Software systems used today have to communicate with each other and perform various data transfers between them due to many requirements. The increase in distributed systems and the need for integrations between systems has created the concept of "Web Service" and led to its development. In short, Web Services represent protocols/rules that enable different software systems to talk to each other and the software that provides these protocols/rules are called web service software.
REST is a set of data transfer management and rules developed to create distributed architecture applications. Its name is Representational State Transfer, which translates as "Representational State Transfer" in Turkish. It runs on HTTP and is simpler than other alternatives. Since data transfer is performed with basic content, it is much more efficient than alternatives in terms of speed. It enables applications to communicate by carrying XML or JSON data between client and server. Web services written in accordance with REST standards are called RESTful services.
REST is stateless. There is no state or content information about the clients on the server, their previous requests and status are irrelevant. It is intended to send the same response to all requests coming to the same address with the same parameters and the same methods. This makes applications more flexible and easier. In REST standards, no additional header information is stored in the data carried between the client and the server, there are no details about the client, this information is not carried between the client and the server. This brings with it the advantage of speed. Therefore, REST offers lighter and more flexible solutions in service-oriented applications. This is how we can briefly define the Stateless concept in REST architecture.
REST services work by calling a URL directly and access resources. No additional components, methods or protocols are used in between. In order to include a service like SOAP in your application, you need the WSDL of the service, you need to create proxy classes, you need components to trigger remote methods. The client has to know everything about a SOAP service, it cannot call a SOAP service unless certain standards are met. But to work with a service written in REST, all you need is a URL. You call a URL, the URL returns you JSON or XML, you use the returned response and the service integration is complete. So theoretically the client application does not need to know the structure and details of a REST service. Apart from these simple standards of REST, there are no rules to follow, there is a very flexible structure.
Simple structure, easy implementation, fast operation and flexibility are the advantages of RESTful services. RESTful services also have some disadvantages. Security is one of them, but while many security mechanisms can be created automatically in SOAP services due to standards, security issues in RESTful services are part of the software developed. Transport level security is usually done through tokens. The client sends an "Login" request before invoking critical operations. As a result of this request, the client is given a value such as "Silent Token" and the requests it will make from now on are made with this value. Message Level Security is also an important issue that should be considered in the software developed. By using third party tools, the necessary security functions at both communication and message level can be easily applied to the developed software.