Internet of Things protocols and APIs

The exponential growth of the connected devices around the world demonstrate the interest for the Internet of Things. Nowadays more and more developers take agile approaches to connect devices to the Internet. However most of the developers still do not have a clear approach on what protocol should the devices might use to send and receive data.

This is one of the most interesting dicussions about the Internet of Things Architectures topic. What are the best IoT protocols and APIs to use on Internet of Things projects?

TL;DR - There is no silver bullet on the Internet of Things procotols. You might understand what your devices do and need to decide what protocol to use.

Usually when I need to talk about Internet of Things protocols I like to mention the OSI model.

The OSI model

The OSI model is a conceptual representation of the underlying communication technologies and standards used to send data from the physical layer to the applications. The goal of the OSI model is to describe the standard protocols being used by some specific communication systems.

Find below a diagram with the 7 theoric layers of the OSI model.

The 7 layers of the OSI model. Source

When the Internet of Things project gets into the moment to decide the protocol, it's important to take into account the OSI model and position all the key standards needed to send and receive data.

Having said that, remember that the OSI model is an idealized abstract model. There are no protocols in use today that follow it exactly on the seven layers. For example, HTTP was created without regard to the OSI model, so there's no point to trying to make it fit exactly, as you are going to see below.

Let's analyze the most popular Internet of Things protocols and understand when it makes sense to use one or the others.

Most popular Internet of Things protocols


HTTP (Hypertext Transfer Protocol) is a client-server protocol. It’s one of the most popular protocol as it is being used on the Web. HTTP has plenty of libraries that implements it on different communication modules on hardware.

HTTP is useful when you need to send large amounts of data. Having said that, it’s not perfect if you need to send data on the milisecond order of magnitude or if you need to send video streams.

Using the SSL/TLS on the top of HTTP enables to have an encrypted protocol, the HTTPS. Nevertheless, there are some communication modules that do not support SSL/TLS on the devices, or support deprecated SSL versions. It’s very common to see devices starting a client HTTP connections, but not being able to receive bidirectional information as it’s not recommended to allow the server to start an HTTP connection to the devices, for security reasons.

HTTP represented on the theoric 7 layers of the OSI model.

The HTTP methods used by IoT devices are (based on the REST):

HTTP doesn’t provide any Quality of Service (QoS) on the messages delivery.

Most of the IoT Cloud providers support HTTP/S communication with devices. Having said that, some of the communication modules on existing hardware (mostly cellular modems) only support old SSL versions, that are deprecated SSL versions on most of the cloud providers.


MQTT (Message Queuing Telemetry Transport) is a publish-subscription protocol that runs on the top of TCP. It’s designed for IoT devices, so it’s very lightweight and easy to implement on modules. On the architecture you will need a broker which will route all the publish-subscribe messages. The routing of messages are designed to connect simultaneously a large number of devices.

It is very recommended to use TLS to encrypt the MQTT pub-sub communications on TCP. MQTT offer other type of security methods such as username and password, which I do not recommend. Having said that, not all the IoT MQTT cloud providers support a TLS version compatible with all the communication modules running on the devices.

MQTT is very interesting when you need bidirectional communication (on the publish-subscribe mode) on real-time. On the other hand, if you use cellular connectivity and you pretend to use MQTT, you need to understand that to maintain the sessions of the subscriptions the device will spend more data, than using other protocols.

MQTT represented on the theoric 7 layers of the OSI model.

The MQTT methods used by devices are:

The communication is based on topics instead of resources as in HTTP. It provides different Quality of Services (QoS) on the messages delivery.


CoAP (Constrained Application Protocol) was created in 2014 as a minimal REST protocol for IoT devices. Then CoAP is a client/server protocol, likewise HTTP, but using UDP instead of TCP. It simplifies and reduces the size of the headers as the UDP header is smaller than the TCP header.

CoAP also brings a pub-sub operation called observe. Usually HTTP devices abuse of pulling due the security issues, and this is being solved on CoAP introducing the observation method. In conclusion, it allows to have a twofold protocol with HTTP operations and subscriptions with a quality of service (as it’s using UDP) defined by the application layer.

CoAP represented on the theoric 7 layers of the OSI model.

The CoAP methods used by devices are:

It’s interesting to observe that some of the cellular communication modules existing in the market only support UDP (and not TCP). The new cellular radio technologies, such as NB-IoT, are taking the advantage of CoAP using UDP in order to implement the application layer on the top of these existing modules on devices.

On the other hand, not a lot of IoT Cloud providers support CoAP yet. And the ones that support CoAP do not support CoAP + DTLS, as there are not a lot of public implementations of these libraries yet.


On this blogpost I only covered three of the most popular Internet of Things protocols. There are other protocols, for example the OPC/UA, a popular protocol on the Industrial IoT, but this is only related to specific hardware on specific use cases.

To decide what Internet of Things protocols to use, it's always a must to understand the IoT use case. However the OSI model it’s a good starting point to decide what protocol fits better on the project.

I usually ask some questions to the developers:

At this point, when all of the answers are in place and they are understood and analyzed, it's possible to decide what protocol to use. In some cases, the networking and protocols can save money and save battery (in case they run on batteries) from the connected devices.

So, what Internet of Things protocol are you going to use now?

If you have any question or comment feel free to contact me on twitter.