Understanding SOAP and REST Basics
Simple Object Access Protocol (SOAP) and REpresentational State
Transfer (REST) are two answers to the same question: how to access Web
services. The choice initially may seem easy, but at times it can be
surprisingly difficult.
SOAP is a standards-based Web services access protocol that has been
around for a while and enjoys all of the benefits of long-term use.
Originally developed by Microsoft, SOAP really isn’t as simple as the
acronym would suggest.
REST
is the newcomer to the block. It seeks to fix the problems with SOAP
and provide a truly simple method of accessing Web services. However,
sometimes SOAP is actually easier to use; sometimes REST has problems of
its own. Both techniques have issues to consider when deciding which
protocol to use.
Before I go any further, it’s important to clarify that both SOAP and REST are protocols:
a set of rules for requesting information from a server using a
specific technique. The rules are important because without rules, you
can’t achieve any level of standardization. The best way to view a
protocol is as if it is a diplomat who is making a request on your
behalf from another entity. Some people I’ve talked with just don’t
understand the entire concept; they have the idea that some sort of
magic is occurring. Both SOAP and REST rely on well-established rules
that everyone has agreed to abide by in the interest of exchanging
information.
A Quick Overview of SOAP
SOAP relies exclusively on XML to provide messaging services.
Microsoft originally developed SOAP to take the place of older
technologies that don’t work well on the Internet such as the
Distributed Component Object Model (DCOM) and Common Object Request
Broker Architecture (CORBA). These technologies fail because they rely
on binary messaging; the XML messaging that SOAP employs works better
over the Internet.
After an initial release, Microsoft submitted SOAP to the Internet
Engineering Task Force (IETF) where it was standardized. SOAP is
designed to support expansion, so it has all sorts of other acronyms and
abbreviations associated with it, such as WS-Addressing, WS-Policy,
WS-Security, WS-Federation, WS-ReliableMessaging, WS-Coordination,
WS-AtomicTransaction, and WS-RemotePortlets. In fact, you can find a
whole laundry list of these standards on Web Services Standards.
The point is that SOAP is highly extensible, but you only use the
pieces you need for a particular task. For example, when using a public
Web service that’s freely available to everyone, you really don’t have
much need for WS-Security.
The XML used to make requests and receive responses in SOAP can
become extremely complex. In some programming languages, you need to
build those requests manually, which becomes problematic because SOAP is
intolerant of errors. However, other languages can use shortcuts that
SOAP provides; that can help you reduce the effort required to create
the request and to parse the response. In fact, when working with .NET
languages, you never even see the XML.
Part of the magic is the Web Services Description Language (WSDL).
This is another file that’s associated with SOAP. It provides a
definition of how the Web service works, so that when you create a
reference to it, the IDE can completely automate the process. So, the
difficulty of using SOAP depends to a large degree on the language you
use.
One of the most important SOAP features is built-in error handling.
If there’s a problem with your request, the response contains error
information that you can use to fix the problem. Given that you might
not own the Web service, this particular feature is extremely important;
otherwise you would be left guessing as to why things didn’t work. The
error reporting even provides standardized codes so that it’s possible
to automate some error handling tasks in your code.
An interesting SOAP feature is that you don’t necessarily have to use it with the HyperText Transfer Protocol (HTTP) transport. There’s an actual specification for using SOAP over Simple Mail Transfer Protocol
(SMTP) and there isn’t any reason you can’t use it over other
transports. In fact, developers in some languages, such as Python, are doing just that.
A Quick Overview of REST
Many developers found SOAP cumbersome and hard to use. For example,
working with SOAP in JavaScript means writing a ton of code to perform
extremely simple tasks because you must create the required XML
structure absolutely every time.
REST provides a lighter weight alternative. Instead of using XML to
make a request, REST relies on a simple URL in many cases. In some
situations you must provide additional information in special ways, but
most Web services using REST rely exclusively on obtaining the needed
information using the URL approach. REST can use four different HTTP 1.1
verbs (GET, POST, PUT, and DELETE) to perform tasks.
Unlike SOAP, REST doesn’t have to use XML to provide the response.
You can find REST-based Web services that output the data in Command
Separated Value (CSV), JavaScript Object Notation (JSON) and Really
Simple Syndication (RSS). The point is that you can obtain the output
you need in a form that’s easy to parse within the language you need for
your application.
As an example of working with REST, you could create a URL for Weather Underground. The API’s documentation page
shows an example URL of
http://api.wunderground.com/api/Your_Key/conditions/q/CA/San_Francisco.json.
The information you receive in return is a JSON formatted document
containing the weather for San Francisco. You can use your browser to
interact with the Web service, which makes it a lot easier to create the
right URL and verify the output you need to parse with your
application.
Deciding Between SOAP and REST
Before you spend hours fretting over the choice between SOAP and
REST, consider that some Web services support one and some the other.
Unless you plan to create your own Web service, the decision of which
protocol to use may already be made for you. Extremely few Web services,
such as Amazon, support both. The focus of your decision often centers
on which Web service best meets your needs, rather than which protocol
to use.
SOAP is definitely the heavyweight choice for Web service access. It provides the following advantages when compared to REST:
- Language, platform, and transport independent (REST requires use of HTTP)
- Works well in distributed enterprise environments (REST assumes direct point-to-point communication)
- Standardized
- Provides significant pre-build extensibility in the form of the WS* standards
- Built-in error handling
- Automation when used with certain language products
REST is easier to use for the most part and is more flexible. It has the following advantages when compared to SOAP:
- No expensive tools require to interact with the Web service
- Smaller learning curve
- Efficient (SOAP uses XML for all messages, REST can use smaller message formats)
- Fast (no extensive processing required)
- Closer to other Web technologies in design philosophy
| REST | SOAP | |||
| Assumes a point-to-point communication model–not usable for distributed computing environment where message may go through one or more intermediaries | Designed to handle distributed computing environments | |||
| Minimal tooling/middleware is necessary. Only HTTP support is required | Requires significant tooling/middleware support | |||
| URL typically references the resource being accessed/deleted/updated | The content of the message typically decides the operation e.g. doc-literal services | |||
| Not reliable – HTTP DELETE can return OK status even if a resource is not deleted | Reliable | |||
| Formal description standards not in widespread use. WSDL 1.2, WADL are candidates. | Well defined mechanism for describing the interface e.g. WSDL+XSD, WS-Policy | |||
| Better suited for point-to-point or where the intermediary does not play a significant role | Well suited for intermediated services | |||
| No constraints on the payload | Payload must comply with the SOAP schema | |||
| Only the most well established standards apply e.g. HTTP, SSL. No established standards for other aspects. DELETE and PUT methods often disabled by firewalls, leads to security complexity. | A large number of supporting standards for security, reliability, transactions. | |||
| Built-in error handling (faults) | No error handling | |||
| Tied to the HTTP transport model | Both SMTP and HTTP are valid application layer protocols used as Transport for SOAP | |||
| Less verbose | More verbose |
By DeepthiReddy
No comments:
Post a Comment