Skip to main content

Security of REST and SOAP services

In the majority of cases REST and SOAP security systems are the same: some form of HTTP-based authentication plus Secure Sockets Layer (SSL).

However a SOAP service does support end-to-end message security. This means that if you pass SOAP messages from endpoint to endpoint to endpoint, over the same or different protocols, the message is secure. If your system needs this particular feature SOAP is definitely the way to go.

It should be noted that security is a large domain and far too complex to decide upon based on a couple of paragraphs. The point here is to say that while underlying REST and SOAP security systems are largely the same, SOAP has provision for intermediary security that REST does not.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!