It’s safe to say that we’ve not seen the true power and potential of IoT yet. The IoT market is set to almost double in value in the next five years – from $760 billion to $1386 in 2026. And this growth would not even be possible without APIs.

API stands for Application Programming Interface. It’s a set of lines of codes and specifications that allow two devices to communicate with one another. They serve as the interface between different programs. And, to put it bluntly, the whole concept of IoT falls down without APIs.

Moreover, the emergence of easy-to-code web API IoT – or Rest APIs – has made IoT more developer-friendly than ever before. Now, if you’re scratching your head and wondering “what is REST in IoT?” or have any other similar questions, we’re here to help.

Want to start using P2P connectivity in IoT?

Then you’ll want to see the Nabto Platform in action. Book a meeting today with one of our P2P IoT experts to get started.

Book Consultation

What is REST API?

REST stands for REpresentational State Transfer. It’s an architectural style for developing web services. A lot of people believe that REST is one of many IoT protocols. However, REST itself is a development concept, not an IoT protocol. Web services are defined on the principles of REST and can be defined as RESTful web services or RESTful APIs. 

An API works by making a request for information known as an API call. The API architecture, in this case REST, dictates how to format that call, as well as dictating in what format the response will be. REST is the basis for the most widely used form of API and is designed to be used over any communication protocol. However, REST typically uses HTTP or CoAP to work with specific components in a particular IoT device. The components may include:

  • Files
  • Objects
  • Media

RESTful web services can use normal HTTP command verbs like POST, DELETE, PUT, and GET to make requests and interact with the components listed above.

How REST APIs Work

A REST API has an architecture made up of clients and servers. If a RESTful client web application needs a particular piece of information from another application, it can make an API call in any language. REST dictates that the response must come in the same language as the request, whether that be JSON, XML, plain text, or Python, as just a few examples. JSON is the most commonly used. 

The request format will include a header that contains a unique identifier and metadata. This data tells the responding web service exactly what information is needed and allows the requesting and responding services to track the status of the request. The response will also include a header that explains how to read and process the information contained therein.

What’s the Difference Between REST and RESTful?

While the two terms might be confusing, a RESTful web service is simply a service that abides by the REST architectural framework. So a REST API is the same as a RESTful API.

What’s better in IoT? MQTT or REST? Check out our guide here

Advantages of REST APIs


REST means that there’s a clear separation between client and server. As a result, individual components in an IoT system can be scaled up by a development team without much difficulty.

Familiarity and Usability

REST APIs use constructs that are familiar to anyone who has used HTTP – i.e., the internet. Unless you’re completely off the grid, you’ll have used the internet before.

On top of that, most IoT developers are already familiar with the REST architecture and relevant protocols, such as SSL and TLS. There is robust documentation and community support available for REST developers. This makes REST APIs the most easy-to-use API out there.


Developers can use any language that uses HTTP to make web-based requests. This is another reason why REST APIs are so popular with developers. They give you the power to program using a language you’re comfortable and familiar with to develop your IoT app.

Disadvantages of REST APIs

Limited Architecture

While the simple architecture of REST is a great entry point for budding IoT developers, those who want to do more or work with REST frequently may encounter limitations due to its architecture.

Lack of State

HTTP doesn’t store information between request and response cycles. This is called stateless functionality. 

Having a stateless API can both be an advantage and a disadvantage. On the plus side, statelessness means every request and response is purposeful and understandable. This makes it very easy for you to decipher requests within the API’s code without context. 

However, on the flip side, the majority of web applications require stateful mechanisms. And, as there is a clear separation between client and server, the burden of maintaining states falls firmly in the developer’s lap.

The more states that need to be programmed, the heavier and more difficult it becomes to maintain your IoT system.

Lack of Security

REST doesn’t impose built-in security measures, like SOAP APIs for example.

The benefit of this is that REST is able to run on public URLs. However, it’s not good if you want to set up a confidential data passage between client and server. You’ll need to add additional security measures or use a secure communication protocol along with REST for better data security.


REST APIs come in two main “flavors,” so to speak. They can either use CoAP or HTTP as the language/format for requests. HTTP is very common for REST APIs, but it doesn’t have security built in. For better security, you’d need to opt for HyperText Transfer Protocol Secure (HTTPS), which adds encryption to HTTP in the form of the Transport Layer Security (TLS) cryptography protocol. 

Unfortunately, HTTP over TLS isn’t ideal for IoT applications. IoT systems are often resource-constrained, meaning they don’t have access to a lot of energy for operation. Many IoT devices are battery powered, and no one wants to have to change batteries every other day, which is just what would be necessary if all IoT devices used HTTP or HTTPS. 

By contrast, CoAP provides a lower-powered REST-based communication protocol. DTLS, the CoAP equivalent of TLS, provides security even in low-power environments. This is the main reason CoAP is usually used for IoT applications rather than HTTP.

Examples of REST APIs

Let’s take a look at how REST APIs function within IoT. A common IoT use case is a smart security system, which could involve smart security cameras, smart motion sensors, and glass-break sensors. Each sensor and camera needs a way to communicate with a central software on a computer or smartphone so a user can interact with the system. 

A REST API could allow an embedded app in a smart security camera to communicate with the security monitoring app on the computer so you can view the security feed. Or, automated image processing software could determine that an unauthorized person has appeared in the footage and use a REST API to send an alert to the main security software or a smart alarm device. 

As a second example, suppose you have a web service like a weather app that relies on IoT devices to collect data about the environment. That app sits on a URL that you can access from any computer or phone. Then you have a second application, like a web-based travel planning software that sits on a different URL. This travel planning software could be more efficient if you could access information about weather patterns at potential destinations right on that second URL. What you need is a piece of code that sits between the two applications and allows them to communicate with each other. Then, you can see information from the weather app directly on the travel planning app. That piece of code could be a REST API.

The Bottom Line

So there you have it! You now know your REST from your RESTful and your architecture from the protocol. 

While there are undoubtedly some limitations with REST as an API, we still believe it’s the best option for your IoT system. REST requires little bandwidth, is easy to scale up, and supports any programming language.

Without an API, IoT compatibility is not possible. So, in order to REST easy, choose REST as your IoT API.

If you want to learn more about Nabto IoT Solutions – or simply want to hear what we recommend for your IoT device – get in touch with us today.

Read Our Other Resources

We’ve published a range of IoT resources for our community, including:

Want to learn more about P2P IoT?

Please visit the:
P2P IoT Academy

Deep dive Into our documentation?

Please visit the:
Nabto Platform Overview

Try our demo for Video Surveillance?

Please visit the:
Nabto Edge
Video Cam Demo

Looking for other Great posts?