Forum Discussion

klaypigeon's avatar
Occasional Contributor
6 years ago

Pass response header to subsequent REST calls

EDIT: I figured out the XSRF cookie value needs to be converted to a header. I will try to figure out how to do this. Like I said, I am new :)


New to SoapUI.


I am trying to connect to CloudEndure's API. So I created a test case with 2 REST calls. It will first POST  login and then GET a list of machines in a particular project. On the test case I set the option to maintain session data. The Login Post works fine and returns the following Token (or similar):


Set-Cookie: XSRF-TOKEN="+JhAOXvkjKHHlapUkz9rMSKqg==\012"; Path=/
Set-Cookie: session=.eJxNj11rgzAUhv_KONdS_Ej9gsLGoAUHHR3YJKG8FG87ia5d6X-fjl3s8ry8PO9zbsCKQg_K0mGQAtIbPAyQgicikpSx5ws_JB4PkjBmbsx9vkySKMIS7g40zFjKCitHpFa2CKm3JISEoU-iReQGbuQ50GHfSmOkVgbSj4nOJ3re7uvT02o1Uf6SfZB1YpP_S3YH0XD1lnG1dY-Hi4H7pwM9MkG1aq600ZVUkJasMejAYLBXbFYAczUWW0NRTQXEXqrqsRBd3S0K3YIDI_azzdQcyXReTF9Sq8-ofn-fl1_cTu_y5Cj345pv1l_7gw1f37NtEdSX07ebPFez-f0H84JkbA.DvBAxw.yxIsdjDzNWWWqL_55NQ0qaMr-U8; HttpOnly; Path=/

I need to be able to use that in the following requests(I think). This is what the todo says on their docs.

@todo: fix re use of XSRF-TOKEN cookie + X-XSRF-TOKEN header Upon successful authentication, 
this method returns a session identifier cookie that can be used to authenticate subsequent API calls.

Login: 14:31:54,842 DEBUG [SoapUIMultiThreadedHttpConnectionManager$SoapUIDefaultClientConnection] Receiving response: HTTP/1.1 200 Connection established


Get Machine List:

14:31:59,947 DEBUG [SoapUIMultiThreadedHttpConnectionManager$SoapUIDefaultClientConnection] Sending request: GET /api/latest/projects/-myProjectIDHere-/machines HTTP/1.1
14:32:00,350 DEBUG [SoapUIMultiThreadedHttpConnectionManager$SoapUIDefaultClientConnection] Receiving response: HTTP/1.1 401 UNAUTHORIZED
14:32:00,351 DEBUG [HttpClientSupport$SoapUIHttpClient] Connection can be kept alive indefinitely
14:32:00,351 DEBUG [HttpClientSupport$SoapUIHttpClient] Target requested authentication
14:32:00,351 WARN [HttpClientSupport$SoapUIHttpClient] Authentication error: Unable to respond to any of these challenges: {}


What do I need to do? Thanks.


This is a snippet from a working Python script that may help:

import requests
import json
import sys

HOST = ''
headers = {'Content-Type': 'application/json'}

if len(sys.argv) != 3:

session = {}

endpoint = '/api/latest/{}'
login_data = {'username': sys.argv[1], 'password': sys.argv[2]}
r = + endpoint.format('login'), data = json.dumps(login_data), headers = headers)
if r.status_code != 200 and r.status_code != 307:
  print "Bad login credentials"

# check if need to use a different API entry point
if r.history:
  endpoint = '/' + '/'.join(r.url.split('/')[3:-1]) + '/{}'
  r = + endpoint.format('login'), data = json.dumps(login_data), headers = headers)

session = {'session': r.cookies['session']}
headers['X-XSRF-TOKEN'] = r.cookies['XSRF-TOKEN']


1 Reply

  • klaypigeon


    you can achive the solution using below steps.

    1)hit the login step

    2) add a groovy script after the login step:


    import groovy.json.JsonSlurper
    import java.util.Map;
    import org.json.simple.parser.*;

    def jsonRes=context.expand('${login#response}')
    def json=new JsonSlurper().parseText(jsonRes) json.session.value
    def headers = new StringToStringMap()


    3) like above you can loop all the step and set the headers value in one go and run the steps.


    Did my reply answer your question? Give Kudos or Accept it as a Solution.Smiley Wink