SOAP web服务和REST web服务都可以使用HTTP协议和其他协议(只是提到SOAP可以是REST的底层协议)。我将只讨论与SOAP和REST相关的HTTP协议，因为这是它们最常用的用法。

SOAP

SOAP(“简单”对象访问协议)是一种协议(也是W3C标准)。它定义了如何创建、发送和处理SOAP消息。

SOAP messages are XML documents with a specific structure: they contain an envelope which contains the header and the body section. The body contains the actual data - we want to send - in an XML format. There are two encoding styles, but we usually choose literal, which means that our application or its SOAP driver does the XML serialization and unserialization of the data. SOAP messages travel as HTTP messages with SOAP+XML MIME subtype. These HTTP messages can be multipart, so optionally we can attach files to SOAP messages. Obviously we use a client-server architecture, so the SOAP clients send requests to the SOAP webserices and the services send back responses to the clients. Most of the webservices use a WSDL file to describe the service. The WSDL file contains the XML Schema (XSD hereafter) of the data we want to send and the WSDL binding which defines how the webservice is bound to the HTTP protocol. There are two binding styles: RPC and document. By the RPC style binding the SOAP body contains the representation of an operation call with the parameters (HTTP requests) or the return values (HTTP response). The parameters and return values are validated against the XSD. By the document style binding the SOAP body contains an XML document which is validated against the XSD. I think the document binding style is better suited to event based systems, but I never used that binding style. The RPC binding style is more prevalent, so most people use SOAP for XML/RPC purposes by distributed applications. The webservices usually find each other by asking an UDDI server. UDDI servers are registries which store the location of the webservices.

SOAP RPC

因此，在我看来，最流行的SOAP web服务使用RPC绑定样式和文字编码样式，它具有以下属性:

It maps URLs to operations. It sends messages with SOAP+XML MIME subtype. It can have a server side session store, there are no constraints about that. The SOAP client drivers use the WSDL file of the service to convert the RPC operations into methods. The client side application communicates with the SOAP webservice by calling these methods. So most of the SOAP clients break by interface changes (resulting method names and/or parameter changes). It is possible to write SOAP clients which won't break by interface changes using RDF and find operations by semantics, but semantic webservice are very rare and they don't necessarily have a non breaking client (I guess).

REST

REST (representational state transfer) is an architecture style which is described in the dissertation of Roy Fielding. It does not concern about protocols like SOAP does. It starts with a null architecture style having no constraints and defines the constraints of the REST architecture one by one. People use the term RESTful for webservices which fulfill all of the REST constraints, but according to Roy Fielding, there are no such things as REST levels. When a webservice does not meet with every single REST constraint, then it is not a REST webservice.

其他约束

Client - server architecture - I think this part is familiar to everyone. The REST clients communicate with the REST webservices, the webservices maintain the common data - resource state hereafter - and serve it to the clients. Stateless - The "state transfer" part of the abbreviation: REST. The clients maintain the client state (session/application state), so the services must not have a session storage. The clients transfer the relevant part of the client state by every request to the services which respond with the relevant part of the resource state (maintained by them). So requests don't have context, they always contain the necessary information to process them. For example by HTTP basic auth the username and the password is stored by the client, and it sends them with every request, so authentication happens by every request. This is very different from regular webapplications where authentication happens only by login. We can use any client side data storage mechanism like in-memory(javascript), cookies, localStorage, and so on... to persist some parts of the client state if we want. The reason of the statelessness constraint, that the server scales well - even by very high load (millions of users) - when it does not have to maintain the session of every single client. Cache - The response must contain information about it can be cached by the client or not. This improves scalability further. Uniform interface Identification of resources - REST resource is the same as RDF resource. According to Fielding if you can name something, then it can be a resource, for example: "the current local weather" can be a resource, or "your mobile phone" can be a resource, or "a specific web document" can be a resource. To identify a resource you can use resource identifiers: URLs and URNs (for example ISBN number by books). A single identifier should belong only to a specific resource, but a single resource can have many identifiers, which we frequently exploit for example by pagination with URLs like https://example.com/api/v1/users?offset=50&count=25. URLs have some specifications, for example URLs with the same pathes but different queries are not identical, or the path part should contain the hierarhical data of the URL and the query part should contain the non-hierarchical data. These are the basics of how to create URLs by REST. Btw. the URL structure does matter only for the service developers, a real REST client does not concern with it. Another frequently asked question is API versioning, which is an easy one, because according to Fielding the only constant thing by resource is semantics. If the semantics change, then you can add a new version number. You can use classical 3 number versioning and add only the major number to the URLs (https://example.com/api/v1/). So by backward compatible changes nothing happens, by non-backward compatible changes you will have a non-backward compatible semantics with a new API root https://example.com/api/v2/. So the old clients won't break, because they can use the https://example.com/api/v1/ with the old semantics. Manipulation of resources through representations - You can manipulate the data related to resources (resource state) by sending the intended representation of the resources - along with the HTTP method and the resource identifier - to the REST service. For example if you want to rename a user after marriage, you can send a PATCH https://example.com/api/v1/users/1 {name: "Mrs Smith"} request where the {name: "Mrs Smith"} is a JSON representation of the intended resource state, in other words: the new name. This happens vica-versa, the service sends representations of resources to the clients in order to change their states. For example if we want to read the new name, we can send a GET https://example.com/api/v1/users/1?fields="name" retrieval request, which results in a 200 ok, {name: "Mrs Smith"} response. So we can use this representation to change the client state, for example we can display a "Welcome to our page Mrs Smith!" message. A resource can have many representations depending on the resource identifier (URL) or the accept header we sent with the request. For example we can send an image of Mrs Smith (probably not nude) if image/jpeg is requested. Self-descriptive messages - Messages must contain information about how to process them. For example URI and HTTP method, content-type header, cache headers, RDF which describes the meaning of the data, etc... It is important to use standard methods. It is important to know the specification of the HTTP methods. For example GET means retrieving information identified by the request URL, DELETE means asking the server to delete the resource identified by the given URL, and so on... HTTP status codes have a specification as well, for example 200 means success, 201 means the a new resource has been created, 404 means that the requested resource was not found on the server, etc... Using existing standards is an important part of REST. Hypermedia as the engine of application state (HATEOAS hereafter) - Hypermedia is a media type which can contain hyperlinks. By the web we follow links - described by a hypermedia format (usually HTML) - to achieve a goal, instead of typing the URLs into the addres bar. REST follows the same concept, the representations sent by the service can contain hyperlinks. We use these hyperlinks to send requests to the service. With the response we get data (and probably more links) which we can use to build the new client state, and so on... So that's why hypermedia is the engine of application state (client state). You probably wonder how do clients recognize and follow the hyperlinks? By humans it is pretty simple, we read the title of the link, maybe fill input fields, and after that just a single click. By machines we have to add semantics to the links with RDF (by JSON-LD with Hydra) or with hypermedia specific solutions (for example IANA link relations and vendor specific MIME types by HAL+JSON). There are many machine readable XML and JSON hypermedia formats, just a short list of them: XHTML ATOM+XML RDF+XML HAL+XML HAL+JSON JSON-LD RDF+JSON Siren Collection+JSON Sometimes it is hard to choose... Layered system - We can use multiple layers between the clients and the services. None of them should know about all of these additonal layers, just of layer right next to it. These layers can improve scalability by applying caches and load balancing or they can enforce security policies. Code on demand - We can send back code which extends the functionality of the client, for example javascript code to a browser. This is the only optional constraint of REST.

REST web服务与SOAP RPC web服务的区别

因此，REST web服务与SOAP web服务(具有RPC绑定样式和文字编码样式)非常不同。

It defines an uniform interface (intead of a protocol). It maps URLs to resources (and not operations). It sends messages with any MIME types (instead of just SOAP+XML). It has a stateless communication, and so it cannot have a server side session storage. (SOAP has no constraint about this) It serves hypermedia and the clients use links contained by that hypermedia to request the service. (SOAP RPC uses operation bindings described in the WSDL file) It does not break by URL changes only by semantics changes. (SOAP RPC clients without using RDF semantics break by WSDL file changes.) It scales better than a SOAP webservice because of its stateless behavior.

等等……

SOAP RPC web服务不满足所有REST约束:

客户-服务器架构——总是这样 无状态-可能 缓存-可能 统一接口-从不 分层系统-从不 按需编码(可选)-可能

REST

I understand the main idea of REST is extremely simple. We have used web browsers for years and we have seen how easy, flexible, performing, etc web sites are. HTML sites use hyperlinks and forms as the primary means of user interaction. Their main goal is to allow us, clients, to know only those links that we can use in the current state. And REST simply says 'why not use the same principles to drive computer rather than human clients through our application?' Combine this with the power of the WWW infrastructure and you'll get a killer tool for building great distributed applications.

另一种可能的解释是针对具有数学思维的人。每个应用程序基本上都是一个状态机，业务逻辑操作是状态转换。REST的思想是将每个转换映射到某个资源的请求上，并向客户端提供表示当前状态下可用转换的链接。因此，它通过表示和链接对状态机建模。这就是为什么它被称为具象状态传输。

It's quite surprising that all answers seem to focus either on message format, or on HTTP verbs usage. In fact, the message format doesn't matter at all, REST can use any one provided that the service developer documents it. HTTP verbs only make a service a CRUD service, but not yet RESTful. What really turns a service into a REST service are hyperlinks (aka hypermedia controls) embedded into server responses together with data, and their amount must be enough for any client to choose the next action from those links.

不幸的是，除了Roy Fielding的论文，在Web上很难找到关于REST的正确信息。(他是REST的发明人)。我推荐《REST in Practice》这本书，因为它提供了一个全面的循序渐进的教程，教你如何从SOAP演进到REST。

SOAP

这是RPC(远程过程调用)体系结构样式的一种可能形式。本质上，它只是一种允许客户端通过服务边界(网络、进程等)调用服务器方法的技术，就像调用本地方法一样。当然，它实际上与调用本地方法在速度、可靠性等方面有所不同，但思想就是这么简单。

相比

The details like transport protocols, message formats, xsd, wsdl, etc. don't matter when comparing any form of RPC to REST. The main difference is that an RPC service reinvents bicycle by designing it's own application protocol in the RPC API with the semantics that only it knows. Therefore, all clients have to understand this protocol prior to using the service, and no generic infrastructure like caches can be built because of proprietary semantics of all requests. Furthermore, RPC APIs do not suggest what actions are allowed in the current state, this has to be derived from additional documentation. REST on the other hand implies using uniform interfaces to allow various clients to have some understanding of API semantics, and hypermedia controls (links) to highlight available options in each state. Thus, it allows for caching responses to scale services and making correct API usage easily discoverable without additional documentation.

在某种程度上，SOAP(与任何其他RPC一样)试图通过服务边界进行隧道，将连接媒体视为只能传输消息的黑盒。REST决定承认Web是一个巨大的分布式信息系统，接受世界的现状并学会掌握它，而不是与之对抗。

当您同时控制服务器和客户端，并且交互不太复杂时，SOAP似乎非常适合内部网络api。开发人员更自然地使用它。然而，对于一个被许多独立方使用的公共API来说，它既复杂又庞大，REST应该更适合它。但最后这个比较非常模糊。

更新

My experience has unexpectedly shown REST development to be more difficult than SOAP. At least for .NET. While there are great frameworks like ASP.NET Web API, there's no tooling that would automatically generate client-side proxy. Nothing like 'Add Web Service Reference' or 'Add WCF Service Reference'. One has to write all serialization and service querying code by hand. And man, that's lots of boilerplate code. I think REST development needs something similar to WSDL and tooling implementation for each development platform. In fact, there seems to be a good ground: WADL or WSDL 2.0, but neither of the standards seems to be well-supported.

更新(2016年1月)

事实证明，现在有各种各样的REST API定义工具。目前我的个人偏好是RAML。

Web服务如何工作

嗯，这是一个过于宽泛的问题，因为它取决于特定web服务中使用的架构和技术。但一般来说，web服务只是web中的某个应用程序，它可以接受来自客户机的请求并返回响应。它暴露在网络上，因此它是一种网络服务，它通常是全天候可用的，这就是为什么它是一种服务。当然，它为客户端解决了一些问题(否则为什么有人会使用web服务)。

SOAP的问题在于它与HTTP栈背后的理想相冲突。任何中间件都应该能够在不了解请求或响应内容的情况下处理HTTP请求，但例如，常规的HTTP缓存服务器如果不知道SOAP内容的哪些部分与缓存有关，则无法处理SOAP请求。SOAP只是使用HTTP作为它自己的通信协议的包装器，就像代理一样。

基于soap的Web服务 简而言之，基于soap的服务模型将世界视为一个由相互平等的对等点组成的生态系统，这些对等点不能相互控制，但必须通过遵守已发布的契约来共同工作。这是有效的 混乱的现实世界的模型，以及基于元数据的契约形成SOAP服务接口。

我们仍然可以将SOAP与基于xml的远程过程调用相关联，但是基于SOAP的Web服务技术已经成为一种灵活而强大的消息传递模型。

SOAP假定所有系统都是独立的，并且没有系统知道其他系统的内部信息和内部功能。 这样的系统最多能做的就是互相发送消息，并希望它们能被采取行动。系统发布它们承诺遵守的契约，而其他系统依赖这些契约与它们交换消息。

Contracts between systems are collectively called metadata, and comprise service descriptions, the message exchange patterns supported and the policies governing qualities of service (a service may need to be encrypted, reliably delivered, etc.) A service description, in turn, is a detailed specification of the data (message documents) that will be sent and received by the system. The documents are described using an XML description language like XML Schema Definition. As long as all systems honor their published contracts, they can inter operate, and changes to the internals of systems never affect any other. Every system is responsible for translating its own internal implementations to and from its contracts

REST -具象状态传输。物理 协议是HTTP。基本上，REST是指web上所有可以通过URL唯一识别的不同资源。可以在这些资源上执行的所有操作都可以用一组有限的动词(“CRUD”动词)来描述，这些动词又映射到HTTP动词。

REST的“重量级”比SOAP少得多。

web服务的工作

我想这是我能解释得最简单的了。请，任何人都欢迎纠正我或补充这一点。

SOAP是一种消息格式，用于断开连接的系统(如通过internet)交换信息/数据。它处理来回的XML消息。

Web服务传输或接收SOAP消息。它们的工作方式因所用语言不同而不同。

REST是一种用于设计网络应用程序的体系结构风格。其思想是，使用简单的HTTP在机器之间进行调用，而不是使用复杂的机制(如CORBA、RPC或SOAP)来连接机器。