So I had a third party sending SOAP requests to Magento but something was broken.

I needed a way to test it.

They had already sent me the xml data they were pushing to the API, I just had to “pretend” to be their service and call the api with the data provided.

Here’s how.

Note I have only tested this using the v2 of the Magento SOAP API.

The first thing we need to do is obtain a session id for your request. To do that we need to set up a user in the admin with the right permissions.

Go to system -> web services -> SOAP/XML-RPC Roles to create a role. Give all permissions (probably not good in practice but ok for this example).

The set up a user by going to system -> web services -> SOAP/XML-RPS Users. Choose the role you have just created.

Make sure you remember the username and API key You will need them to login.

Save the following in to a login.xml file replacing the username and apiKey with those you have just given to the user.

<SOAP-ENV:Envelope xmlns:SOAP-ENV="">
        <MAGE:login xmlns:MAGE="http://xxxxxx/api/v2_soap/?wsdl=1">

You don’t need to replace the http://xxxxxx/api/v2_soap/?wsdl=1 bit but it needs to be there for it to work.

Now you are ready to try logging in.


curl -id "@path/to/login.xml" <url>/index.php/api/v2_soap

If successful you will get a response back that looks a lot like the following;

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="" xmlns:ns1="urn:Magento" xmlns:xsd="" xmlns:xsi="" xmlns:SOAP-ENC="" SOAP-ENV:encodingStyle="">
            <loginReturn xsi:type="xsd:string">7fb5dc2951a07d31097f6f5c77cf8354</loginReturn>

The important information is the loginReturn value of 7fb5dc2951a07d31097f6f5c77cf8354.

You will need to put this in your xml file you want to test.

For example;

Here is a file that will get the catalog inventory stock item list.

<soapenv:Envelope xmlns:xsi="" xmlns:xsd="" xmlns:soapenv="" xmlns:urn="urn:Magento" xmlns:soapenc="">
      <urn:catalogInventoryStockItemList soapenv:encodingStyle="">

Note the sessionId has been replaced with the one returned from the login call

We can now run this using the same command as before but replacing the path to the file.

curl -id "@path/to/test.xml" <url>/index.php/api/v2_soap

-d means what follows is the data. @ means the data we want to send is actually in the file specified (full path required).

We send all that to the Magento SOAP api located <url>/index.php/api/v1_soap

Now we are communicating in the same way the third party is except now we can see the responses coming back out of Magento.

If you get a message back saying Session expired. Try to relogin. just run the log in code again to get a new sessionId.


  • magento
  • soap

Like this post? Share it :)

Related Posts