tags:

views:

191

answers:

6

Why and when to use RESTful services?

I know how to create a WCF webservice. But I am not able to comprehend when to use a SOAP based service and when to use a RESTful service. I read many articles on SOAP vs REST, but still, I don't have a clear picture of why and when to use RESTful services.

What are some concrete points in order to easily decide between these services?

+1  A: 

SOAP will give you a richer set of functionality and you can create strongly typed services, where REST is normally more lightweight and easier to get running.

Edit: If you look at the ws-* standards there is a lot of stuff http://www.soaspecs.com/ws.php. Development tools such as Visual Studio make access very easy to a lot of this though. Typically WS is used more for enterprise SOA type development while REST is used for public API's on web sites (at least thats what I think).

Craig
@craig would you please elaborate, How Soap provide rich functionality.
vaibhav
A: 
  1. Android (mobile OS) do not have support for SOAP. RESTful services are a much better suit when mobile devices are the target.

  2. I personally prefer RESTful services in most cases since they are more lightweight, easier to debug and integrate against (unless you use a code generator for SOAP).

jgauffin
+7  A: 

This is a worthy question, and one for which a short answer does no justice. Forgetting about the fact that most people may be more familiar with SOAP than REST, I think there are a few key points in this:

First and foremost, I would suggest using REST wherever it fits naturally. If your main use scenarios involve reading and updating data atoms ("resources"), REST provides a more lightweight, discoverable and straightforward approach to data access. Also, building really thin clients (mobile devices, JavaScript, even shell scripts) is often easier with REST.

For example: If your data model is all about customers and your main operations involve reading the customers and writing back changes, REST will do just fine. Using GET/POST/PUT/DELETE HTTP protocols is an excellent way to make the protocol very discoverable and easy to use, even for somebody not intimately familiar with your application.

This, however, brings us to the second point.

What if you need to offer a web API with querying capabilities? For example, a typical scenario might be "Get me the 5 newest customers". In this scenario, pure REST provides little in terms of API discoverability. Enter OData (www.odata.org), and you're rolling again; from this viewpoint, OData URI based query syntax adds a touch of well-known abstraction above the normal extremely simplistic, ID-based addressing of REST services.

But then, there are aspects which can be reasonably hard to represent in terms of REST. Point three: If you can't model it reasonably cleanly, consider SOA.

For example, if a common usage scenario involves transitioning customers between workflow stages (say, "new customer", "credit request received", "credit approved"), modeling such stages with REST may prove complex. Should different stages be represented just as an attribute value in an entity? Or perhaps, should the different stages be modeled as containers wherein the customers lie? If it's an attribute, do you always want to do a full PUT when updating it? Should you perhaps use a custom HTTP verb ("APPROVE http://mysite/customers/contoso HTTP/1.0")?

These are valid questions to which there are no universal answers. Everything can be modeled in REST, but at some point the abstraction breaks down so much that much of REST's human-facing benefits (discoverability, ease of understanding) are lost. Of course, technical benefits (like all the HTTP-level goodness) can still be reaped, but in most realities they're not really the critical argument anyway.

Fourth and finally, there are things which the SOA model simply does great. Perhaps the most important of these is transactions. While it's a pretty complex generic problem in the WS-* world as well, generic transactions are rarely needed and can often be replaced with reasonably simple, atomic operations.

For example, consider a scenario where you want to create an operation that allows the merging of two customers and all their purchases under one account. Of course, all this needs to happen or not happen; a typical transaction scenario. Modeling this in REST requires a nontrivial amount of effort. For a specialized scenario such as this, the easy SOA approach would be to create one operation (MergeCustomers) which implements the transaction internally.

For more advanced scenarios, the WS-* stack provides facilities not readily available in the REST world (including WS-Transaction, WS-Security and whatnot). While most APIs need none of this (or are better off implementing them in a more simple way), I don't think it's worth the effort to rewrite all that just to be 100% REST.

Look into the best of both worlds. For the vast majority of scenarios, it is completely acceptable to have the basic CRUD in REST and provide a few specialized operations in SOA.

Also, these APIs can be designed to act together. For example, what should a SOA-based MergeCustomers operation return? It might return a serialized copy of the merged customer, but in most cases I would opt for returning a URI of the REST resource that is the newly merged customer. This way, you would always have a single representation of the customer even if SOA were necessary for specialized scenarios.

The previous approach has the drawback that it requires client support for both REST and SOA. However, this is rarely a real problem (apart from the purely architectural perspective). The simplest clients usually have REST capabilities by the very definition of having an HTTP stack, and they rarely run the more complex operations.

Of course, your mileage may vary. The needs of your application (and its clients), local policies and backward compatibility requirements often seem to dominate these discusssions in forehand, so the REST vs. SOA discussion is rarely on a pure technical merit basis.

Jouni Heikniemi
"pure REST provides little in terms of API discoverability" This statement is completely false. A REST API should contain links in all of its responses to enable you discover all functionality. All responses should be identified by a content-type to describe the contents of the response precisely. Self-description is a major tenant of REST and the reason why WSDL and WADL are unnecessary.
Darrel Miller
"If you can't model it reasonably cleanly, consider SOA" This is equivalent to saying, if you are not capable of creating an object-oriented design, give up and go back to procedural design. Lack of experience is not a valid reason for discarding REST.
Darrel Miller
Introducing a new HTTP method is never a valid scenario why designing a single service. The new HTTP method PATCH was only introduced after years discussion between many experienced web architects.
Darrel Miller
If you need two-phase commit transactions in your REST api then you are not applying REST to the right layer in your application.
Darrel Miller
Darrel Miller
Regarding security, do you do your online banking using a service that uses WS-Security or https? If https is good enough for your bank, and your money, why is it not good enough for 98% of business applications?
Darrel Miller
Darrel, thanks for your insights! I don't agree with all your points, but the space is a bit short to discuss their merits in detail. I'll try to follow up with a blog post later on though. In short: 1) Security: WS-Security and HTTPS solve different problems. If transport-level security is enough, HTTPS is almost always a better solution. 2) CustomerMergingMachine: In my book, that is service orientation - you're addressing an operation endpoint, not the involved resources. It's not SOAP, but it's SOA on an URL-based notation. That said, it is simple and a quite acceptable solution IMO!
Jouni Heikniemi
@Journi One of the nice changes they have made in the Httpbis documentation is they have clarified what POST can be used for. They have removed all references to using POST to create subordinate resources and left just a simple "The POST method is used to request that the...entity enclosed in the request as data to be processed by the resource..." Hopefully, this change will start to make people realize that many tricky design problems can be resolved RESTfully by using POST and a processing resource. http://trac.tools.ietf.org/wg/httpbis/trac/ticket/17
Darrel Miller
+2  A: 

An eternal question! SOAP vs. REST....

SOAP is great because it's industrial-strength, the services are self-describing in a machine-readable and -interpretable way, e.g. your computer can read, understand a SOAP service and create a client for it. SOAP is great because it's methods and all the data it will ever pass around are described and defined in great detail. But SOAP is a bit heavy-weight - it takes a lot of infrastructure to support it. SOAP is also mostly method-oriented, e.g. you define your services by means of what methods can be executed on the service.

REST is much more light-weight - it uses only established HTTP protocol and procedures, so any device that has an HTTP stack (and what doesn't, these days) can access a REST service. No SOAP heavy-lifting needed. REST is also more resource-centric, e.g. you think about resources, collections of resources, and their properties and how to deal with those (so you're basically back to the core function of create, read, update, delete). REST doesn't currently have any machine-readable service description, so you're either left to try and see, or you need some documentation from the service provider, to know what resources you have at hand.

My personal bottom line: if you want to expose some collections of data, and reach (being able to access it from any device) and ease-of-use is more important than reliability and other enterprise-grade features, then REST is the way to go. If you need serious, business-to-business, well-defined, well-documented services that implement things like reliability, transaction support etc. - then you're definitely on the right track with SOAP.

But I really don't see a REST exclusive or SOAP kind of approach - they'll be great scenarios for both.

marc_s
+2  A: 

This question has been asked many times before on Stackoverflow. Here http://stackoverflow.com/questions/1368014/why-do-we-need-restful-web-services/1368346#1368346 is my answer to the question.

Darrel Miller
A: 

One point that hasn't been mentioned is overhead. A recent REST project I worked on involved file transfer with items up to 2 GB allowed. If it had been implemented as a SOAP service, that'd be an automatic 30%+ increase in data due to encoding. The overhead with a REST service is all headers, the rest is straight data.

lincolnk
If, by "SOAP", we include only SOAP with XML Encoding over HTTP or HTTPS, then you're correct. However, the standards permit binary message encoding as well, such as used by WCF with the `netTcpBinding` and others. MTOM also evens things out.
John Saunders