Introduction
SOAP and REST are two widely used web service communication styles. Understanding their differences is essential for Salesforce integrations, middleware design, and building robust APIs. This post explains the core distinctions, when to use each, and practical examples relevant to Salesforce developers.
What is SOAP?
SOAP (Simple Object Access Protocol) is a protocol with strict standards that defines a messaging framework for exchanging structured information using XML. It relies on WSDL (Web Services Description Language) for contract definitions and commonly uses HTTP, SMTP, or other transport protocols.
What is REST?
REST (Representational State Transfer) is an architectural style rather than a strict protocol. RESTful services use standard HTTP methods (GET, POST, PUT, PATCH, DELETE) and typically exchange data in lightweight formats like JSON or XML. REST focuses on resources and stateless interactions.
Side-by-side comparison
Below are the major differences that matter for design and implementation:
1. Protocol vs Architectural Style
SOAP is a formal protocol with specific standards (envelope, header, body). REST is an architectural style that leverages existing web standards (HTTP).
2. Message format
SOAP exclusively uses XML. REST commonly uses JSON (preferred for modern web/mobile apps) but can also use XML, HTML, or plain text.
3. Contract and service description
SOAP uses WSDL to define a strict contract (operations, types, bindings). REST may use OpenAPI/Swagger for documentation, but it’s not required and is generally less rigid.
4. Transport
SOAP can run over multiple transport protocols (HTTP, SMTP, TCP). REST typically uses HTTP/HTTPS.
5. State management
SOAP supports both stateful and stateless operations. REST is stateless by design—each request contains all necessary information.
6. Error handling
SOAP has built-in error handling via SOAP Fault. REST uses HTTP status codes (4xx, 5xx) and custom response bodies to convey errors.
7. Security
SOAP provides extensive WS-* standards (WS-Security, WS-Trust, WS-SecurityPolicy) for message-level security, encryption, and signing. REST commonly uses HTTPS (TLS) and OAuth 2.0 for authentication/authorization; additional message-level security requires custom implementations.
8. Performance and bandwidth
SOAP’s XML payloads and verbose envelopes are heavier than REST’s typical JSON payloads, which can affect bandwidth and parsing performance—important for mobile or high-throughput systems.
9. Caching
REST can leverage HTTP caching semantics (Cache-Control, ETag) naturally. SOAP does not have built-in HTTP caching behavior.
Which should you use in Salesforce integrations?
Consider these guidelines when choosing between SOAP and REST for Salesforce:
Use SOAP when:
- You must interact with an enterprise system that publishes a WSDL and expects SOAP messages (many legacy ERPs and banks).
- You need advanced WS-* security features (message signing/encryption, SAML tokens).
- You require strict contracts and typed schemas for operations.
Use REST when:
- You need a lightweight, fast API for web or mobile clients (JSON-friendly).
- You want easier developer adoption and faster iteration (OpenAPI + JSON).
- You plan to optimize for HTTP semantics like caching, partial updates (PATCH), and content negotiation.
Salesforce-specific examples
Salesforce supports both SOAP and REST APIs:
- SOAP API: Often used for metadata operations and integrations where WSDL-driven tools generate client code. Helpful for systems requiring strong typing and enterprise-level message security.
- REST API: The preferred choice for Lightning components, external web/mobile apps, and modern middleware. Use JSON for ease of parsing and to reduce payload size.
Sample SOAP request (simplified)
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:partner.soap.sforce.com">
<soapenv:Header><urn:SessionHeader><urn:sessionId>00Dxx...!AQo...</urn:sessionId></urn:SessionHeader></soapenv:Header>
<soapenv:Body>
<urn:query><urn:queryString>SELECT Id, Name FROM Account LIMIT 10</urn:queryString></urn:query>
</soapenv:Body>
</soapenv:Envelope>
Sample REST request (simplified)
GET /services/data/v57.0/query/?q=SELECT+Id,+Name+FROM+Account+LIMIT+10
Host: yourInstance.salesforce.com
Authorization: Bearer 00Dxx...!AQo...
Accept: application/json
Best practices
- Prefer REST for new, public-facing APIs and mobile/web clients unless SOAP’s features are required.
- Document REST services with OpenAPI/Swagger and provide example payloads.
- For SOAP, publish WSDLs and provide client stubs or integration guides.
- Secure communications using TLS; use OAuth 2.0 for REST and WS-Security or OAuth for SOAP where applicable.
Conclusion
Both SOAP and REST have their places. SOAP is ideal for enterprise scenarios requiring formal contracts and advanced message-level security. REST is the modern, lightweight choice for web and mobile integrations, offering better performance and ease of use. As a Salesforce developer, choose based on the integration partner, security needs, payload formats, and client types.