The earlier tutorials have given a lot of details on 2 key types of web service designs. One is SOAP protocol (Simple Object Access Protocol) and the other being REST for Representational State Transfer.
Each technique has its own advantages and disadvantages. Hence, it's always good to understand in which situations each design should be used. This tutorial will go into some of the key differences between these techniques as well as what challenges you might encounter while using them.
In this tutorial, you will learn-
- SOAP vs REST
- When to use REST and when to use SOAP
- SOAP vs REST API challenges
- Difference between SOAP Vs. CORBA Vs. DCOM Vs. Java RMI
Let's have a short overview of soap vs rest before we do a deep dive into the key differences between them.
SOAP - SOAP is a protocol which was designed before REST and came into the picture. The main idea behind designing SOAP was to ensure that programs built on different platforms and programming languages could exchange data in an easy manner.
REST - This was designed specifically for working with components such as media components, files, or even objects on a particular hardware device. Any web service that is defined on the principles of REST can be called a RestFul web service. A Restful service would use the normal HTTP verbs of GET, POST, PUT and DELETE for working with the required components.
- SOAP stands for Simple Object Access Protocol whereas REST stands for Representational State Transfer.
- SOAP is a protocol whereas REST is an architectural pattern.
- SOAP uses service interfaces to expose its functionality to client applications while REST uses Uniform Service locators to access to the components on the hardware device.
- SOAP needs more bandwidth for its usage whereas REST doesn’t need much bandwidth.
- SOAP only works with XML formats whereas REST work with plain text, XML, HTML and JSON.
- SOAP cannot make use of REST whereas REST can make use of SOAP.
Below are the main differences between SOAP and REST
<?xml version="1.0"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV ="http://www.w3.org/2001/12/soap-envelope" SOAP-ENV:encodingStyle =" http://www.w3.org/2001/12/soap-encoding"> <soap:Body> <Demo.guru99WebService xmlns="http://tempuri.org/"> <EmployeeID>int</EmployeeID> </Demo.guru99WebService> </soap:Body> </SOAP-ENV:Envelope>
One of the most highly debatable topics is when REST should be used or when to use SOAP while designing web services.
Below are some of the key factors that determine when each technology should be used for web services REST services should be used in the following instances
Limited resources and bandwidth – Since SOAP messages are heavier in content and consume a far greater bandwidth, REST should be used in instances where network bandwidth is a constraint.
Statelessness – If there is no need to maintain a state of information from one request to another then REST should be used. If you need a proper information flow wherein some information from one request needs to flow into another then SOAP is more suited for that purpose. We can take the example of any online purchasing site. These sites normally need the user first to add items which need to be purchased to a cart. All of the cart items are then transferred to the payment page in order to complete the purchase. This is an example of an application which needs the state feature. The state of the cart items needs to be transferred to the payment page for further processing.
Caching – If there is a need to cache a lot of requests then REST is the perfect solution. At times, clients could request for the same resource multiple times. This can increase the number of requests which are sent to the server. By implementing a cache, the most frequent queries results can be stored in an intermediate location. So whenever the client requests for a resource, it will first check the cache. If the resources exist then, it will not proceed to the server. So caching can help in minimizing the amount of trips which are made to the web server.
Ease of coding – Coding REST Services and subsequent implementation is far easier than SOAP. So if a quick win solution is required for web services, then REST is the way to go.
SOAP should be used in the following instances
Asynchronous processing and subsequent invocation – if there is a requirement that the client needs a guaranteed level of reliability and security then the new SOAP standard of SOAP 1.2 provides a lot of additional features, especially when it comes to security.
A Formal means of communication – if both the client and server have an agreement on the exchange format then SOAP 1.2 gives the rigid specifications for this type of interaction. An example is an online purchasing site in which users add items to a cart before the payment is made. Let's assume we have a web service that does the final payment. There can be a firm agreement that the web service will only accept the cart item name, unit price, and quantity. If such a scenario exists then, it's always better to use the SOAP protocol.
Stateful operations – if the application has a requirement that state needs to be maintained from one request to another, then the SOAP 1.2 standard provides the WS* structure to support such requirements.
API is known as the Application Programming Interface and is offered by both the client and the server. In the client world, this is offered by the browser whereas in the server world it's what is provided by the web service which can either be SOAP or REST.
Challenges with the SOAP API
- WSDL file - One of the key challenges of the SOAP API is the WSDL document itself. The WSDL document is what tells the client of all the operations that can be performed by the web service. The WSDL document will contain all information such as the data types being used in the SOAP messages and what all operations are available via the web service. The below code snippet is just part of a sample WSDL file.
<?xml version="1.0"?> <definitions name="Tutorial" targetNamespace=http://demo.guru99.com/Tutorial.wsdl xmlns:tns=http://demo.guru99.com/Tutorial.wsdl xmlns:xsd1=http://demo.guru99.com/Tutorial.xsd xmlns:soap=http://schemas.xmlsoap.org/wsdl/soap/ xmlns="http://schemas.xmlsoap.org/wsdl/"> <types> <schema targetNamespace=http://Demo.guru99.com/Tutorial.xsd xmlns="http://www.w3.org/2000/10/XMLSchema"> <element name="TutorialNameRequest"> <complexType> <all> <element name="TutorialName" type="string"/> </all> </complexType> </element> <element name="TutorialIDRequest"> <complexType> <all> <element name="TutorialID" type="number"/> </all> </complexType> </element> </schema> </types>
As per the above WSDL file, we have an element called "TutorialName" which is of the type String which is part of the element TutorialNameRequest.
Now, suppose if the WSDL file were to change as per the business requirements and the TutorialName has to become TutorialDescription. This would mean that all the clients who are currently connecting to this web service would then need to make this corresponding change in their code to accommodate the change in the WSDL file.
This shows the biggest challenge of the WSDL file which is the tight contract between the client and the server and that one change could cause a large impact, on the whole, client applications.
- Document size – The other key challenge is the size of the SOAP messages which get transferred from the client to the server. Because of the large messages, using SOAP in places where bandwidth is a constraint can be a big issue.
Challenges with the REST API
- Lack of Security – REST does not impose any sort of security like SOAP. This is why REST is very appropriate for public available URL's, but when it comes down to confidential data being passed between the client and the server, REST is the worst mechanism to be used for web services.
- Lack of state – Most web applications require a stateful mechanism. For example, if you had a purchasing site which had the mechanism of having a shopping cart, it is required to know the number of items in the shopping cart before the actual purchase is made. Unfortunately, the burden of maintaining this state lies with the client, which just makes the client application heavier and difficult to maintain.
Remote access techniques such as the RPC (Remote Procedure calls) methods were in common use before SOAP and REST came along. The various remote access techniques which were available are mentioned below.
CORBA – This was known as Common Object Request Broker Architecture. This system was put in place to ensure that applications built on various platforms could talk to each other. CORBA was based on an object-oriented architecture, but it was not necessary for the calling application to be based on this architecture. The major disadvantage of this technique was that it has to be developed in a separate language called the Interface Definition Language, and it just presented an additional language that had to be learned by developers to make use of the CORBA system.
- DCOM – This is the Distributed Component Object Model, which is a proprietary Microsoft technology for clients to access remote components. The biggest issue with this mechanism was it was up to the client application to free up resources when no longer required.
Secondly, when the client sent the request, it was up to the client to ensure that the request was wrapped or marshaled in a correct way so that the web service could understand the request sent. Another issue was if the client application was a Java based application which had to work DCOM (Microsoft Technology) additional coding was required to ensure that applications built in other programming languages could work with DCOM based web services.
Java RMI – Known as Java Remote Method Invocation, this was Java implementation on how remote objects could be called through remote procedure calls. The biggest restriction of this technology was that Java RMI could only be run on a Java Virtual Machine. This meant that the calling application also has to be run on the Java framework in order to make use of Java RMI.
The main differences between SOAP and these techniques are as follows
- Working over HTTP – All of the RPC techniques have one big limitation, and it is that they don't work by the HTTP protocol. Since all applications on the web had to work on this protocol, this used to be a major roadblock for clients which had to access these RPC-style web services.
- Working with non-standard ports – Since the RPC style web services did not work by the HTTP protocol, separate ports had to be open for them for clients to access the functionality from these web services.