Web Services: SOAP vs REST

There is a permanent discussion going on and I have seen quite a lot of answers.

SOAP (Simple Object Access Protocol) vs. REST (Representational State Transfer)

Which one to use and when?

Let’s see first the main characteristics of both:

1. SOAP stands for Simple Object Access Protocol. REST stands for Representational State Transfer.
2. SOAP is a protocol. It defines some standards that should be followed strictly. REST is an architectural style. It doesn’t define so many standards like SOAP.
3. SOAP is highly secure as it defines its own security. REST inherits security measures from the underlying transport(SSL, TLS).
4. SOAP message request is processed slower as compared to REST. REST message request is processed faster as compared to SOAP.
5. SOAP supports only XML data format. REST supports data formats like plain text, XML, HTML, JSON, etc.
6. SOAP is not very easy to implement. You need to call methods in an API. REST is easier to implement. You need to call paths on a server (usually).
7. SOAP requires more bandwidth and resources. REST requires less bandwidth and resources.
8. In java SOAP web services are implemented using JAX-WS API. In java RESTful web services are implemented using JAX-RS API.
9. It does not use web caching mechanism. It uses web caching mechanism.
10. SOAP is commonly used in payment gateways, financial and telecommunication services. REST is commonly used in social media, web chat and mobile services.
11. SOAP is focused on accessing named operations, each implement some business logic through different interfaces. REST is focused on accessing named resources through a single consistent interface.
12. SOAP supports ACID transactions. REST supports transactions as well, but it isn’t as comprehensive and it isn’t ACID compliant.
13. SOAP has successful/retry logic built in and provides end-to-end reliability even through SOAP intermediaries. Rest doesn’t have a standard messaging system and expects clients to deal with communication failures by retrying.


Based on the articles https://codingsec.net/2016/06/difference-soap-rest/ and http://spf13.com/post/soap-vs-rest.



SOAP is clearly useful, and important. For instance, if I was writing a mobile application to interface with my bank I would definitely need to use SOAP.

All features above are required for banking transactions. For example, if I was transferring money from one account to the other, I would need to be certain that it completed. Retrying it could be catastrophic if it succeed the first time, but the response failed.

You can implement anything you want using RESTful APIs these days. It is just that some of the things that you need to take care of yourself are already built in in SOAP. Definitely the future belongs to REST APIs because of the massive support from Google, Yahoo and others.

© Copyright 2016 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: