Simple Object Access Protocol (SOAP)
SOAP is a standardized, XML-based protocol for exchanging structured messages between web services. It defines message formats, bindings and fault handling and focuses on interoperability across heterogeneous systems.
Classification
- ComplexityMedium
- Impact areaTechnical
- Decision typeArchitectural
- Organizational maturityIntermediate
Technical context
Principles & goals
Use cases & scenarios
Compromises
- Misconfigurations can lead to security vulnerabilities (e.g. incorrect WS-Security implementation)
- Performance issues due to large XML payloads
- Vendor lock-in through proprietary extensions
- Strictly version WSDL and maintain backward compatibility
- Manage security policies centrally (e.g. policy repositories)
- Minimize payloads and use streaming/MTOM for large binary data
I/O & resources
- WSDL definitions and XSD schemas
- Security requirements (e.g. WS-Security policy)
- Network and operational requirements (SLA)
- SOAP endpoints with documented WSDL contracts
- Faulty messages in dead-letter queues
- Monitoring metrics and log outputs
Description
SOAP (Simple Object Access Protocol) is an XML-based protocol for exchanging structured information between web services. It defines message formats, transport bindings and fault handling and emphasizes interoperability and formal contract definitions (WSDL). It is common in regulated or legacy environments requiring strict typing and WS-* standards.
✔Benefits
- High interoperability between heterogeneous systems
- Formal, machine-readable contracts (WSDL)
- Mature standards for security and transactions
✖Limitations
- High overhead from XML and extensive specifications
- Complexity with WS-* standards and interoperability
- Less suitable for lightweight, mobile-oriented APIs
Trade-offs
Metrics
- Average message latency
Time between sending and acknowledgement of a SOAP message, important for SLAs.
- Error rate / fault rate
Share of failed SOAP calls relative to total calls.
- Payload size
Average XML message size, relevant for network and parsing performance.
Examples & implementations
ERP integration via SOAP
An ERP system exposes SOAP services to exchange order and invoice data with external partners.
Banking interfaces in regulated environments
Banks use SOAP and WS-* standards for strictly typed, auditable transactions between systems.
Legacy provider interface
External provider offers only SOAP APIs; internal systems integrate via ESB and adapters.
Implementation steps
Design and version WSDL contracts
Define WS-Security requirements and provision infrastructure
Implement SOAP endpoint and test against WSDL
Set up monitoring, logging and retry strategies
⚠️ Technical debt & bottlenecks
Technical debt
- Outdated SOAP endpoints without current security updates
- Missing WSDL versioning in production interfaces
- Legacy adapters with manual tweaks instead of reusable transformation rules
Known bottlenecks
Misuse examples
- Using SOAP for simple public RESTful APIs (unnecessary overhead)
- Disabling protections to gain performance
- Rolling out WSDL changes without coordination
Typical traps
- Incompatible WS-* implementations between parties
- Missing idempotency in retry strategies
- Excessive use of large XML payloads without streaming
Required skills
Architectural drivers
Constraints
- • Required infrastructure for WS-Security and certificate management
- • Legacy systems with fixed WSDL contracts
- • Performance requirements in high-throughput scenarios