Image via Wikipedia
Someone asked me a question today “Why would anyone choose SOAP (Simple Object Access Protocol) instead of REST (Representational State Transfer)?” My response: “The general rule of thumb I’ve always heard is ‘Unless you have a definitive reason to use SOAP use REST’”. He asked “what’s one reason?” I thought about it for a minute and honestly answered that I haven’t ever come across a reason. My background is building great internet companies.
While he seemed satisfied, I wasn’t very happy with that answer, I did some homework and here’s my summary on the difference between SOAP and REST and why anyone would choose SOAP. Clearly both have value, as always the challenge is to know when to use each one (spoiler: luckily the answer is almost always REST).
I’m clearly boiling down a somewhat so please don’t flame me for simplifying things, but feel free to provide any corrections you feel are necessary.
Definitions
REST
RESTs sweet spot is when you are exposing a public API over the internet to handle CRUD operations on data. REST is focused on accessing named resources through a single consistent interface.
SOAP
SOAP brings it’s own protocol and focuses on exposing pieces of application logic (not data) as services. SOAP exposes operations. SOAP is focused on accessing named operations, each implement some business logic through different interfaces.
Though SOAP is commonly referred to as “web services” this is a misnomer. SOAP has very little if anything to do with the Web. REST provides true “Web services” based on URIs and HTTP.
By way of illustration here are few calls and their appropriate home with commentary.
getUser(User);
This is a rest operation as you are accessing a resource (data).
switchCategory(User, OldCategory, NewCategory)
This is a SOAP operation as you are performing an operation.
Yes, either could be done in either SOAP or REST. The purpose is to illustrate the conceptual difference.
Why REST?
Here are a few reasons why REST is almost always the right answer.
Since REST uses standard HTTP it is much simpler in just about ever way. Creating clients, developing APIs, the documentation is much easier to understand and there aren’t very many things that REST doesn’t do easier/better than SOAP.
REST permits many different data formats where as SOAP only permits XML. While this may seem like it adds complexity to REST because you need to handle multiple formats, in my experience it has actually been quite beneficial. JSON usually is a better fit for data and parses much faster. REST allows better support for browser clients due to it’s support for JSON.
REST has better performance and scalability. REST reads can be cached, SOAP based reads cannot be cached.
It’s a bad argument (by authority), but it’s worth mentioning that Yahoo uses REST for all their services including Flickr and del.ici.ous. Amazon and Ebay provide both though Amazon’s internal usage is nearly all REST source. Google used to provide only SOAP for all their services, but in 2006 they deprecated in favor of REST source.
Why SOAP?
Here are a few reasons you may want to use SOAP.
WS-Security
While SOAP supports SSL (just like REST) it also supports WS-Security which adds some enterprise security features. Supports identity through intermediaries, not just point to point (SSL). It also provides a standard implementation of data integrity and data privacy. Calling it “Enterprise” isn’t to say it’s more secure, it simply supports some security tools that typical internet services have no need for, in fact they are really only needed in a few “enterprise” scenarios.
WS-AtomicTransaction
Need ACID Transactions over a service, you’re going to need SOAP. While REST supports transactions, it isn’t as comprehensive and isn’t ACID compliant. Fortunately ACID transactions almost never make sense over the internet. REST is limited by HTTP itself which can’t provide two-phase commit across distributed transactional resources, but SOAP can. Internet apps generally don’t need this level of transactional reliability, enterprise apps sometimes do.
WS-ReliableMessaging
Rest doesn’t have a standard messaging system and expects clients to deal with communication failures by retrying. SOAP has successful/retry logic built in and provides end-to-end reliability even through SOAP intermediaries.
Summary
In Summary, SOAP is clearly useful, and important. For instance, if I was writing an iPhone application to interface with my bank I would definitely need to use SOAP. All three features above are required for banking transactions. For example, if I was transferring money from one account to the other, I would need to be certain that it completed. Retrying it could be catastrophic if it succeed the first time, but the response failed.
External Resources
- Why Soap Sucks
- SOAP or REST? it’s about your priorities!
- Goodbye, Google SOAP search API
- SOAP vs REST
Buzz Up!
del.icio.us
Digg
Facebook
Favorite
Furl
Google
Icerocket
LinkedIn
Magnoliacom
Mister Wong
MySpace
Newsvine
Ping This!
Propeller
Reddit
SlashDot
StumbleUpon
Technorati
Twitter
Yahoo
Anything beyond banking?
Reading through this, I was thinking ahead to your conclusion - the combination of security and transaction/messaging management makes me think of financial services. Is there anything else? Is the takeaway that SOAP is useful in areas where data security/integrity is critical?
Thanks for looking up the answer - it's been nagging at me but REST's ascendancy has increasingly led me to believe this may not be an issue in the long term.
c
A couple thoughts
A good read is Why SOAP Sucks by Nelson Minar linked above. He was the guy that implemented Google’s SOAP interface, which was often heralded as the example of SOAP done right. He also gives insight into why SOAP is no longer in use at google.
SOAP provides ACID compliant transactions, REST provides transactions, but they aren’t ACID compliant. There are some key differences, but for most cases the extra bits that are required to be ACID compliant are unnecessary especially on the web.
REST can do just about anything SOAP can, but without established standards. It’s not that REST can’t pass along messages, it does this job fine, but without standards, so each implementation can be different. This in itself isn’t necessarily a positive or a negative, it allows flexibility at the expense of potentially more complicated integration.
REST makes a lot of sense for internet applications. It easily integrates with Javascript and flash. It follows the same paradigm of internet transmission of retry when the connection fails. I can’t really think of any reason for an internet service to be anything but REST based. All the big players (Google, Yahoo, Amazon, etc) seem to be following that same logic now, in spite of some earlier mistakes.
For the enterprise SOAP still makes sense and financial services is a very logical fit for it.
Post new comment