Should I REST or SOAP

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

Hockey wrote:
That still begs the same question.. how is SOAP more secure than REST when both use the same HTTP service. SOAP is a defined XML format, still uses strings over HTTP. REST is a dynamic string over HTTP.
Well the fact that REST advocates seem to stress the importance of "stateless" behavior makes it less secure. Sure you could integrate authentication but without sessions or something, you would have to pass the user/pass in everytime you make a request, so unless you used HTTPS, wouldn't that be insecure?

As for the use of an API key...I have considered possibly using something like a private key implementation to encrypt the messages...

Maurgim, thanks for that OAuth...I'll certainly check it out.

Cheers :)
SOAP is not stateful, either, and you still have perfectly accessible sessions.
Post Reply