This blog describes how to make POST calls containing CSRF tokens to Gateway using SoapUI.
The testcase contains 3 steps, and a property named CSRF,
Check field "Maintain HTTP session" under testcase options, this will make sure that the cookies set in the GET request are reused in the POST request,
1: Get CSRF
This will fetch the token via a GET request, add header "X-CSRF-Token" and value "Fetch"
2: Groovy Script
The script will take the token from the GET request and store it in the testcase "CSRF" property
''
def headerValue = testRunner.testCase.getTestStepByName("Get CSRF").httpRequest.response.responseHeaders["x-csrf-token"];
log.info( headerValue[0] );
testRunner.testCase.setPropertyValue( "CSRF", headerValue[0] );
''
3: POST
The actual request using the token, add header "X-CSRF-Token" with value "${#TestCase#CSRF}", set content type according to input data
