

        Using a Variable from another call

        The next way to compose a Request Body is by using a variable from another call. Let’s see how this can be done.
        1. The first thing we need to do is add the call we will retrieve the variable from. Let’s consider, as example, the common scenario where we need to perform a login for authentication and retrieve the authentication token required for the following call.
          Url: http://www.mydomain.com/login (the url of the resource you want to test)
          Variable: payload (the name of the variable that contains the response)
          Mode: json (the type of the response)
             Name: Authorization
             Value: Basic YWRtaW46cGFzc3dvcmQ= (this value comes from encoding username:password in Base64)
        2. Executing the login we will have as response the desired token. Let’s see it using our console. response_token
        3. Now we need to save the token as variable.
          Var: token (the name of the variable)
          Variable mode: String (the type of the variable)
          Value: ${payload.access_token} (we retrive the value from the previous 'payload')
        4. Once the token has been saved as variable we can proceed adding the second call and use that token in the Request Body.
          Content-Type: application/json
          Content: {"token":"${token}"}

Using an object from another call

        In the next example we will show you a more complex case. We will consider the scenario where we need to use an object retrieved from a previous call into the body of a subsequent call. Let’s take a look at an example:
        1. First, we perform the call we retrieve the object from. search
        2. Let’s execute the call in our console in order to see the response.
           "id": 123,
           "items": [
           "id": 11,
           "name": "stuff1"
           "id": 12,
           "name": "stuff2"
           "id": 13,
           "name": "stuff3"
        3. Let’s say we need the object ‘items’ as the body in the subsequent call. So, as a second call, we will add a POST and we will type the following as body:
        4. Now we can proceed with the test.

Creating a new structure to add as a body

      The last scenario is yet another more complex one. In this case, we consider the scenario where we need to create a new structure to add as a body, using data from a previous call. Let’s see how we can do this:
      1. The first thing we have to do is to perform the call which retrieves the data we’re using. Let’s consider a GET that returns an array of items.firstCall
      2. Let’s see the response using our console.
         "items": [
         "id": 11,
         "price": 5.99
         "id": 12,
         "price": 6.99
         "id": 13,
         "price": 10.99
         "id": 14,
         "price": 15.99
      3. Now we need to create the new data structure. To do so, we add a SET component as follow: 
        payload.items.each { it -> it.currency='$'  }; return payload.asJSON(); (for each item in the array, we add the currency attribute with "$" as value)
      4. Now we can add the POST and add the new structure as the POST request body:postWithNewStructure
      5. That’s it. Now we can proceed with the test.fullTest
Note: in this post we have used the POST method but all of the examples shown can be applied to the other REST methods. In the same way, we have demonstrated scenarios with Request Bodies, but all of the examples can be used for Header or Param cases.

Load Agent Deployment (Self-Hosted)

A Load Agent is a server instance that provides the simulated users in a load test. Load Testing cannot function without at least one Load Agent. The provided files (contained in core-server.tgz) are all that you need in order to deploy a Load Agent. This tutorial will explain what changed need to be made to the files within in order to properly deploy the Load Agent. Before starting the process, there is a step that needs to be taken for clients who received their API Fortress containers before the introduction of Load Testing.

Step 0 (Not for all users) – Activate the Node Container

Open the docker-compose.yml in the main API Fortress directory. It can be located at /core/bin/docker-compose.yml
  • Paste the following code snippet in after the #RABBITMQ section and before the #APIFORTRESS DASHBOARD section:
   image: theirish81/uitools
   hostname: node.apifortress
      - apifortress
   domainname: node.apifortress
      io.rancher.container.pull_image: always
  • In the links section of the #APIFORTRESS DASHBOARD configuration, add the following line:
- apifortress-node:node.apifortress
  • Save and close the docker-compose.yml.
  • Open the start_all.sh file in a code editor. It is also located in /core/bin.
  • Copy and paste the following and overwrite the entire contents of the file:
sudo docker-compose up -d apifortress-postgres
sleep 5s
sudo docker-compose up -d apifortress-mongo
sleep 5s
sudo docker-compose up -d apifortress-rabbit
sudo docker-compose up -d apifortress-node
sleep 30s
sudo docker-compose up -d apifortress
sleep 1m
sudo docker-compose up -d apifortress-mailer
sudo docker-compose up -d apifortress-scheduler
sudo docker-compose up -d apifortress-connector
  • Your API Fortress instance can now utilize the API Fortress Node Container which powers Load Testing.

Step 1 – Unzip the provided file (core-server.tgz)

First, unzip the provided file. Screen Shot 2018-06-05 at 11.44.28 AM

Step 2 – Define the maximum users per Load Agent

Users per agent are the maximum number of virtual users that each Load Agent can provide. It’s important to remember that large numbers of simulated users will require large amounts of hardware resources. Contact your DevOps team to develop a strategy for resource allocation. 
  • Locate and open the file named application.conf. It is located in core-server/etc.
  • Line 14 of this file (fixed-pool-size) should have it’s value adjusted to match the desired number of maximum users per agent.
  • Line 48 of this file (nr-of-instances) should have it’s value adjusted to match the desired number of maximum users per agent. These two values should match.

Step 3 – Configure Config.yaml

  • Locate and open config.yaml. It is located at core-server/etc.
  • First, we have to configure the baseURL
    • baseURL is located on line 3.
    • If the Load Agent and the API Fortress Dashboard are located on the same server, then you can replace the baseURL with the internal address and port of the Dashboard on the server.
    • If the Load Agent and the API Fortress Dashboard are located on different servers, you can replace the baseURL with the actual URL of the Dashboard. That is to say, the URL you would use to access it via web browser.
  • Next, we need to provide the API Key and Secret.
    • Open the main API Fortress dashboard and click the gear icon in the upper right corner to access the settings menu
    • Click the “API Keys” option in the left sidebar.
    • Click “+API Key” 
Create API Key

(Click image for GIF of procedure)

  • Copy the API Key to line 5 of config.yml.
  • Copy the Secret to line 6 of config.yml.

Step 4 – Adding the Engine

  • The next step is to add the new Engine to API Fortress itself.
  • Log into API Fortress as an administrator.
  • Click the user icon in the upper right corner, and then click “Admin Panel”
  • Click “Engines” on the left side of the screen.
  • Click “+Engine”
  • Enter the name and location of the Engine.
  • The CRN value defaults to a random string. You must change it to something human-readable. This is the internal name of the engine.
  • After modifying the CRN, copy the value to line 11 of config.yml
  • Copy the secret to line 12 of config.yml
  • Select the Owning Company of the Engine. An Engine must be owned by a single company. The default value (Public Engine) should not be chosen.
  • Select “Yes” for “Dedicated to Load Testing
  • Click the green check to save the Engine settings.
Add Engine

(Click image for GIF of procedure)

Step 5 – Deploy the Load Agent

At the desired server location, use the “docker-compose up -d” command to deploy the Load Agent container. After the operation is complete, the Load Agent will be visible to your API Fortress Load Tests. 

Key/Value Store

The Key/Value Store

The Key/Value store allows API Fortress users to create temporary key/value pairs that can be accessed across different tests. The Key/Value store is accessed via the Key/Value Store Component. Screen Shot 2018-05-24 at 1.22.48 PM An extremely important point to note is that these key/value pairs are temporary. They expire after 24 hours has elapsed since the last update to the value itself.  The Key/Value Store Component has 4 methods available for use. They are:


Set will create a new key/value pair in the Key/Value store. The value is entered in the “Object” field. Screen Shot 2018-05-24 at 10.50.19 AM


Load will recall a value from the Key/Value store when provided with a key. Screen Shot 2018-05-24 at 10.50.36 AM  


Push will add a value to the end of an existent value of the datatype “Array” in the Key/Value store. If no such key exists, it will create a new array containing the passed in value.  The passed in value is entered in the “Object” field. Screen Shot 2018-05-24 at 10.51.09 AM  


Pop will remove a value from the end of an existent value of the datatype “Array” in the Key/Value store. Screen Shot 2018-05-24 at 10.50.52 AM  

Basic Workflow

Let’s take a look at how this workflow works in a practical setting. The first example will be a simple set and retrieve of a value in the Key/Value Store. First, we’ll make a GET request to an endpoint. Screen Shot 2018-05-24 at 1.21.40 PM Next, we’ll add a K/V Store component. component This first K/V Store component (we’re going to incorporate several) is going to set the Key/Value pair in the Store, so we’re going to use “Set.Screen Shot 2018-05-24 at 1.46.41 PM In this case we’re setting the Key “prods” equal to “products[0].name”, which in this case evaluates to “Baseball Cap.” Next, we’re going to retrieve this Key/Value pair from the store with the “Load” method. In the K/V Store “Load” component, we’re going to assign the retrieved value to the variable “kvprods.” Screen Shot 2018-05-24 at 1.47.22 PM Finally, we’ll add in a “Comment” component to ensure that the data was recovered successfully. Screen Shot 2018-05-24 at 1.48.01 PM When we run the test, we’re presented with the following result: Screen Shot 2018-05-24 at 1.48.28 PM Success!

Push/Pop Workflow

Next, we’re going to take a look at how “Push” and “Pop” work. “Push” and “Pop” are both array methods and behave as they normally do outside of this context. “Push” will append a value to the end of an array. “Pop” will remove the last value in an array. First, we’re going to use “Push.” It should be noted that “Pop” works similarly but with the opposite result. “Popalso assigns the removed value to a variable which can be used in the context of the test, but can no longer be accessed from the Key/Value Store. We’ll discuss this further when we take a look at “Pop.” First, we’re going to send a GET request and assign a key in the Key/Value Store to a value from the response body. In this case, we’re going to use “Color,” which is an array. Screen Shot 2018-05-24 at 1.49.16 PM Next, we’re going to “Load” and “Comment” this key. We’re doing that so we can actually see the change on the test report at the end of this workflow. The next step is to “Push” the new data on to the end of the existing array. Screen Shot 2018-05-24 at 2.43.53 PM In this case, we’re pushing the integer 999 onto the prods array. Finally, we’re going to “Load” the modified data into the test from the K/V Store. Screen Shot 2018-05-24 at 1.51.48 PM When we run the test, we’re presented with the following test report. Screen Shot 2018-05-24 at 1.51.59 PM The comments show us clearly that we have pushed the number 999 onto the array stored in the key prods.  Now, we’ve added something to the array. Let’s remove it with “Pop!” The first step is to introduce a “Pop” K/V Store component. Screen Shot 2018-05-24 at 2.31.17 PM We provide the “Pop” component with the name of the key from the Key/Value Store, and the name of the variable we’d like to assign the popped value to. Remember, “Pop” removes the last value in an array and returns the value itself. In this case, we’re going to assign it to a variable called “Popped.” Next, we’re going to recall the modified key from the Key/Value Store. Then, we’re going to Comment both the recalled Key/Value Store value AND the previously popped value. Screen Shot 2018-05-24 at 2.28.58 PM In the Test Report, we can clearly see the full workflow. First, we assigned an array to the Key/Value Store with “Set.” Then, we added to that array with “Push.” Finally, we removed the added value with “Pop.” Each time we made a change, we used “Load” to retrieve an updated value from the Key/Value Store. Screen Shot 2018-05-24 at 2.29.09 PM The last two comments show the final state of the array in the Key/Value Store and the popped value itself. The popped value will only be available within the scope of this test run. The array in the Key/Value Store will remain retrievable and until 24 hours after it’s most recent modification. Note: “Load” does not reset the timer. Only “Set,” “Push,” and “Pop” reset the timer. 


Consider a scenario where a route has a parameter in it. Let’s take a look at an example: http://www.whereever.com/<id>/details
Each individual rest run for this route will produce a new line in the metrics view:

http://www.whereever.com/4/details …

This sort of reporting will quickly turn our dashboard into a disorganized mess.

To produce a single endpoint for reporting from each one of these calls, you can use what we call a ‘footprint.’ How is this accomplished? In the test, you need to add a Config component to the I/O component as seen below:

The Config component has two fields:
Name: the name you want to assign. In this case, you MUST to enter ‘footprint’ Value: The value for the configuration component.

To set up a footprint, you must enter the same URL that’s in the I/O Component. Any parameterized portion of the URL must be wrapped in square brackets. Based upon our example, the value in this case would be: http://www.wherever.com/whatever/[id]/details

In the project dashboard, after every run of the test instead of http://www.whereever.com/whatever/1/details http://www.whereever.com/whatever/2/details http://www.whereever.com/whatever/3/details http://www.whereever.com/whatever/4/details …

you will find only one endpoint, displayed as: http://www.whereever.com/whatever/[id]/details

For each endpoint you can use more square brackets, one for each variable that could assume multiple values.

For example: http://www.whereever.com/[whatever]/[id]/details/[colors]/whatever When you write the value of the config, for the ‘static’ part of the endpoint you can also call a variable as in any I/O operation.

Example: ${protocol}/${domain}/[whatever]/[id]/details/[colors]/whatever is valid syntax.  

Dynamic dates

Have you ever needed to pass a future date as part of the request inside of a test? Perhaps as a check-in or check-out date? You could enter it as static value, but that means you would have to periodically update the date as time went on. Creating a dynamic date in API Fortress is a simple solution for this sort of situation. Here’s the procedure:
  1. First, open the Composer and add a Set (variable) setVar
  2. Then, enter the variable name and leave the mode as String varComp
  3. Lastly, enter the following string in the Value field:${D.format(D.plusDays(D.nowMillis(),35), ‘yyyy-MM-dd’)}
valueField Let’s analyse what this string means: D.nowMillis(): returns the current Unix epoch in milliseconds D.plusDays(): returns the provided milliseconds, plus the provided number of days (in our example, we have added 35 days to today date) D.format(): creates a timestamp with the given format, using the current timezone (in our example yyyy-MM-dd) As result, you will have something like 2018-05-15 You can obtain a past date, starting from todays date with the following string: ${D.format(D.minusDays(D.nowMillis(),35), ‘yyyy-MM-dd’)} You can also create a date based on a specified timezone: ${D.format(D.plusDays(D.nowMillis(),35), ‘yyyy-MM-dd’,’America/New_York’)} The above string create the same date as our first example using New York (EST) as the timezone. For more details about you can check our reference page  

How to create a dynamic header

Most APIs have only one response format, either JSON or XML. But what should we do in the case of an API endpoint that can return either JSON OR XML? We could write two different tests, with one supporting each response type, but we’d be repeating a good amount of code in both tests. API Fortress allows you to test both, using the same I/O component and assertion components for almost all test cases. In a few cases, we’ll need to add a bit of extra logic to allow the platform to distinguish between the two formats. Let’s consider the scenario where you need to pass in the Header the Accept value that is ‘application/json’ if you are testing the JSON and ‘application/xml’ if you are testing the XML. Usually in this case, you should make two different calls, as shown in the image below, in order to be able to pass the different values in the header: Let’s consider an example. The API call in question requires an “Accept” header. This “Accept” header needs a value of “application/json” if you are testing the JSON case and “application/xml” if you are testing the XML case. Below, we can see the solution to this problem that requires setting up two separate calls. It’s not particularly adherent to the DRY rule of programming. (Don’t repeat yourself!) both_calls API Fortress allows you to solve this issue by making only one call.
    1. Let’s start adding the different formats as variables, as seen below.inputSets
    2. Now, we can remove one call and add the format variable in the “Mode” input. varFormat
    3. The header is still static at this point. We need to turn it into a dynamic one which changes to suit the data type of the API we are testing. We add a variable component above the I/O operation that will return the appropriate value.setDynamVar
    4. if (format == 'xml') return "application/xml"; else return "application/json"; To explain: the ‘acceptHeader’ variable will have ‘application/xml’ as value if format is ‘xml’ and ‘application/json’ otherwise (since we have only two different formats, it will be ‘application/json’ only for JSON format
    5. Now, we can finally remove the ‘static’ header and add the ‘dynamic’ header by changing the Header value to ‘${acceptHeader}’dynamicHeader Now, the test will be executed two times; once for ‘XML’ and once for ‘JSON’, ensuring that the header will have the correct value.

GitHub – How to Use Files as Datasource (Large or Small Datasets)

Github is a valuable platform to use when you want to pull files and use them as a datasource. Some examples are CSVs and JSON files. Below is a walk through on how to make them work.

Set up GitHub

  • 1When creating the token make sure you’re selecting the public_repo subcategory or the repo category based on which type of repository that will host your input data.2 Keep in mind that GitHub will show you the token only once, so make sure you’re copying and pasting it somewhere safe and accessible.
  • Create a repository that will host your input data if one doesn’t exist already.
  • Commit and push a data source file. It can be a CSV, JSON or XML file. We will use a CSV file for the purposes of this example.3

    Create a simple test

  • Create a test
  • Introduce the GitHub component and configure it accordingly4
  • Account is your GitHub username
  • Repository is the name of the repository that your data file is pushed to.
  • Branch is the repository branch that the desired version of the data file is in.
  • Token is the token described above, generated in the GitHub platform.
  • Variable is the variable that the payload will be stored under.
  • Path is the name of the file in the repository.
  • Mode is the filetype of the file in the repository.
  • The system will retrieve the document, parse it as a CSV file and assign it to the inputData variable
  • (optional) Verify that everything is set up correctly by adding a comment printing the parsed data as in:5
  • (Optional) Run the test:6 NOTE: API Fortress will parse a CSV file as an array (rows) of arrays (columns), so access to the data is positional. 
  • Now, let’s iterate over a subset of this input set. Introduce a selection strategy if necessary: 7This will iterate over a subset of 5 randomly selected items. Other strategies are described in Appendix A
  • (Optional) Within each iteration, we suggest that you introduce a comment that will help you identify which item you’re looking at for debugging purposes.8 9
  • Use the data to perform your HTTP call:10
  • Introduce some assertions for testing purposes11
  • And run it12

Appendix A: Selection Strategies for Large Datasets

Simple selectors

  • None. If the number of iterations is greater than 100, the system will randomly select 100 elements, unless you override the maximum iterator size.
    • Pick(n). Ask the system to randomly select a n-sized sample of elements. Example: inputData.pick(5)
  • Slice. If you’re interested in using a specific slice of data from the inputData, you can slice it according to your needs. Example: inputData[10..20] (will select items from index 10 to index 20)

Advanced Slicing

Assume you have a 1000 lines CSV file and you need to use them all. While this is technically possible (by overriding the maximum number of iterations) the usefulness of the test may vary on:
  1. How long the HTTP request takes
  2. How complex the test is going to be
  3. The number of errors the test may trigger
Moreover, the readability of the resulting document may degrade when trying to debug an issue. Here’s a slicing technique we suggest to ease these points.
  • Introduce the following 2 variables in the global parameters: 13
  • Use the following expression in your each statement: inputData[offset.toInteger()..offset.toInteger()+limit.toInteger()] Which reads: slice inputData from the offset index to the offset+limit index Note: the toInteger() command is required as variables are always strings and we need to work with numbers. By doing so we are setting a baseline: as a default test input data from index 0 to index 99.
  • Introduce as many environments as the slices count, overriding the offset variable15 Now you can run the test on specific 100 elements slices, by selecting the environment.16 1718
  • Finally, you can schedule your slices accordingly:19

Following redirects

By default, API Fortress handles redirects as per RFC standard. So if you are performing a GET and the response wants to redirect you somewhere else, you don’t need to do anything since the redirect will be followed automatically. Now, since the RFC says that a redirected I/O call should perform the same operation as the original call, and given that, say, re-posting, is a security threat, API Fortress will not automatically follow redirects for any other I/O operation. Boring, you may say, but following the exact RFC specifications is how you make sure that any client will not be caught off guard! This specific scenario can be handled applying the following steps: Make the I/O operation (let’s consider a POST as an example)
  1. step1 The response header contains the ‘Location’ field. Let’s make sure it’s there, by performing the call in our console tool.step2highlighted
  2. Craft a GET to the ‘Location’ retrieved in the response header of the previous call (i.e. ${payload_response.headers[‘location’]}) Post307
And you’re done.

Assertions for Metrics / Performance

We have a more detailed guide on working with the HTTP response, but wanted to provide specifics on creating assertions against performance metrics. Here is an example using the CODE VIEW of the code. Please note that overall refers to fetch and latency combined.
<assert-less expression="payload_response.metrics.latency" value="200" type="integer"/>

<assert-less expression="payload_response.metrics.fetch" value="350" type="integer"/>

<assert-less expression="payload_response.metrics.overall" value="450" type="integer"/>

Setup Notifications (Performance Alerts)

Performance is the first thing that people think of when they are concerned about their APIs. By scheduling accuracy tests to run automatically, the data from those executions can then be used for proper insight into how the API is performing globally.

Step 1. Go to the Dashboard

Step 2. Click on Metrics

Step 3. Click on a Footprint

Step 4. Click on the Bell to Add a Monitor

Step 5. Fill in the Information

Enter the name of the alert, select the type of monitor (latency or fetch), and the max value for the trigger. Latency is the time it takes to ping the endpoint and receive a response. Fetch is the time it takes to download the response itself. Large responses will lead to large fetch times, so be aware of this when setting a number. Values are in milliseconds.