It's been around couple of months since this topic has confused me a lot. Every time I have discussion about webservices I always try to figure out difference between SOAP based web service (JAX-WS Java API) and REST based web service (JAX-RS) web service. When the picture is finally clear let me put it down for others.
Biggest point to note about SOAP and REST is that they cannot be compared! Yes you read it right you cannot compare both. You can only do comparison of things that are different aspects of same thing and these are not.
SOAP (Simple Object Access Protocol) is a protocol which uses XML to communicate data. Like any other protocol it has it's own rules. REST (Representational State transfer) on the other hand is an architecture (repeating architecture) meaning a way to design APIs.
Given that we will see each in a bit more detail so that it gives us a clear picture of REST and SOAP based web service.
W3C defines a web service as
"A software system designed to support interoperable machine-to-machine interaction over a network."
SOAP based web services
- SOAP stands for Simple Object access protocol.
- As the name suggests this is a protocol.
- SOAP uses service interfaces and named operations to expose the APIS.
- SOAP requires more bandwidth that REST requests.
- You can only transfer (send/receive) XML payload from SOAP based webservices.
- Java API for this is JAX-WS
- SOAP has Web Services Description Language (WSDL) which describes how webservice will work and lets you get a reference to it.
- SOAP based messages have strict specifications to follow for implementation.
- SOAP defines it's own security standards WS-security..
REST based web services
- REST stands for Representational state transfer.
- This is an architectural approach.
- REST uses URLs and method types (HTTP verbs like GET, POST, PUT etc) to expose APIs.
- REST requires less bandwidth that SOAP based requests.
- In REST you can send and receive any type of payload (Json, XML, HTML).
- Java API for this is JAX-RS
- REST does not have strict restrictions like SOAP.
- For security REST calls rely in underlying protocol like HTTPS.
- HTTP verbs used by REST
- Careful with HTTP POST verb. It is not safe and not idempotent.So You cannot just resend.
- In REST based requests , response may be cached. Server may return ETag header when accessed. Client send this tag on subsequent request to access resource. If resource is not changed server will return 304 (not modified).
Major differences between GET and POST
- SOAP vs REST (differences) (SO)
- SOAP (Wiki)
- REST (Wiki)
- REST vs SOAP (Java Papers)
- SOAP vs REST Web Services (Java T Point)
- REST APIs must be hypertext-driven
- Using HTTP POST and GET using cURL(OSFG)