Is SOAP more secure than REST?


When implementing an online invoicing software, I asked the responsible company if the REST version of the API existed.

The answer was that they did not use REST due to security, that SOAP would be more secure because it is software that manipulates financial information.

Is this information true? If so, in which context is SOAP more secure than REST and vice versa?


As for security, I see only one difference between REST and SOAP.

In REST, security is only done at the transport layer, whether using SSL or TSL. SOAP also gives you this option.

However, following the SOAP specification, it is possible to use WS-Security , in this case the protection is not done at Transport level, but the message itself will be encrypted.

But understand, REST does not implement message security, simply because it doesn't make sense in a web environment, as it will only give you extra protection only in very specific scenarios.

If you want to read more about it, visit the following website:


I saw a lot of people putting the advantage of SOAP in the fact that it validates the message, it is possible to do the same in REST, whether using a JSON Schema , XML Schema or even a Protocol Buffer .

Scroll to Top