IoT Protocols: MQTT, CoAP, XMPP, SOAP, UPnP

By: Segiy Sergienko, 25 Mar 2019
5   min read
Reading Time: 5 minutes

There is no stopping the IoT rush. More and more devices are getting connected via IoT networks. Today, IoT isn’t just about sensors developed on a turnkey basis but also things we use every day – cars, home appliances, locks, and so on. Sirin Software may capture your interest, as we provide IoT solution development services for our clients on a daily basis. IoT protocols are the magic that developers use to connect devices into one network and enable them to exchange data.

IoT protocols are the magic that developers use to connect devices into one network and enable them to exchange data. Apart from sending and receiving data packages, these protocols ensure the network’s security and device compatibility. Today, let’s take a closer look at the most popular IoT protocols, what they are, and what purposes they can be used for.


So, let’s get acquainted with the five IoT protocols that developers use most often in their solutions (in no particular order).


MQTT (Message Queue Telemetry Transport) is an open protocol for asynchronous data exchange between physically scattered devices that works at the application layer. The protocol uses port 1883 by default (or port 8883 if an SSL connection is established). It’s not suitable for transferring voice or video data.

MQTT is used when there’s a need to minimize the data packet size and when there are restrictions on channel bandwidth. This is why MQTT is often used as the basis for industrial IoT solutions and M2M systems. If you are interested in discovering more about Sirin Software’s expertise in industrial automation solutions development, we encourage you to visit our website.

Besides MQTT itself, there is also MQTT-SN (MQTT for Sensor Networks) – another version of MQTT. It was formerly known as MQTT-S and was used mostly for solutions based on Zigbee.

As for the pros of this protocol, the key ones are:

  • Making the message size compact
  • Ensuring high performance and energy efficiency even under unstable network connections
  • Supporting several levels of the quality of service (QoS)
  • Making the integration of new devices fast and simple

To ensure data transfer is secure, MQTT enables client authentication (requirement to fill in the USERNAME and PASSWORD fields), client access control via Client ID, and TLS/SSL connection.


Described in the RFC 7252 standard, CoAP (Constrained Application Protocol) was created to be used by devices with limited control functionality and RAM. IoT solutions in general and M2M ones in particular fall into this category. By default, CoAP uses DTLS for data protection purposes.

This protocol is based on the REST model. It allows the execution of such standard operations as parsing a URL using the GET, PUT, POST, and DELETE methods. It is worth noting that CoAP is based on the RFC 7252 standards. This guarantees that the protocol will be able to deal with an overload in case of significant network expansion. Besides this, the protocol supports a number of data formats, including XML, JSON, CBOR, and many others.

As for the protocol’s suitability for IoT solutions, CoAP was designed to take into account the characteristics of devices with less than 100 Kb of RAM (as it is stated in RFC 7228). CoAP uses the UDP protocol over the IP protocol with 4-bit fields. Therefore, servers don’t have to save and store states.


XMPP (Extensible Messaging and Presence Protocol) is often used for data package exchanges in real time. Its specifications are described in the RFC 3920 and RFC 3921 standards. Thanks to supporting the XML format, it is perfect for use in IoT solutions. Networks based on the XMPP protocol are decentralized to ensure their high fault tolerance.

For security, XMPP networks often employ the help of the SASL and TLS protocols. Besides this, some XMPP-based IoT solutions use PGP/GPG for encryption purposes.

XMPP can be used as the basis for extremely flexible solutions. The XMPP Software Foundation supports numerous extensions, including ones dedicated to distributing resources, working with IoT devices and monitoring their state, etc.


SOAP (Simple Object Access Protocol) is one more widely used protocol for exchanging data in the form of structured XML messages within a distributed computing system. SOAP is based on the XML language and extends some protocols working at the application layer, such as HTTP, FTP, and SMTP. In-built error detection is a key perk of this protocol.

However, unnecessarily huge message size is the key downside of SOAP. This is why this protocol is more suitable for local solutions.

As for its use cases, SOAP is a perfect match for business application requirements. The reason is, this protocol has the bar set high for data exchange security.


UPnP (Universal Plug and Play) is an extension of the Plug and Play permissions and protocols. It uses standard protocols for data transfer, such as TCP/IP, HTTP, and DHCP.

The universal approach allows UPnP to establish both wired (e.g., Ethernet, Firewire) and wireless (e.g., WiFi, Bluetooth) connections without requiring any additional drivers. This enables any device compatible with UPnP to take part in data transfer, regardless of its OS, programming language, product type, or manufacturer.

Nevertheless, despite all the perks of this protocol, it comes with certain security risks. The problem is, Universal Plug and Play doesn’t require any authentication as it was built with the assumption that every device in the network is reliable and friendly by default. So, if a device gets infected with malware, the whole system will be compromised, and data packages will get intercepted.


Now, let’s see in which cases each of the IoT protocols described above should be used.

Let’s start with MQTT. In the 1990s, IBM developed MQTT to ensure satellite communication with oil-production equipment. Today, it is, perhaps, the most popular IoT protocol. This is why its scope of application is so wide when it comes to devices connected with a global network.

In particular, MQTT is used for collecting sensor data in real time, synchronizing sensors, controlling their parameters (in real time as well), identifying data package state instantly (to see if a message was delivered, for instance), etc. It is also used in solutions with a limited bandwidth where text messages have to be delivered with a minimal time lag.

Now, it’s time for a few words about CoAP-based networks, which follow one-to-one correspondence principles. In fact, such networks meet the requirements of one-to-many or many-to-many multicasting as the protocol itself is based on IPv6.

In addition, the UDP diagrams used during CoAP data exchange ensure the high-speed execution of data transfer cycles. This also reduces the package size and, consequently, the time lags during their transfer.

This approach allows IoT devices to remain in sleep mode for longer periods of time, which prolongs the duration of their battery charge. Therefore, CoAP is a perfect option for networks including nodes with limited technical capabilities, as well as for solutions that can’t work without HTTP compatibility.

Let’s move on. XMPP. If we put IoT aside, we need to mention that Google Hangouts and WhatsApp Messenger are built based on XMPP. Why? XMPP is an easy (when it comes to configuration), scalable, and secure protocol for instantaneous message exchange. Now, it is actively used in IoT projects for implementing simultaneous access control for connected devices.

This protocol is especially useful when the network devices require a two-way connection with servers or when you need to establish a secure and reliable M2M connection. In comparison with MQTT, this protocol is less popular due to its high network bandwidth requirements.

As we’ve mentioned above, SOAP is good for implementing IoT-powered business applications. In this protocol, all the security aspects are well-managed, and typical in-network errors get resolved automatically.

Finally, UPnP. This protocol is often used for making home IoT solutions a reality. (Such solutions don’t include corporate devices.) In fact, UPnP became popular thanks to its well-orchestrated promotional campaign on the UPnP forum. There, you can find the easiest and most reliable ways to establish connections with autonomous devices from various vendors (although in practice, it’s not as reliable as you’d like to think).

Read more: 7 IoT Security Issues And How To Protect Your Solution.


There are at the very least five IoT protocols you can choose from when building your own IoT solution. Each of them has its own use cases, so you should analyze your requirements to determine which one is the best match for you.

If you’d prefer to entrust the creation of your IoT solution to professionals, waste no time and reach out to us. Additionally, we offer an embedded software development service to our customers. We’ll deliver even the most unconventional and complex product for you. With us, you can rest assured that you’ll get a scalable, efficient, secure, and fault-tolerant solution.

Background form

Latest articles

Evaluating the Matter Protocol: First Steps

Crafting Connectivity: Hardware Evaluation in Matter Ecosystem

Real Talk on Matter Protocol: Software Evaluation