2024-05-19

Why the requests on Soap are POST?

Understanding Soap limitations compared to REST rules

This week, I received a bug report where a customer said that there were connection problems accessing an application inside my cluster environment. Basically, they were sending a GET request to search for data.

They created a list of potential issues, such as missing firewall rules or an incorrect XML tag. However, none of these assumptions were correct.

So, I started to debug our Ingress controller log and I figured out the requests sent by SoapUI used the POST method, while those requests sent by our customer’s application were using the GET method.

Why do POST requests work?

When you use SoapUI, all requests will use the POST method, whether you are going to insert, delete, update, or search for data.

The action that you are going to perform is encapsulated in the Soap body message, then. The XML file should have a tag indicating the action you want to execute.

Here is an example of a request:

<!-- Product Search Request -->
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
                  xmlns:prod="http://example.com/productsearch">
    <soapenv:Header>
        <prod:RequestHeader>
            <prod:TransactionID>123456789</prod:TransactionID>
            <prod:RequestDate>2024-05-10T14:00:00Z</prod:RequestDate>
        </prod:RequestHeader>
    </soapenv:Header>
    <soapenv:Body>
    <!--Define the action to be executed below-->
        <prod:ProductSearchRequest> 
            <prod:ProductName>Example Product</prod:ProductName>
            <prod:Category>Electronics</prod:Category>
            <prod:PriceRange>
                <prod:Low>100</prod:Low>
                <prod:High>500</prod:High>
            </prod:PriceRange>
        </prod:ProductSearchRequest>
    </soapenv:Body>
</soapenv:Envelope>

We define the action that we want to execute, it could be a ProductInsertRequest or ProductDeleteRequest. It doesn’t matter what the action is, everything will be sent as POST.

You are probably familiar with REST rules where the action defines the method you are going to use. For example, if you want to search for data, you need to use GET method.

Regarding my customer’s bug, we tried to execute CURL command with the POST method and it worked. So, those assumptions about firewall and XML were incorrect, we just had to change the method to confirm it.

My idea is to share how do I solved this problem and also create a reminder for it. I’m completely sure that I’ll see this bug again.