Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Banking applications: SOAP vs REST?  RSS feed

 
lakshmi gullapudi
Greenhorn
Posts: 20
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can anybody please help me on this..

For banking applications, which one is good? REST or SOAP?

in which applications or in which scenarios, we use SOAP ws-security?
if we use REST in banking applications, is it secure?


 
Stephan van Hulst
Saloon Keeper
Posts: 7707
141
  • Likes 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
REST and SOAP are comparable in the way that you can compare lobsters and tomatoes. Lobsters and tomatoes are both red, but that's pretty much where there comparison ends. REST and SOAP are both used in data communication, but they are tools with different goals.

REST is a way to set up your application so that a client that knows a certain protocol can communicate with it. It allows a client to discover what resources your application has available, and what kind of operations you can perform on those resources, but it doesn't implement these resources or operations. You still have to do that yourself.

SOAP is a specific protocol for performing remote procedure calling (RPC). An application that knows SOAP can automatically generate the code necessary to represent and manipulate the data in your application.

You can use both SOAP and REST in different or overlapping parts of your application. For instance, you can, but are not limited to:

  • Generate a Java client from SOAP with WS-Security to communicate with a RESTful API through HTTP.
  • Write a custom JavaScript client that communicates with a RESTful API through SMTP.
  • Generate a JavaScript client from SOAP that communicates with an API that is not RESTful through HTTPS.
  • etc. etc.
  •  
    Tim Moores
    Saloon Keeper
    Posts: 3828
    79
    • Likes 1
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    For security conscious applications like banking, I would say SOAP has an edge over REST because WS-Security provides message-level security rather than transport-level security. That means encryption doesn't terminate as soon as the message enters server-side processing.

    But it's possible to create both secure and insecure applications with either approach. Also, for banking, there are a whole lot more things to consider to make applications secure than the choice of communication between different parts, not least regulatory and privacy issues. Make sure you have a solid grasp of all applicable rules and laws that govern the field in all jurisdictions the app will be used in.
     
    • Post Reply Bookmark Topic Watch Topic
    • New Topic
    Boost this thread!