SOAP is not stateful, either, and you still have perfectly accessible sessions.Hockey wrote:Well the fact that REST advocates seem to stress the importance of "stateless" behavior makes it less secure. Sure you could integrate authentication but without sessions or something, you would have to pass the user/pass in everytime you make a request, so unless you used HTTPS, wouldn't that be insecure?That still begs the same question.. how is SOAP more secure than REST when both use the same HTTP service. SOAP is a defined XML format, still uses strings over HTTP. REST is a dynamic string over HTTP.
As for the use of an API key...I have considered possibly using something like a private key implementation to encrypt the messages...
Maurgim, thanks for that OAuth...I'll certainly check it out.
Cheers
Should I REST or SOAP
Moderator: General Moderators