Hi folks,
I am not an expert in SOAP, but from my knowledge SOAP is just an HTTP request formatted in XML in order to supply structured data.
I need to implement a simple API with a list of parameters.
I proposed using a simple REST interface, but I have been told that SOAP is more secure.
Any ideas on this topic?
No, it's not.
I can only guess why would anybody think the API flavor has any relevance in security, or safety (not the same thing, and it's not clear which one is referred to); it might be because the common misconception that REST means simply exposing your data objects. If that were the case, such an approach would surely be utterly unsafe! (in any meaning of the word)
My guess would be that you have been told SOAP is more secure because of the existence of various standards that relate to security:
http://en.wikipedia.org/wiki/WS-Trust
http://en.wikipedia.org/wiki/WS-Security
http://en.wikipedia.org/wiki/WS-SecureConversation
http://en.wikipedia.org/wiki/WS-Federation
Most REST implementations are based on HTTP which has Basic Auth, Digest Auth, SSL and OAuth as security related specs. Which is more secure is topic that is could be debated forever!
An important question is does your service need something more secure than online banks use? HTTPS seems to be sufficient for them, and they are a pretty big target.