Reputation: 25587
REST vs SOAP - Is SOAP really more secure than REST?
I am not an expert in SOAP, but from my knowledge SOAP is just an HTTP request formatted in XML in order to supply structured data.
I need to implement a simple API with a list of parameters.
I proposed using a simple REST interface, but I have been told that SOAP is more secure.
Any ideas on this topic?
Upvotes: 5
Views: 3277
Answers (2)
Reputation: 142222
My guess would be that you have been told SOAP is more secure because of the existence of various standards that relate to security:
http://en.wikipedia.org/wiki/WS-Trust
http://en.wikipedia.org/wiki/WS-Security
http://en.wikipedia.org/wiki/WS-SecureConversation
http://en.wikipedia.org/wiki/WS-Federation
Most REST implementations are based on HTTP which has Basic Auth, Digest Auth, SSL and OAuth as security related specs. Which is more secure is topic that is could be debated forever!
An important question is does your service need something more secure than online banks use? HTTPS seems to be sufficient for them, and they are a pretty big target.
Upvotes: 16
Reputation: 62631
No, it's not.
I can only guess why would anybody think the API flavor has any relevance in security, or safety (not the same thing, and it's not clear which one is referred to); it might be because the common misconception that REST means simply exposing your data objects. If that were the case, such an approach would surely be utterly unsafe! (in any meaning of the word)
Upvotes: 8
Related Questions
- SOAP vs REST (differences)
- When to choose REST over SOAP API, and vice versa?
- Is RESTful faster than SOAP? and when to use one of them?
- SOAP vs REST, when to use one and not the other?
- Difference between SOAP and REST
- Understanding SOAP vs REST from an authentication point of view
- Why prefer REST over SOAP?
- Rest vs. Soap. Has REST a better performance?
- REST vs SOAP evolvability
- Restful vs Soapbased