What is the Difference Between SOAP and REST API?

Traducciones al Español
Estamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
Create a Linode account to try this guide with a $ credit.
This credit will be applied to any valid services used during your first  days.

In web applications, information has to be frequently transferred between a client and an application server. To enforce standards, avoid confusion, and minimize duplication, these interactions typically follow a couple of widely-accepted, standardized approaches. The two most common methods are the Representational State Transfer (REST) architecture and Simple Object Access Protocol (SOAP). This guide compares REST vs SOAP, providing an overview of each technology and describing its advantages.

What is SOAP?

Originally developed by Microsoft, SOAP is an acronym for the Simple Object Access Protocol. It was not published as an RFC but was eventually accepted as a World Wide Web Consortium (W3C) recommendation.

SOAP is a messaging protocol that uses an Extensible Markup Language (XML) data model known as the XML Information Set. It allows for the exchange of information between a client and a server across the internet. SOAP has a request-response architecture, and is typically used in web services and widgets.

It uses a structured format that allows clients to interact with a remote server and use its methods. Each SOAP service defines and publishes an interface for clients to use. The server sends information in a standard format, which the client can then process. All data must be transferred using the XML format. SOAP cannot work with other data models and does not make use of the REST architecture.

Servers often publish higher-level Web Services Description Language (WSDL) files describing how the service implements SOAP. The WSDL resources include additional information about the location and functionality of the service. Clients can freely access and use this information to design their requests. The WSDL description functions as a service guarantee from the provider. However, a service doesn’t need to publish its WSDL files. An example WSDL file can be seen on the WSDL page on Wikipedia.

SOAP is designed for interoperability. It leverages universal protocols such as HTTP to achieve platform independence and can run over a variety of protocols. The protocol defines the main nodes, roles, features, protocol bindings, and data encapsulation concepts. SOAP messages are XML documents, with an envelope, header, and body.

The protocol specification itself consists of three components:

  • The envelope: Describes the message structure and explains how to process it.
  • Encoding rules: Used to define the various data types and structures.
  • Conventions for requests and responses: The following section describes the message exchange patterns and the underlying transport bindings.

The SOAP specification also defines a wide range of terminology to describe concepts involving the protocol, data encapsulation, and sender-receiver interactions. More details about SOAP are available in the W3C Specification.

The following example illustrates a sample SOAP message. The query in the following example uses the default envelope from w3.org to request the LocationData for the Baltimore-Washington airport. The server should respond with the requested data, in the form of an HTTP message containing XML data.

File: airports.xml
POST /InStock HTTP/1.1
Host: www.example.org
Content-Type: application/soap+xml; charset=utf-8
Content-Length: 349
SOAPAction: "http://www.w3.org/2003/05/soap-envelope"

<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:m="http://www.example.org">

SOAP is widely used in enterprise applications due to its solidity and dependability. Following are some of its advantages:

  • It is highly reliable. SOAP enforces compliance standards and is ACID-compliant, guaranteeing atomicity, consistency, isolation, and durability. Servers can offer a precise contract of the services they are providing.
  • SOAP includes security enhancements and extensions such as WS-Security.
  • It has strong error handling mechanisms and provides information to understand and debug any issues.
  • The underlying XML messages are human-readable. They also support international characters and symbols.
  • SOAP is fully extensible. New extensions have already been added and continue to be added.
  • SOAP is protocol agnostic. SOAP can operate over any transport or application protocol, including HTTP, SMTP, TCP, or UDP. However, HTTP is used most of the time.
  • It is independent of any programming model or language.
  • It can be optimized and made more efficient through the use of Binary XML.
  • SOAP messages using HTTP can pass through firewalls and proxies with no further changes.

SOAP also has some drawbacks that make it less suitable for some situations. Some of its disadvantages include the following:

  • SOAP messages are lengthy and have a lot of overhead, including nested tags and delimiters. SOAP is much slower than the alternatives.
  • SOAP is a heavyweight protocol. The XML messages can be complex and slow to parse.
  • When HTTP is used as the transport mechanism, the client and server roles are fixed in the interaction. This is due to the HTTP tags such as GET.
  • The SOAP specification lacks a model to describe standard interactions.
  • It cannot take full advantage of the protocol-specific features of any transport mechanism. This is because it must equally support all lower layers.
  • If the interface changes, clients often have to update their applications. This tends to make SOAP applications resistant to change and slow to update.

What is REST?

REST is an acronym for Representational State Transfer. It is an architecture rather than a true protocol. REST consists of a set of patterns and best practices and provides developers with a standard methodology for web application design. Web sites and applications that adhere to the REST principles are said to be RESTful.

REST evolved alongside the development of the internet and other popular web standards. It is designed to be easy to use and have low barriers to entry. REST has become the most popular method for client-server web interactions, and many common web servers require interactions to be RESTful.

As with SOAP, REST has a client-server architecture, but it implements it much differently. Clients can only request information from a server using the Uniform Resource Identifier (URI) for the resource. This provides a uniform interface for the interaction, and is similar to the strategy used elsewhere on the internet. The client identifies the resource it wants to access in its request and specifies the format for the reply. This ensures the client can understand and process the contents.

In REST, clients and servers typically communicate through HTTP requests. When the server processes the request, it returns an HTTP message with a response code, the content type, and the contents of the message. The reply can be transmitted using JavaScript Object Notation (JSON), HTML, XML, or another agreed-upon format. Often, the server sends the resource as a text-based hyperlink. This link can be subsequently used to access server resources including web pages, images, binary files, services, database queries, or more hyperlinks. However, for simple requests, the server sends the information directly in the response. The text-based nature of the request and the replies ensure widespread interoperability. There is no formal interface and no additional processing or complexity.

An application is said to be RESTful if it satisfies the following concepts:

  • A client-server architecture: Clients, also known as user agents, and origin servers are designed to be loosely coupled. Servers do not provide information about their implementation details and clients do not have to know anything about it. This is a sensible approach for the low-trust environment of the web.
  • Statelessness: Each request is independent and does not rely on the current state of either the server or client. A good example of a stateless interaction could be retrieving the current weather for a given station.
  • The use of caches: Caches can increase security and offer better performance. REST also supports load balancers and proxies. The server can cache responses and use them for future requests. Clients are not able to determine what component they are connected to.
  • Layering: Additional features, such as security protocols, can be added to REST as a separate layer. For example, the user can be authenticated, and then the request can be passed to another layer for processing.
  • Uniform interface: Information is transferred in a standard form through well-known URIs. The interface is not customized for individual clients. They can only use the features the server provides in the format it provides them. Clients must identify the resource they want to access and the format to use. The format is specified as one of several widely-supported media types, such as JSON or HTML.

Each request includes the following components:

  • An HTTP method, for example GET or PUT. This indicates the operation to be performed.
  • A header, including an accept parameter. This is the media type the sender wants to receive. Some examples of accept parameters include text/css and image/gif. The sender must send the resources in this format.
  • A base URI to the resource. In an effective application design, the names of the resources should be clear, hierarchical, and easily understood. An example of a URI path could be example.com/orders/12233. The client can also append an identifier using the format example.com/orders/:id. This tells the server to transmit information about the order having the specified ID.

In addition, REST-compliant servers should ideally support code on demand. This feature allows executables to be pushed out to the clients. However, not all applications support this feature.

A good example of a REST API is the official GitHub REST API, which includes a “getting started” guide for new users.

Most REST requests consist solely of JSON messages. The JSON equivalent of the SOAP airport request might look like the following:

File: airports.json

The JSON-formatted request is enclosed inside an HTTP request using the following header:

File: airports.http
GET http://example.com/airports
Accept: application/json

The application ideally sends back a response with the HTTP status code 200 (OK), and the content-type application/json. It might include a link to use to view the data, or the data itself, specified in the agreed-upon format.

The URI and parameters for the request can often be specified using the browser’s address bar and the response viewed in the browser window. For example, the Data USA service for public US demographic data supports REST. Entering https://datausa.io/api/data?drilldowns=Nation&measures=Population in a browser’s address bar displays the US population for the last number of years. The results are formatted as a JSON file in the following format;

{"data":[{"ID Nation":"01000US","Nation":"United States","ID Year":2019,"Year":"2019","Population":328239523,"Slug Nation":"united-states"},
{"ID Nation":"01000US","Nation":"United States","ID Year":2018,"Year":"2018","Population":327167439,"Slug Nation":"united-states"}],
"source":[{"measures":["Population"],"annotations":{"source_name":"Census Bureau","source_description":"The American Community Survey (ACS) is conducted by the US Census and sent to a portion of the population every year.","dataset_name":"ACS 1-year Estimate","dataset_link":"http://www.census.gov/programs-surveys/acs/","table_id":"B01003","topic":"Diversity","subtopic":"Demographics"},"name":"acs_yg_total_population_1","substitutions":[]}]}

The advantages of REST make it very popular with developers. Following are some of its best attributes:

  • REST is very fast and efficient. It only passes a small amount of data, so it does not require much bandwidth.
  • REST is scalable and reliable. A server running REST can support a massive number of resources and requests.
  • It is highly modular. Each server resource URI can handle a different type of request.
  • It is very straightforward to understand and easy to implement from the client side. The code to process requests is usually very simple.
  • Due to the modular design, clients are fully decoupled from servers. The server model can change without requiring further changes from clients. Code can also be independently changed on the client side at any time.
  • The server side is easier to secure because internal details are not exposed. No information aside from the URIs is made available to clients.
  • REST is relatively robust and failure resistant.
  • It can work with a variety of message formats, including XML, JSON, and HTML. It can even potentially use SOAP as a message exchange format, whereas SOAP cannot use a REST architecture.

REST has few true drawbacks, but does have the following limitations:

  • Because REST is stateless, it does not support processing that depends upon the current state of the system. For instance, it cannot carry over information on a registration form to the next request. The client application is responsible for storing any necessary state information.
  • Because it is only a collection of principles, REST lacks an official standard. Due to some ambiguities, not all services advertised as RESTful fully meet all the criteria.
  • REST does not guarantee the reliability, and it does not have any automatic retry mechanism. Like much of the internet, it is considered to be the best effort. If a request does not succeed, the client must try again.
  • It does not include any security mechanisms. It relies purely on underlying security protocols such as HTTPS.

What is the Difference Between SOAP and REST?

SOAP and REST are often used in the same situations and for the same purpose. They both use a client-server structure to deliver web services. However, there are many differences between SOAP and REST. The following gives a summary of the SOAP vs REST comparison:

  • SOAP is an actual protocol with an official specification. REST is an architecture. It takes advantage of existing transport and application protocols and consists of a set of principles and loosely defined constraints. Because SOAP and REST are fundamentally different, it is challenging to make exact comparisons.
  • There are major differences between the SOAP and REST APIs. SOAP uses an interface and a web API to provide functionality. This interface must be clearly defined and both the server and the clients must agree to follow it. REST uses URIs in conjunction with HTTP requests.
  • SOAP can only use the XML format for replies. REST can be used in conjunction with many different technologies including HTTP, XML, or JSON, the most common choice.
  • REST can use SOAP as its underlying protocol provided it follows REST’s architectural principles. But SOAP cannot use REST. It has to follow its own protocol specifications.
  • REST is more lightweight and efficient. SOAP is a heavyweight protocol that transmits more data. SOAP servers publish their interfaces using long, complex WSDL files.
  • SOAP can maintain state across a series of transactions, while REST is stateless. REST clients must store all non-transient information.
  • SOAP incorporates several security measures while REST lacks any security layer.
  • SOAP is an older protocol often used in legacy and corporate applications. REST has become more common in current web applications.
  • SOAP can transmit broadcast messages, but REST messages are unicast transmissions for a single client.
  • SOAP APIs are difficult to update because they require consensus from all stakeholders. Clients cannot change their interface without approval. REST APIs are easier to unilaterally update.

What Are the Benefits of Using SOAP vs REST?

In many cases, either the SOAP protocol or the REST architecture can be used. But in certain situations, one or the other might be preferable. Following is a brief guide to help you decide when to use REST vs SOAP.

  • REST is designed for speed and efficiency and transfers relatively little information. It is good for applications that must scale and deliver results quickly, or have limited bandwidth.
  • SOAP is much more reliable and secure, and includes a retry mechanism. It is designed for applications requiring a service guarantee and a precise, unchanging interface. However, it is not as fast or efficient as REST, and pages can take longer to load.
  • REST is more flexible and can work together with several protocols including HTTP, JSON, and XML. SOAP is limited to XML, so applications that want to use JSON must use REST.
  • SOAP can retain state information while REST cannot. SOAP is therefore the best choice for workflows where information is carried over, for example, shopping carts. REST is a better choice for isolated, non-stateful requests. A good example is downloading a weather report or a bus schedule.
  • REST can cache information, so it is a better choice if different clients are repeatedly requesting the same information. This greatly reduces the demands on the server. SOAP is not designed for efficient caching.
  • SOAP can include a security extension, while REST does not provide any specific security measures. REST security can only be provided by underlying layers such as HTTPS. This means SOAP is a better choice for exchanging personal details or credit information.
  • REST is much simpler to use and understand. It can be quickly added to a prototype and iterated upon demand and is better aligned with modern programming trends. SOAP requires published interfaces and a more structured development process. It can also be more unwieldy and difficult to integrate. However, for complex corporate workflows, SOAP is often the better, faster choice. This is due to its more precise and personalized interfaces. Certain programming environments provide utilities to hide SOAP’s lower-level abstractions.
  • SOAP tends to lock servers and clients into a particular version because it is more difficult to update. This is acceptable for internal or corporate applications, but REST is a better choice for public interfaces that might change in the future.
  • REST is more common, and many popular services only support the REST architecture. It has become the de facto standard for public web services. In these cases, REST is the only possible alternative. However, some organizations support both SOAP and REST.

A Summary of SOAP vs REST

SOAP and REST are both used for web services and both follow a client-server model. However, there are more differences between SOAP and REST. SOAP is a protocol while REST is an architectural pattern. The REST and SOAP APIs are also different. SOAP servers publish an official interface and use XML to send and receive information. However, it can use any underlying transport model. With REST, clients request information from the server using the resource’s URI. REST supports several underlying messaging formats, but JSON is the most common alternative.

Many web applications could use either SOAP or REST, but they both have their strengths and weaknesses. SOAP is more reliable, but not as efficient. REST is designed to emphasize speed, efficiency, and scalability over reliability. In addition, SOAP can retain state information while REST is stateless. However, REST supports caching and is easier to update.

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

This page was originally published on

Your Feedback Is Important

Let us know if this guide was helpful to you.

Join the conversation.
Read other comments or post your own below. Comments must be respectful, constructive, and relevant to the topic of the guide. Do not post external links or advertisements. Before posting, consider if your comment would be better addressed by contacting our Support team or asking on our Community Site.
The Disqus commenting system for Linode Docs requires the acceptance of Functional Cookies, which allow us to analyze site usage so we can measure and improve performance. To view and create comments for this article, please update your Cookie Preferences on this website and refresh this web page. Please note: You must have JavaScript enabled in your browser.