 Web services and Service-Oriented Architecture (SOA) are fundamental concepts in,

 enabling interoperability, reusability, and flexibility in building distributed systems.

Web Services: systems designed to support interoperable machine-to-machine interaction

Web over a network
services • Provide a standardized way of integrating web-based applications using open
standards such as XML, SOAP, WSDL, and UDDI.
• Interoperability: facilitate seamless communication between different systems,
regardless of their underlying technologies,
• Standardization: They adhere to standardized protocols such as SOAP (Simple Object
Access Protocol) and REST (Representational State Transfer)
• Service Description: Web services are described using WSDL (Web Services Description
Language), which provides a machine-readable description of the service’s capabilities
and communication protocols.

1/12/2025
 Service-Oriented Architecture (SOA)
SOA is a software development approach that emphasizes the creation of reusable and
interoperable software services.

Service-Oriented
Architecture (SOA)
Service-Oriented)

1/12/2025
 In this architectural style, business functions and processes are implemented as software
services,

Service-Oriented
Architecture (SOA)
Service-Oriented)

1/12/2025
 Common applications of SOA include the following

 Military forces use SOA to deploy situational awareness systems.

Service-Oriented  Healthcare organizations use it to improve healthcare delivery.
Architecture (SOA)
 Mobile apps and games use SOA to access a device's built-in functions, such as
the global positioning system.
 Museums use SOA to create virtualized storage systems for their information and
content.
Disadvantages of SOA include:
• Implementation of SOA requires a large initial investment.
• Service management is complicated
• The input parameters of services are validated every time services interact,
• Scalability is limited when services must coordinate with various shared resources.

1/12/2025
 The SOAP web services architecture is based on interactions between three components:
a service provider, a service requester, and an optional service registry.
The service provider
• The collection of software that provides a web service.
Service-Oriented • The application program
Architecture (SOA) • The middleware
• The platform on which they run
The service requester
• The collection of software that is responsible for requesting a web service from a
service provider.
• The application program
• The middleware
• The platform on which they run
The service registry
The service registry is a central location where service providers can publish their service
descriptions and where service requesters can find those service descriptions.

1/12/2025
 What is SOAP
 SOAP stands for Simple Object Access Protocol, it's a transport protocol based on
XML and HTTP. It sends and receives requests and responses.

Basic Concepts What is WSDL

 WSDL or Web Services Description Language is an XML notation for describing a
web service.

What is JaxWS
 JaxWS stands for Java API for XML Web Services. It builds web services and clients
that communicate using XML.

What is SoapUI
 SoapUI is an API Testing Tool, it is used for RESTful Web Services or HTTP based
services as well as SOAP Web Services

1/12/2025
 1) Identify Business Services
Define Business Functions: Identify core functions and processes that can be represented
as services (e.g., Customer Management, Order Processing).

2) Design the Service Interfaces

•Define Communication Protocols: Choose between SOAP for structured, complex
Implementing SOAs services or REST for simpler, lightweight services.
with web services •Establish Data Contracts: Define data formats and structures for service requests and
responses (e.g., XML for SOAP, JSON for REST).
•Set up Interface Documentation: Use WSDL (for SOAP) or OpenAPI (for REST) to
document service specifications for developers.

3) Develop the Services

•Implement Services Using APIs:
• Use JAX-WS for SOAP services in Java, providing XML-based services with
advanced transaction and security features.
• Use JAX-RS for RESTful services in Java, supporting HTTP methods and lightweight
data exchange
1/12/2025
 4. Integrate Security and Reliability Features
o Implement Authentication & Authorization: Use standards like WS-Security for SOAP
or HTTPS/OAuth for REST.
o Ensure Reliability: Consider features like retries, error logging, and failover
mechanisms to handle disruptions.
Implementing SOAs 5. Deploy Services to a Service Registry
with web services o Enable Dynamic Discovery: Allow other services or clients to discover available
services and their capabilities.
6. Test the Services
o Test each service independently and as part of larger workflows.
o Security Testing: Ensure services are secure, particularly if handling sensitive data.
7. Monitor and Maintain Services
o Implement Version Control: Use versioning to manage changes over time without
breaking existing integrations.

1/12/2025
 1. Build
development and testing of the Web service
implementation, the definition of the service interface description and the definition of the
service implementation description.
2. Deploy
development includes the publication of the service interface and service
lifecycle implementation definition to a service requestor or service registry and deployment of the
executables for the Web service into an execution environment.
3. Run
the Web service is available for invocation. At this point, the Web
service is fully deployed, operational and network-accessible from the service provider.
4. Manage
ongoing management and administration of the Web service
application. Security, availability, performance and business processes

1/12/2025
API and Web Service
1.Similarities:
• Both facilitate communication between software applications.
• Both use protocols like HTTP.
• Both can enable integration and automation.
2.Differences:
• API (Application Programming Interface) is a broader term that includes Web Services but
also encompasses other types of interfaces, such as libraries or system APIs.
• Web Services specifically refer to APIs that use web protocols for communication.

 APIs and Web Services are basic in modern development for creating microservices, integrating
third-party functionalities, and enabling cloud-based systems.

 APIs and Web Services are fundamental to software interoperability, enabling applications to
share data, perform actions, and build connected ecosystems.
 Java provides a set of APIs (Application Programming Interfaces) for building
web services.

• AX-WS Application: JAX-WS (Java API for XML Web Services) : allows developers to
Java Web Services create SOAP-based web services.
API • JAX-RS Application: JAX-RS (Java API for RESTful Web Services) : with a set of
annotations and classes to create RESTful endpoints using Java.

1/12/2025
 JAX-WS, which allow developers to mark Java classes and methods for easy
deployment as web services.

For instance:
JAX-WS • @WebService: Defines the class as a web service.
• @WebMethod: Marks a method as accessible via the web service.
• @WebParam: Defines parameters for the web service methods.
 WSDL Generation: JAX-WS can automatically generate a WSDL (Web
Services Description Language) document, which describes the web
service's operations, data types, and endpoint information. WSDL is
essential for clients as it enables them to understand how to interact with
the service.
 Data Binding with JAXB: JAX-WS uses JAXB (Java Architecture for XML
Binding) to convert between Java objects and XML, allowing for seamless
XML handling within Java code.

1/12/2025
Task 1

• Create a SOAP Web Service

• Building SOAP–based services with JAX–WS
• Developing RESTful services with JAX–RS
HTTP
Common Methods
HTTP Request-Response Cycle GET: Retrieve data.
POST: Submit data.
Request: Sent by the client (browser). PUT: Update data.
DELETE: Remove data.
Example: "GET /index.html HTTP/1.1"

Response: Sent by the server. Status Codes

Categories:
Example: "200 OK" followed by content. 1xx: Informational (e.g., "100 Continue")
2xx: Success (e.g., "200 OK")
3xx: Redirection (e.g., "301 Moved Permanently")
4xx: Client Errors (e.g., "404 Not Found")
5xx: Server Errors (e.g., "500 Internal Server Error")
Headers, Type
WSDL

WSDL, an XML-based language,

defines how to communicate using
SOAP, outlining the operations and data
required.

includes definitions, types, messages,

port types, bindings, and services.
WSDL's essential elements

WSDL's essential elements, which include:

•types: Specifies the web service's data types, detailing the structure of inputs and outputs.
•message: Establishes the data composition for each operation, comprising input and output
data.
•portType: Lists the web operations the service supports, along with corresponding inputs and
outputs for each operation.
•binding: Maps operations to particular transport protocols or data formats, e.g., SOAP over
HTTP.
•service: Indicates the web service's access points, providing necessary details for client
access.
Facilitate data interchange between disparate systems various
scenarios

Enterprise Application Integration

In complex organizational landscapes, SOAP and WSDL ensure consistent and
interoperable data flow among different departments and between enterprises and
their clientele.

Facilitating B2B Communications

For structured data exchange in business-to-business (B2B) interactions, SOAP and
WSDL offer a standardized mechanism, streamlining the development and
consumption of web services.
Cont.
Securing Government and Healthcare Communications
Given the stringent security and standardization requirements in government and healthcare sectors,
SOAP and WSDL provide the necessary infrastructure for dependable and interoperable data
exchange.

Financial Transactions
In the financial domain, where sensitive data exchange and compliance are paramount, these
technologies are instrumental in defining and securing web services.

Harmonizing Cross-Platform Applications

They enable standardized communication protocols across diverse platforms and programming
languages, ensuring seamless interaction between applications.

Telecommunications Networking
In telecommunications, SOAP and WSDL facilitate structured and interoperable communication
protocols across various network components.
WSDL Files with Apidog
XML Essentials
Introduction to XML
 XML (eXtensible Markup Language) is a markup language designed to store and transport
data in a platform-independent and human-readable format.
 It uses tags to structure information and is both machine-readable and human-readable.
 Common applications include configuration files, data exchange between systems, and web
services.
XML Tree Structure
<root>
<child>
<subchild>.....</subchild>
</child>
</root>
 <!DOCTYPE book [
DTD vs. XSD <!ELEMENT book (title, author, price)>
<!ELEMENT title (#PCDATA)>
<!ELEMENT author (#PCDATA)>
<!ELEMENT price (#PCDATA)>
 DTD (Document Type Definition) ]>
<book>
<title>Learning XML</title>
 Simple way to define the structure of an XML document. <author>Jane Doe</author>
<price>39.99</price>
</book>
 Limited in functionality and lacks support for data types.

 Syntax is not XML-based. <xs:schema

xmlns:xs="http://www.w3.org/2001/XMLSchema">
 XSD (XML Schema Definition) <xs:element name="book">
<xs:complexType>
 More powerful than DTD; written in XML format. <xs:sequence>
<xs:element name="title" type="xs:string"/>
 Supports data types (e.g., integers, dates) and namespaces. <xs:element name="author" type="xs:string"/>
<xs:element name="price" type="xs:decimal"/>
</xs:sequence>
 Allows more precise validation of XML documents. </xs:complexType>
</xs:element>
</xs:schema>
Key Elements in XSD:
•Elements and Attributes: Define the structure of XML data.
•Data Types: xs:string, xs:integer, etc., to enforce data consistency.
•Constraints:
•Min/Max Occurrences: Limits the number of times an element can appear.
•Pattern Restrictions: Define allowed formats (e.g., phone numbers, emails).
•Complex Types: Define elements containing child elements or attributes.
•Simple Types: Restrict single-value elements.

Example XSD:
xml
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:element name="book">
<xs:complexType> <xs:sequence> <xs:element name="title" type="xs:string"/> <xs:element
name="author" type="xs:string"/> <xs:element name="price" type="xs:decimal"/>
</xs:sequence> </xs:complexType> </xs:element> </xs:schema>
Validation:
•XML documents can be validated against XSDs to ensure compliance.
•Tools like xmllint, online validators, or IDE plugins assist in validation.
XML Parsing?
The process of reading and processing an XML document to extract or manipulate data.
Types of parsers:
 DOM (Document Object Model): Loads the entire XML document into memory as a tree
structure.
 SAX (Simple API for XML): Reads XML sequentially without loading the entire document
into memory.
 StAX (Streaming API for XML): Combines the advantages of DOM and SAX by allowing
both sequential reading and event-based processing.
Various Other XML Binding APIs

 JAXB (Java Architecture for XML Binding): Maps XML to Java objects and vice versa.

 XMLBeans: Apache tool for accessing XML by binding it to Java types.

 SimpleXML: PHP extension for working with XML documents.

 NET XML Serialization: In the .NET framework, used to serialize objects to XML and

deserialize XML to objects.

Exercise
1. Describe a real-world scenario where XML is used and why it is
preferred over other data
2. Compare XML to JSON.
Structure of SOAP Messages
SOAP (Simple Object Access Protocol) messages are XML-based and consist of a standard
structure that ensures interoperability between systems.
Basic Structure of a SOAP Message:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<!-- Optional header information -->
</soap:Header>
<soap:Body>
<!-- Request or response data -->
</soap:Body>
</soap:Envelope>

Key Components:
1.Envelope:
1. The root element of a SOAP message.
2. Defines the namespace and structure of the message.
2.Header (Optional):
1. Contains metadata or processing instructions.
2. Used for authentication, transaction management, or routing.
Body:
•The main content of the message.
•Contains the actual payload, such as the request or response data.
•Errors and faults are also included here.

<soap:Header>
<auth:Security xmlns:auth="http://example.com/security">
<auth:Token>ABC123</auth:Token>
</auth:Security>
</soap:Header>

<soap:Body>
<m:GetStockPrice xmlns:m="http://example.com/stock">
<m:StockSymbol>GOOGL</m:StockSymbol>
</m:GetStockPrice>
</soap:Body>

Fault (Optional):
•Communicates errors encountered during processing.
•Contains elements like faultcode, faultstring, and detail.
Role of SOAP in Web Services
SOAP plays a crucial role in enabling communication between applications over the internet. It is widely used
in web services for the following reasons:
Key Roles of SOAP:
1.Platform-Independent Communication:
1. Uses XML, ensuring interoperability across different programming languages and platforms.
2.Transport Protocol Flexibility:
1. Works over HTTP, HTTPS, SMTP, or other protocols.
3.Standardized Messaging Framework:
1. Provides a structured format for request and response messages.
4.Support for Complex Operations:
1. Handles multiple operations, return types, and error reporting.
5.Security and Reliability:
1. Integrates with WS-Security for message-level encryption and authentication.
2. Can be used with protocols like WS-ReliableMessaging for guaranteed delivery.
6.Error Handling:
1. Standardized fault reporting mechanism simplifies debugging and error communication.
Implementing SOAP Web Services
• There are certain steps to implement SOAP Web Services with JAX-WS
• First, you need to define Service endpoint interfaces (SEI) which specify the methods
to expose as web service.
• Next, you need to implement SEI with a Java class.
• Then you need to Annotate the SEI and its implementation class with JAX-WX
annotations to specify the web service details.
• Package web service classes to the WAR file and deploy it to a web server.
2. Implementing RESTful Web Services with JAX-RS
• First you need to define the resources that represents the web services and its
methods.
• Then you need to annotate the resource class and its methods with JAX-RS
annotations to specify the web service package.
• At last we need to package the web service classes and deploy it to a web server.
Implementing Code–First Web Services

Create a SOAP Web Service: A Step-by-Step Tutorial | Dharshitha Senevirathne Medium

Java JAX-WS SOAP Web Service Tutorial Using Eclipse, MySQL

Code First and Contract First
• “Code First” and “Contract First”.
• in the Contract First approach, the service provider defines the WSDL
document first and develops the service according to it and publishes the
WSDL after deploying the service inside a Web service engine
• tin the Code First approach,
• Web service developer writes his business logic first and deploys it as a Web
service inside a Web service engine. The engine generates the WSDL for the
developer who finally publishes the generated WSDL
• If the developer is trying to use the Code First approach, he just has
to write his code and deploy in the engine which internally generates
the WSDL.
Code First Approach
• The Code First approach is simple, less time consuming and easy to
use for people who are not familiar with Web services standards.

• But this approach provides less control over the service contract as
the WSDL is generated by WSO2 Web Services Application Server
(WSO2 WSAS). If someone changes the service code, WSDL will be
changed accordingly.
Contract First Approach
• development of the service is started from a WSDL definition, which
becomes a contract between the service provider and the client.
• In this approach, WSDL definition is defined using Web services standards
and the service implementation is done after that according to this
contract.

• Contract First approach is more complex compared to Code First approach.

And also it requires an in depth understanding of Web services standards.
But it is the recommended approach in the Web services world. In this
approach, the contract between the service provider and the client is kept
constant.
Implementing Code–First Web Services
• Exposing plain old Java objects (POJOs) as web services
• Applying JAX–WS annotations to POJOs
• Configuring and deploying a web service implementation

Implementing SOAP clients in Java

• Generating client–side artifacts from WSDL
• Modifying client code to permit message monitoring
• Authenticating and authorizing clients

Augmenting SOAP–based services

• Incorporating best practices for web services
• Implementing policies for security, reliability and message optimization
Writing Contract-First Web Services
• developing web services that start with the XML Schema/WSDL
contract first followed by the Java code second
Messages
• we will focus on the actual XML messages that are sent to and from
the Web service.

Holiday
In the scenario, we have to deal with holiday requests, so it makes sense to determine what a holiday looks
like in XML:
<Holiday xmlns="http://mycompany.com/hr/schemas">
<StartDate>2006-07-03</StartDate>
<EndDate>2006-07-07</EndDate>
</Holiday>
A holiday consists of a start date and an end date.
Employee What is important is that all of the data is there. In fact, the
There is also the notion of an employee in the scenario. data is the only thing that is important: we are taking a data-
Here is what it looks like in XML: driven approach.
<Employee
xmlns="http://mycompany.com/hr/schemas">
<Number>42</Number>
<FirstName>Arjen</FirstName>
<LastName>Poutsma</LastName> </Employee>

HolidayRequest
Both the holiday and employee element can be put in a <HolidayRequest/>:

<HolidayRequest xmlns="http://mycompany.com/hr/schemas">
<Holiday>
<StartDate>2006-07-03</StartDate>
<EndDate>2006-07-07</EndDate>
</Holiday>
<Employee>
<Number>42</Number>
<FirstName>Arjen</FirstName>
<LastName>Poutsma</LastName>
</Employee>
</HolidayRequest>
Data Contract

This data contract defines the message format we accept. There are four different ways of defining
such a contract for XML:

•DTDs
•XML Schema (XSD)
•RELAX NG
•Schematron

DTDs have limited namespace support, so they are not suitable for Web services. Relax NG and
Schematron certainly are easier than XML Schema.

Unfortunately, they are not so widely supported across platforms. We will use XML Schema.
• Any good XML editor or Java IDE offers easiest way to create an XSD

We store this file as hr.xsd.

1. all tells the XML parser that the order of <Holiday/> and <Employee/> is not significant.
2. We use the xsd:date data type, which consist of a year, month, and day, for <StartDate/> and <EndDate/>.
3. xsd:string is used for the first and last name.
Service contract
• A service contract is generally expressed as a WSDL file. Note that in Spring-WS, writing
the WSDL by hand is not required. Based on the XSD and some conventions, Spring-WS
can create the WSDL for you.
1. We import the schema “Data Contract”.
2. We define the HolidayRequest message, which gets used in the portType.
3. The HolidayRequest type is defined in the schema.
4. We define the HumanResource port type, which gets used in the binding.
5. We define the HumanResourceBinding binding, which gets used in the port.
6. We use a document/literal style.
7. The literal http://schemas.xmlsoap.org/soap/http signifies a HTTP transport.
8. The soapAction attribute signifies the SOAPAction HTTP header that will be sent with every request.
9. The http://localhost:8080/holidayService/ address is the URL where the Web service can be invoked.
Implementing the Endpoint
In Spring-WS, you will implement Endpoints to handle incoming XML
messages. An endpoint is typically created by annotating a class with
the @Endpoint annotation. In this endpoint class, you will create one
or more methods that handle incoming request. The method
signatures can be quite flexible: you can include just about any sort of
parameter type related to the incoming XML message.
• import org.springframework.beans.factory.annotation.Autowired;
• import org.springframework.ws.server.endpoint.annotation.Endpoint;
• import org.springframework.ws.server.endpoint.annotation.PayloadRoot;
• import org.springframework.ws.server.endpoint.annotation.RequestPayload;
1. The HolidayEndpoint is annotated with @Endpoint.
This marks the class as a special sort of Component, suitable for handling XML messages in Spring-WS, and also making it eligible
for suitable for component scanning.

2. The HolidayEndpoint requires the HumanResourceService business service to operate, so we inject the dependency via the
constructor and annotate it with @Autowired. Next, we set up XPath expressions using the JDOM API. There are three
expressions: //hr:StartDate for extracting the <l;StartDate> text value, //hr:EndDate for extracting the end date and
concat(//hr:FirstName,’ ‘,//hr:LastName) for extracting and concatenating the names of the employee.

3. The @PayloadRoot annotation tells Spring-WS that the handleHolidayRequest method is suitable for handling XML messages.
The sort of message that this method can handle is indicated by the annotation values, in this case, it can handle XML elements
that have the HolidayRequest local part and the http://mycompany.com/hr/schemas namespace.

• The handleHolidayRequest(..) method is the main handling method method, which gets passed with the <HolidayRequest/>
element from the incoming XML message.
• The @RequestPayload annotation indicates that the holidayRequest parameter should be mapped to the payload of the
request message. We use the XPath expressions to extract the string values from the XML messages, and convert these
values to Date objects using a SimpleDateFormat. With these values, we invoke a method on the business service. Typically,
this will result in a database transaction being started, and some records being altered in the database.
• Finally, we define a void return type, which indicates to Spring-WS that we do not want to send a response message. If we
wanted a response message, we could have returned a JDOM Element that represents the payload of the response message.
Routing the Message to the Endpoint

As part of writing the endpoint, we also used the @PayloadRoot annotation to indicate which sort
of messages can be handled by the handleHolidayRequest method. In Spring-WS, this process is
the responsibility of an EndpointMapping. Here we route messages based on their content, by
using a PayloadRootAnnotationMethodEndpointMapping. The annotation used above:

@PayloadRoot(namespace = "http://mycompany.com/hr/schemas", localPart = "HolidayRequest")

RESTful Web Services
• REST or Representational State Transfer is an architectural style that
can be applied to web services to create and enhance properties like
performance, scalability, and modifiability.
• RESTful web services are generally highly scalable, light, and
maintainable and are used to create APIs for web-based applications.
• It exposes API from an application in a secure and stateless manner to
the client. The protocol for REST is HTTP.
• In this architecture style, clients and servers use a standardized
interface and protocol to exchange representation of resources.
REST API
REST became popular due to the following reasons:

• It allows web applications built using different programming languages to

communicate with each other. Also, web applications may reside in
different environments, like on Windows, or for example, Linux.
• Mobile devices have become more popular than desktops. Using REST, you
don’t need to worry about the underlying layer for the device. Therefore, it
saves the amount of effort it would take to code applications on mobiles to
talk with normal web applications.
• Modern applications have to be made compatible with the Cloud. As
Cloud-based architectures work using the REST principle, it makes sense for
web services to be programmed using the REST service-based architecture.
Principles of RESTful applications
REST architecture is based on four key principles: Resources, Representations, Uniform
Interface, and Statelessness.
• Resources: Resources are the key components of REST architecture. A resource is an entity
that can be accessed and manipulated through a URI. In REST, everything is considered a
resource, including data, images, videos, and any represented as a resource.
• Representations: Representations are the different ways a resource can be presented. A
resource can be represented in different formats such as XML, JSON, or HTML. A client can
request a specific representation of a resource, and the server will respond with the requested
representation.
• Uniform Interface: The uniform interface is a set of constraints that simplify communication
between the client and the server. The four constraints of the uniform interface are:
•Identification of resources: Each resource is identified by a unique URI.
• Manipulation of resources through representations: Clients can manipulate resources
through their representations, using standard HTTP methods like GET, POST, PUT,
DELETE,
• Self-descriptive messages: Each message includes enough information to describe how it
should be processed.
• Statelessness: REST architecture is stateless, meaning that each request from the client to the
server must contain all the information necessary to understand the request. The server
cannot store any information about the client’s previous interactions.
Advantages of RESTful web services
• Speed: As there is no strict specification, RESTful web services are
faster as compared to SOAP. It also consumes fewer resources and
bandwidth.
• Compatible with SOAP: RESTful web services are compatible with
SOAP, which can be used as the implementation.
• Language and Platform Independency: RESTful web services can be
written in any programming language and can be used on any
platform.
• Supports Various Data Formats: It permits the use of several data
formats like HTML, XML, Plain Text, JSON, etc.
AJAX and JSON
What is AJAX?
AJAX enables web pages to communicate with servers asynchronously, meaning the page
doesn’t reload or refresh while sending or receiving data.

Key Features of AJAX:

1.Sends and receives data asynchronously.
2.Improves user experience by avoiding full-page reloads.
3.Works with JSON, XML, or plain text as data formats.

What is JSON?
JSON (JavaScript Object Notation) is a lightweight data format for structuring and exchanging
data. It is commonly used with AJAX for server responses and requests.
How AJAX and JSON Work Together
AJAX is a very popular concept that is used to update the page without reloading the page.
AJAX stands for Asynchronous Javascript And XML and because of that many Developers
think that AJAX will only use XML to export and import data but that is not true. AJAX can use
XML to transport any kind of data but can also transport data in JSON or any other plain text.

1.AJAX Request: A request is sent to the server using JavaScript.

2.Server Response: The server processes the request and sends back a JSON response.
3.Update Webpage: The client-side script parses the JSON and updates the webpage
dynamically.
Using JSON in RESTful API Requests

When interacting with a RESTful API, the client typically sends HTTP requests to the server. The
request may contain JSON data, especially when creating or updating resources (using POST or
PUT).

1. Sending JSON Data with POST

A POST request is often used to create new resources on the server. The client sends a JSON
payload in the body of the request.

POST /api/users HTTP/1.1

Host: example.com
Content-Type: application/json { "name": "Jane Doe", "email":
"[email protected]", "age": 28 }

Here, the Content-Type: application/json header tells the server that the body of the request contains JSON
data. The server parses the JSON and processes it to create a new resource.
Securing Web service
The general approach
■ Transport-level security such as firewalls, virtual private networks, basic
authentication, non-repudiation, and encryption.
■ Message-level security such as using authentication tokens to validate
requester identity and authorization assertions to control access to
provider services.
■ Data-level security such as encryption and digital signature to protect
against altering stored and/or transmitted data.
■ Environment-level security such as management, logging, and auditing to
identify problems that need to be fixed and establishing trusted relationships and
communication patterns.
• Identity: Identity management for Web services is similar to identity
management for any IT system in that the subject (whether a person, machine,
program, or abstraction such as a process flow) is given a unique or unambiguous
name within the security domain

• Authentication: Authentication is the process through which an authority verifies

a subject’s identity, based on some set of proof such as a password or personal
identification number (PIN).

• Digital Signature: A digital signature signs a message digest using a public/private

key pair. A hash algorithm creates the message digest, and the encryption
algorithm signs the digest (with the private key).
Summary
• A web service is a software system designed to support interoperable machine-to-machine interaction over
a network. Web services use standard protocols like HTTP, SOAP, REST, and more to exchange data between
different systems.
• The primary goal of web services is to enable communication between different systems that may be
developed in different programming languages.
SOAP (Simple Object Access Protocol)
• SOAP is a protocol used for exchanging structured information in the implementation of web services. It
uses XML to encode the message and typically relies on HTTP or SMTP for message negotiation and
transmission.
• SOAP is more rigid and is designed to be platform- and language-agnostic, offering greater security and
transaction reliability.
REST (Representational State Transfer)
• REST is an architectural style for building web services, making use of standard HTTP methods like GET, POST,
PUT, and DELETE.
• RESTful web services are lightweight, stateless, and designed to be scalable. Unlike SOAP, they use simple
HTTP protocols and often return data in formats like JSON or XML.
WSDL (Web Services Description Language)
• WSDL is an XML-based language used to describe the functionality and interface of a web service. It provides a detailed
description of the service, such as the operations it can perform, the format of the input and output messages, and the protocols
used.
• It is commonly used in SOAP-based web services to describe the service and its operations.
UDDI (Universal Description, Discovery, and Integration)
• UDDI is a directory service where businesses can register and discover web services. It allows for searching for available services
by their name, description, or other criteria.
• UDDI serves as a "phonebook" for web services, enabling service providers and consumers to locate each other.
HTTP (HyperText Transfer Protocol)
• HTTP is the foundation of data communication for the World Wide Web. In the context of web services, HTTP is commonly used as
the protocol for communication between the client and the server.
• For RESTful web services, HTTP methods (GET, POST, PUT, DELETE) are used to interact with resources.
JSON (JavaScript Object Notation)
• JSON is a lightweight data-interchange format that is easy for humans to read and write and easy for machines to parse and
generate.
• JSON is commonly used as a data format in RESTful web services for request and response messages.
XML (Extensible Markup Language)
• XML is a markup language used to encode documents in a format that is both human-readable and machine-readable.
• In SOAP-based web services, XML is typically used for request and response messages.
Service-Oriented Architecture (SOA)
• SOA is a design principle where services are provided to the other components over a network. Web services are one of the key
elements of SOA, enabling loose coupling between service providers and consumers.
• SOA promotes the idea of using reusable services to simplify the integration of different systems.
Client and Server
• The client is the application or system that makes a request to the web service.
• The server is the application or system that provides the functionality of the web service and responds to the client’s requests.
Web Service Architecture
• Web services generally follow a client-server architecture where the client requests services from the server. In a web service, the
client and server communicate over standard protocols like HTTP, using XML or JSON for data exchange.
• The architecture can be stateless (each request from a client to a server is independent and does not rely on previous requests).
Security in Web Services
• Security measures such as SSL/TLS encryption are used to protect data being transmitted between client and server. For SOAP-
based services, there are additional standards such as WS-Security that provide message-level security for authentication and
encryption.
• RESTful services often rely on simpler HTTP-based security mechanisms like API keys, OAuth, and JWT (JSON Web Tokens)
REST vs SOAP
• SOAP: A protocol with specific standards and security features, making it better suited
for complex operations, but with a heavier communication overhead.
• REST: An architectural style that is more lightweight, faster, and simpler, usually favored
for simpler or mobile applications, providing flexibility with fewer constraints.
XML Schema
• An XML Schema is used to define the structure of XML documents exchanged in SOAP-
based web services. It ensures that the data being sent follows the required format and
structure.
API (Application Programming Interface)
• Web services can be considered a type of API. An API is a set of functions or protocols
that allows one application to interact with another. Web services, especially RESTful
services, are a common way to expose APIs over the web.
Service Endpoint
• A service endpoint is a network address (usually a URL) where a web service can be
accessed. It is the location where clients send requests and where the web service
processes and responds to those requests.