Saturday, October 6, 2012

SOAP Vs REST : Making the Right choice

SOAP Vs REST

Often the question arises which one is better and which one should be used ? Here i attempt to answer the same

Difference


REST
SOAP
Basics
Exposes Resources which represents data
Exposes operations which exposes logic
Http Method
Uses HTTP verbs like GET / POST / DELETE
Uses HTTP Post (can't use Get) or any other protocol like smtp , ftp
Emphasis
Emphasis on simple point to point communication using HTTP.
Emphasis on loosely coupled distributed messaging.
Data Formats
Supports multiple data formats like XML , JSON
Supports only xml.
Stateless vs Stateful
Emphasizes stateless communication
Supports stateless and stateful  conversation and operations
Caching
Since HTTP based / Rest-ful APIs can be consumed using simple GET requests, intermediate proxy servers / reverse-proxies can cache their response very easily
SOAP requests use POST and require a complex XML request to be created which makes response-caching difficult.
Depending on protocol used may be more tough to cache.
Testing
It is also easy to test and troubleshoot an HTTP API since one can construct a call with nothing more than a browser and check the response inside the browser window itself.
There are special tools (SOAPUI) & libraries to test SOAP services hence a learning curve.
2 Phase commit
REST is limited by HTTP itself which can’t provide two-phase commit across distributed transactional resources
SOAP can. ( hence better choice for enterperise services )
Full form
REST (Representational State Transfer)
SOAP (Simple Object Access Protocol)


Supports asynchronous messaging


Strong typing, it has a fixed set of supported data types

Can easily do CRUD operations







When is REST Better than SOAP
  1. REST can be consumed by any client even a web browser with ajax and JavaScript.
  2. Rest is light weight
    1. Doesn't require xml parsing
    2. consumes less bandwidth - doesnt require a soap header for every msg
  3. REST is safe
    1. supports HTTPs
    2. -  aren't GET operations safe ? ( but they do expose params in url )


When is SOAP Better than REST
  1. Building a client for REST can be challenging
    1.   for soap can generate clients for wsdl
    2. dont have to write raw http calls
    3. SOAP can use own java exceptions , in REST look at the http response code
  2. REST only supports HTTP / HTTPs
  3. Parameter of REST will be exposed as a part of URI ( may be a security consideration ) 
  4. REST doesnt support reliable messaging 
  5. REST cannot be governed
    1.  how do i know who is consuming my WS w/o registry
    2.  how to discover a Restful WS





Good places to use REST
  1. Limited bandwidth
  2. Limited resources
  3. when ok to Expose URL data on web
  4. Combining content from many different sources on web ( mashups )


Good places to use SOAP
  1. Enterprise Services
    1. high reliability WS-RM :- Rest doesn’t have a standard messaging system and expects clients to deal with communication failures by retrying. SOAP has successful/retry logic built in and provides end-to-end reliability even through SOAP intermediaries.
    2. Transactions with WS-AT    :- Need ACID Transactions over a service, you’re going to need SOAP. While REST supports transactions, it isn’t as comprehensive and isn’t ACID compliant. 
    3. Security with WS-Security , adds enterprise level security , Supports identity through intermediaries, not just point to point . It also provides a standard implementation of data integrity and data privacy. 
  2. Asynchronous processing
  3. Stateful operation
  4. standard support interoperability with Buss apps
  5. Tooling support

Code Example And Performance
The above article gives simple code example and performance analysis for both

SOAP Disadvantages
1. Main use of SOAP is RPC ( generate proxy and use it to RPC ) but its not easy to pass even integers across two platforms
2. Strong typing is a bad choice for loosely coupled distributed systems. The moment you need to change anything, the type signature changes and all the clients that were built to your earlier protocol spec break. 


No comments: