Skip to main content

Integration testing and security

Part of testing the functionality of your integrations is ensuring that the data that comes into your application is accurate, secure, and does not introduce regression issues. For example, in a connector that fetches personal details from the database, if an employee makes a change in the database and your system pulls the updated information, other system functionality should not break when returning the updated data.

Integration testing

Functional testing of integrations is essential to verify that data arrives into your application from external sources accurately and writes to external sources correctly. Additionally, best practice suggests including error handling for all connectors.

Note: To learn more about configuring error handling on integrations, see Error handling in connectors.

Functional testing integrations

To test a REST integration's functionality, first, open the Data Page and verify the data that the system uses to make a REST call, then run the Data Page to see what kind of data is returned.

Note: You can run a Data Page manually or with a unit test.

For SOAP connectors, functional testing can begin from the moment you define an endpoint URL that contains Web Services Description Language (WSDL), which describes the functionality offered by the web service.

Consider a SOAP connector that retrieves latitude and longitude values from a given postal code. In Pega Platform™, after you define the endpoint URL, the system loads the WSDL and provides a list of available operations. Selecting an operation and clicking Test begins a test on that operation to ensure the data source returns expected node names and values for both request and response actions.


Once the integration is configured with its respective Data Page, you can test its functionality by clicking Actions > Run and entering a postal code. In the following example, this functional test returns an accurate latitude and longitude if configured properly. 


Unit testing integrations

You can convert your functional test to a unit test on the respective Data Page of the integration by clicking Convert to test. Add assertions for expected results, such as an expected runtime threshold. In the following example, the expected runtime of how long it should take to retrieve latitude and longitude values is less than one second. 


Integrations and security

Because Pega Platform does not secure non-Pega systems during data integration, ensure that the data you pull in is secure. Data should be appropriately secured and cleansed so that it cannot run nefarious code or exploit any security vectors with attacks such as a SQL injection. Pega Platform provides the following configurations to allow for secure integrations: 

  • Installation of security certificates required by outbound calls.
  • Addition of endpoint URLs for various cloud environments to your system's allowlist. Coordinate with your system administrator on allowlist permissions and approved endpoint URLs. 
Note: SOAP connectors in Pega Platform now support the Client Credentials Grant type in OAuth2, so that your application can request an access token without relying on a specific user. 

Data source authentication 

Often external systems require authentication to accompany a request call. As you initially configure your integration, you can define a new Authentication Profile or use an existing one for requests. In the Test Data Source modal dialog box, click the Authentication tab and configure your Authentication Profile.


Certificates and private keys

Web applications that serve content over HTTPS can often require authentication. Receiving secure data for your web service may require both a trusted client and a server. 

Frequently, private keys issued to the client system are required for encryption and authentication of the transported content. Also, Pega Platform often needs certificates provided by Certificate Authorities to also be stored in the client system. 

Digital certificates are data files that contain identity credentials that help systems and users authenticate their identity. Certificate Authorities are external, trusted entities that authenticate identities and secure ownership details of a web server or service with private, cryptographic keys. For example, a web service may require not only an installed certificate but also a private key in order to allow data transfer from the service. This ensures that the data you receive is authentic and secure. 

In the following image, click the + icons to learn more about retrieving secured data from a web service requiring both certificates and a private key:

Pega Platform uses the keystore Rule Data-Admin-Security-Keystore to save certificates and private keys issued to the client.

Note: To learn more about certificate and key management, see Key management system for application data encryption.

Check your knowledge with the following interaction:

This Topic is available in the following Module:

If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice