SOAP vs. REST

SOAP vs. REST
*Web ser *Веб-служба
Image via Wikipedia

Someone asked me a question today “Why would anyone choose SOAP (Simple Object Access Protocol) instead of REST (Representational State Transfer)?” My response: “The general rule of thumb I’ve always heard is ‘Unless you have a definitive reason to use SOAP use REST’”. He asked “what’s one reason?” I thought about it for a minute and honestly answered that I haven’t ever come across a reason. My background is building great internet companies.

While he seemed satisfied, I wasn’t very happy with that answer, I did some homework and here’s my summary on REST versus SOAP,  the difference between SOAP and REST and why anyone would choose SOAP. As usual, with competing technologies both have value, the challenge is to know when to use each one (spoiler: luckily the answer is almost always REST).

I’m clearly boiling down a somewhat so please don’t flame me for simplifying things, but feel free to provide any corrections you feel are necessary.

Definitions

REST

RESTs sweet spot is when you are exposing a public API over the internet to handle CRUD operations on data. REST is focused on accessing named resources through a single consistent interface.

SOAP

SOAP brings it’s own protocol and focuses on exposing pieces of application logic (not data) as services. SOAP exposes operations. SOAP is focused on accessing named operations, each implement some business logic through different interfaces.

Though SOAP is commonly referred to as “web services” this is a misnomer. SOAP has very little if anything to do with the Web. REST provides true “Web services” based on URIs and HTTP.

By way of illustration here are few calls and their appropriate home with commentary.



getUser(User);

This is a rest operation as you are accessing a resource (data).



switchCategory(User, OldCategory, NewCategory)

This is a SOAP operation as you are performing an operation.

Yes, either could be done in either SOAP or REST. The purpose is to illustrate the conceptual difference.

Why REST?

Here are a few reasons why REST is almost always the right answer.

Since REST uses standard HTTP it is much simpler in just about ever way. Creating clients, developing APIs, the documentation is much easier to understand and there aren’t very many things that REST doesn’t do easier/better than SOAP.

REST permits many different data formats where as SOAP only permits XML. While this may seem like it adds complexity to REST because you need to handle multiple formats, in my experience it has actually been quite beneficial. JSON usually is a better fit for data and parses much faster. REST allows better support for browser clients due to it’s support for JSON.

REST has better performance and scalability. REST reads can be cached, SOAP based reads cannot be cached.

It’s a bad argument (by authority), but it’s worth mentioning that Yahoo uses REST for all their services including Flickr and del.ici.ous. Amazon and Ebay provide both though Amazon’s internal usage is nearly all REST source. Google used to provide only SOAP for all their services, but in 2006 they deprecated in favor of REST source. It’s interesting how there has been an internal battle between rest vs soap at amazon. For the most part REST dominates their architecture for web services.

Why SOAP?

Here are a few reasons you may want to use SOAP.

WS-Security

While SOAP supports SSL (just like REST) it also supports WS-Security which adds some enterprise security features. Supports identity through intermediaries, not just point to point (SSL). It also provides a standard implementation of data integrity and data privacy. Calling it “Enterprise” isn’t to say it’s more secure, it simply supports some security tools that typical internet services have no need for, in fact they are really only needed in a few “enterprise” scenarios.

WS-AtomicTransaction

Need ACID Transactions over a service, you’re going to need SOAP. While REST supports transactions, it isn’t as comprehensive and isn’t ACID compliant. Fortunately ACID transactions almost never make sense over the internet. REST is limited by HTTP itself which can’t provide two-phase commit across distributed transactional resources, but SOAP can. Internet apps generally don’t need this level of transactional reliability, enterprise apps sometimes do.

WS-ReliableMessaging

Rest doesn’t have a standard messaging system and expects clients to deal with communication failures by retrying. SOAP has successful/retry logic built in and provides end-to-end reliability even through SOAP intermediaries.

Summary

In Summary, SOAP is clearly useful, and important. For instance, if I was writing an iPhone application to interface with my bank I would definitely need to use SOAP. All three features above are required for banking transactions. For example, if I was transferring money from one account to the other, I would need to be certain that it completed. Retrying it could be catastrophic if it succeed the first time, but the response failed.

External Resources

Reblog this post [with Zemanta]
Link to this post!
  • http://www.cycloneranger.com Chris

    Reading through this, I was thinking ahead to your conclusion – the combination of security and transaction/messaging management makes me think of financial services. Is there anything else? Is the takeaway that SOAP is useful in areas where data security/integrity is critical?

    Thanks for looking up the answer – it’s been nagging at me but REST’s ascendancy has increasingly led me to believe this may not be an issue in the long term.

    c

    • http://spf13.com Steve Francia

      A good read is Why SOAP Sucks by Nelson Minar linked above. He was the guy that implemented Google’s SOAP interface, which was often heralded as the example of SOAP done right. He also gives insight into why SOAP is no longer in use at google.

      SOAP provides ACID compliant transactions, REST provides transactions, but they aren’t ACID compliant. There are some key differences, but for most cases the extra bits that are required to be ACID compliant are unnecessary especially on the web.

      REST can do just about anything SOAP can, but without established standards. It’s not that REST can’t pass along messages, it does this job fine, but without standards, so each implementation can be different. This in itself isn’t necessarily a positive or a negative, it allows flexibility at the expense of potentially more complicated integration.

      REST makes a lot of sense for internet applications. It easily integrates with Javascript and flash. It follows the same paradigm of internet transmission of retry when the connection fails. I can’t really think of any reason for an internet service to be anything but REST based. All the big players (Google, Yahoo, Amazon, etc) seem to be following that same logic now, in spite of some earlier mistakes.

      For the enterprise SOAP still makes sense and financial services is a very logical fit for it.

  • http://twitter.com/bayo_o bayo oh_no

    Nice article, really liked it!
    I was researching into WEB 2.0 and ended up reading your article for my essay!
    Keep em coming

  • Anonymous

    Glad you enjoyed it.

  • http://colonelpanic.net taxilian

    I think what it comes down to is simply that with all other considerations being the same, simple is better than complex.

    Good to see this summarized in a coherent manner, though. Thanks!

  • http://pulse.yahoo.com/_IEJQZQGX4OQVFNPP5SN2B2AKSU Ahmed

    I was just searching for this, many thanks for your efforts, keep up good work please.

    • Anonymous

      Thanks for the encouragement!

  • https://www.google.com/accounts/o8/id?id=AItOawkVP35RtYWUtEa5LBMw0_0xliaxbEeBtdA white.thief

    Great post!

    I would only like to point out that, even when almost all the REST architectures our there use HTTP as the underlying protocol, REST is an architectural style, so it is not bound by default to HTTP; quoting the Wikipedia: “REST was initially described in the context of HTTP, but is not limited to that protocol”[1].

    [1] http://en.wikipedia.org/wiki/Representational_State_Transfer#Concept

    • Anonymous

      Yup, great point. Thanks for commenting!

  • Anonymous

    Point for SOAP: There is a defined interface included (as WSDL) and any client can use it without problems while updating the service. The usage of a REST interface is described mostly on a wiki page.

    Point for REST: No problems with incompatibility with different SOAP-client/server.

    But you got the other point: SOAP address methods, REST address resources.

    • Anonymous

      REST/HTTP has a defined interface: it is the HTTP spec. You’ll find the definitions of methods, status code and so on. Conent exchanged over HTTP requests/responses isusualy either specified in additional standard ocuments (i.e., XHTML, ATOM, etc.) or in your own doc (e.g., XML schema, etc.)

  • Anonymous

    I’m not convinced by your “financial transactions require SOAP” argument. Here is my counter argument: how is it that I do financial transactions (as millions of other people do) using my bank website from my web browser, without the help from SOAP and all the WS technologies you mention?

  • http://www.facebook.com/bryan.w.taylor Bryan Taylor

    WS-ReliableMessaging guarantees only reliable transport, not reliable application processing and thus is unsuitable for reliable messaging. To see why WS-RM simply fails to achieve reliable messaging, see http://www.infoq.com/articles/no-reliable-messaging. The RESTful way to do reliable messaging is to use idempotency. Either use GET until the subsequent processing succeeds as defined by the client, or use PUT followed by a verification GET until both work. Generally, the first solution is much better, because recievers are much better positioned to be responsible for reliable delivery. Atom with archiving demonstrates good reliable delivery.

    WS-AtomicTransactions. Distributed transactions are an antipattern. Ban them. If eBay can make payments between accounts at their auction site and paypal without them, so can you. Distributed transactions destroy your scalability, and they force you to give up either availability or network fault tolerance (CAP theorem). Use compensating transactions instead. If you need consistency, define a single source of truth and do ACID transactions within it.

    WS-Security. This protocol is about achieving end-to-end security by using encryption and cryptographic signing to assure that messages may pass through intermediaries of lower trust without fear of tampering or disclosure. A better way to do this is to create an encrypted transport channel all the way from one endpoint to the other. This is called SSL. If you had to, you could make your representations contain encrypted and/or signed content using your favorite technologies for this. Only a middleware vendor would see any value in coupling this to your transport mechanism, though.

  • Igory Lr

    I case of “methods vs. resources” REST also wins. Just encode method calls to URIs. You have the benefit of not being tied to XML. Sure you can transfer anything in XML too but you need to encode/decode it to/from base64.

  • Pingback: SOAP vs REST » Tech Blog

  • E S

    A good summary of some important points, but I don’t know that I really agree that the web doesn’t care much about ACID transactions. Many applications do things that require ACID transactions such as updating multiple items at once, moving items from one group to another, or cascading deletes. And web applications are just applications like any other so why should that factor in? Maybe you can explain further regarding what parts of ACID don’t apply to the web?

  • Pingback: When to use SOAP over REST | www.dotnetz.net

  • http://maccrazy.com Tasman Hayes

    I’ve used SOAP from a website to a web coupon published to pull coupons. It worked great.

    I’ve also used SOAP between a web app (PHP) and billing app (MS Basic) to push orders and pull back billing amounts. It works well for this app too.

    SOAP can work really well. I’ve had no issues with it.

    Reading your article and “Why Soap Sucks?” as well certainly gave me pause.  :-)

    SOAP hint: Cache the service definition (WSDL) for performance if you’re doing a high volume of calls. This is configurable in PHP’s SOAP implementation.

  • Pingback: SOAP web services with iOS | codecentric Blog

  • Pingback: SOAP Webservices mit iOS | codecentric Blog

  • adel kraiem

    Great Blog. Thx

  • adel kraiem

    Great Blog.; Thx 

  • Pingback: SOAP vs REST | DLS Software Studios

  • Pingback: Why REST + JSON is preferred over SOAP for mobile web services | | Bamboo Rocket AppsBamboo Rocket Apps

  • Anonymous

    This post has delivered a consistently steady trickle of links to my blog (“Why SOAP sucks”) over the past two years. I assume people search Google for “SOAP vs REST”, get sent here, then read far enough to click the links. I’m a little surprised this topic is so popular.

    My own opinion is SOAP has no purpose in the world now except as a legacy technology. XML is wrong; use JSON. And the SOAP efforts at packaging communications are a failure. You’re quite polite in highlighting the advanced WS-* features as being useful for solving problems. I think they are good attempts, but I wouldn’t trust either the design or implementation of any of them for anything important.

  • Pingback: REST is Best - Until it Isn't

  • Anonymous

    Loved your explanation of Soap vs Rest.   Would you care to compare Soap vs Jason?

  • Pingback: REST and SOAP « Kleine Blase

  • http://www.facebook.com/maxxtheaxe Maxx Velocity

    When you use a bank website, you’re not directly hitting the bank’s processing API. You’re submitting a form to a server, and once you submit it, it’s no longer operable in the client. Native mobile apps on the other hand operate in real time, so client-state management becomes an issue. 

    • https://profiles.google.com/109126176535735047754 Craig Monroe

      Agreed with Maxx. You have no control over the services in the back-end once you’ve done your POST in your browser on the client side. 

  • http://www.facebook.com/maxxtheaxe Maxx Velocity

    Thanks for the article. I’ve never used SOAP, and after reading this, I’ll be perfectly happy to continue avoiding it. 

  • Pingback: WEB API | Mela's Blog

  • Krunoslav Hrnjak

    Really great article. SOAP seems like a little bit lost protocol since there already was a CORBA as binary standard for interoperability. Maybe there is a problem with REST since date exchange is rather arbitrary with now strict rules for validation but we love it for its simplicity. Thanx Steve

  • Pingback: REST vs SOAP, the difference between soap and rest | codingfan

  • http://twitter.com/chehako prateek patil

    Never ending battle SOAP vs. REST @ http://spf13.com/post/soap-vs-rest/

  • sathyanarayana sastry chamarth

    Good article. Thanks for the details.

  • zzzxtreme

     most REST services are not REST-ful, so back to RPC, which SOAP serves the purpose. but too complex.
    so my choice ? use JSON wrapped with XML-RPC 

  • zzzxtreme

     most REST services are not REST-ful, so back to RPC, which SOAP serves the purpose. but too complex.
    so my choice ? use JSON wrapped with XML-RPC