Testing and Debugging Adapters describes ways to test MobileFirst Foundation adapters via direct REST access to them. This is a great way to isolate testing your server-side capabilities from your mobile client application(s).

The key concepts are described in that article, and they including obtaining a Security Token before making subsequent calls, if your Resources are protected.

The section on testing with Postman covers the activities in detail, so I won’t repeat most of that here. Just enough for a bit easier copy/paste.

Mainly I wanted to add some screenshots and steps specific to configuring SoapUI for this testing.

Get the Token

After creating a new REST project, you want to get the security token.

For starters, here’s the “top” of my SoapUI project, with the “api” resource and “token” sub-resource under it:

Resource URL

The resource URL (as listed in the above article) is: http://<IP>:<PORT>/mfp/api/az/v1/token

You only need one message for this, which I’ve named “Request Token”. It looks like this:

For the Basic Auth Username and Password, specify a user you’ve configured in the MFP Console. (The referenced article mentions a default user/pass that exists in a development environment, but my test environment is a separate server, so I had to create a user for this purpose.)

Request Parameters

  • grant_type : client_credentials
  • scope : Use the scope protecting the resource.
    If you don’t use a scope to protect your resource, use an empty string


When you run this, the response will be JSON with a long token in the access_token field:

   "access_token": "_big-long-super-crazy-alphanumeric-string_",  
   "token_type": "Bearer",  
   "expires_in": 3600,  
   "scope": "DEFAULT_SCOPE"  

Add the Token to Adapter Requests

Now you need to add that token value as a custom HTTP header named “Authorization”, not as an HTTP Basic Auth header.

But you don’t want to have to add that header individually to every message, and you also don’t want to have to update it all over the place when it expires and you have to generate a new one.

SoapUI Project Properties

So I added a Bearer property at the top level of my SoapUI project:

Whenever I need to generate a new Token, I update the value here.

Add the Authorization Header to Messages

Now, for each of my protected Resources - or even at a parent Resource above them, if that makes sense - I added a “Header” type request parameter, in the Resource itself, rather than in individual HTTP Methods or Messages. In this case, at the highlighted level:

Add a HEADER type parameter named Authorization, with the value:

Bearer ${#Project#Bearer}

to pull the value from the Project Property above.

Now all Messages under that Resource will automatically add that Header to their Requests.

(Any Messages which were created before you added this parameter, though, might not automatically pick it up.)