Today I was asked to describe the difference between SOAP and REST web services and how to decide which one to use? Here is what I came up with:
- SOAP web services support RPC-Style and Message oriented style while REST is only RPC-Style.
- REST is closely tied to HTTP while SOAP is transport independent and can be used with HTTP, Messaging, e-mail, UDP, etc.
- SOAP is XML oriented while REST allows multiple data formats like XML, JSON, HTML, text etc.
- REST reads can be easily cached thus performing better and scales easily. Also SOAP is more chatty thus using more bandwidth.
- On the security side, WS-security allows for a SOAP message to identify the caller, sign the message, and encrypt message contents. This allows SOAP message to be secure even when using non-secure transport like e-mail. Security in REST is only SSL using HTTPS transport.
- SOAP supports more complete transaction management using WS-AtomicTransaction.
- SOAP provides standard WS-ReliableMessaging framework while REST does not have any messaging framework and client is expected to recover from communication failures.
So how do you go about deciding which one to use? I guess it depends on your requirements. Most internet applications don’t require the level of security or transaction support offered by SOAP, so REST is preferred because it is easier to implement, test, and maintain. REST is also a better choice if you are just exposing data because of its support for multiple data formats. On the other hand, if you require complex security, transport independence, reliable message delivery, and distributed transaction support then SOAP is the better candidate.
Please feel free to leave comments if you think I have missed something.