Many people encounter this as a popular interview question. I’ve written the following piece for anyone looking for a little summary.
REST = REpresentational State Transfer
- An architectural pattern
- Most common security mechanism is Transport level security (TLS) and http basic/digest authentication
- Stateless
- Permits different data formats (JSON, XML)
- Reads can be cached (HTTP GET)
- Lower bandwidth usage (JSON)
- Provides Transcations but not ACID compliant
- API is defined using a wiki most of the time
- Exposes resources
SOAP = Simple Object Access Protocol
- A protocol
- WS-Security WS-AtomicTransaction WS-ReliableMessaging
- Easy to implement message level security/encryption
- Ensures message delivery
- Permits only XML
- SOAP based reads can’t be cached (All POST requests)
- Rest doesn’t have a standard messaging system and expects clients to deal with communication failures by retrying. SOAP has successful/retry logic built in and provides end-to-end reliability even through SOAP intermediaries.
- Provides ACID compliant Transactions
- API is self-explanatory
- Exposes methods
Interesting Reads: