Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
API Security

What is CoAP Protocol? Meaning & Architecture

Professionals involved in IoT network designing or development must have come across CoAP. A dedicatedly set standard by IETF, it works the best when it comes to constrained IoT-enabled solutions. 

To make you understand CoAP (Constrained Application Protocol) better, we have prepared this post, presenting a crisp CoAP definition, architecture, its role in API security, and other related topics.

What is CoAP Protocol? Meaning & Architecture

A Quick Overview 

CoAP a customary client-server IoT protocol. It enables clients to make requests for web transfers as per the need of the hour. On the other hand, it also let supporting servers to respond to arriving requests. In summary, devices’ nodes in the IoT ecosystem are enabled to interact over through CoAP only.

CoAP and HTTP follow the same working procedure. However, CoAP attains its functionality via asynchronous transactions (using UDP). It utilizes the POST, GET, PUT, and DELETE calls. That’s the reason why API security is of higher grade while CoAP is active as it is an RPK and PSK-certified protocol.

CoAP is compatible with 4 types of information exchange:

  1. Acknowledgments confirm the completion or failure of an event.
  2. Confirmable are the messages that are resent on time out until the confirmation of successful sending doesn’t arrive.
  3. Reset messages are empty, with confirmable as their nature.
  4. Non-confirmable information is just sent and has no guarantee of successful delivery. There is no acknowledgment of success either.

Key traits of CoAP are:

  • Works for devices in the same network types.
  • Enables data transmission, to and fro, for the general internet-enabled nodes and network-connected devices.
  • Works really fine for SMSs shared over mobile network connectivity.
  • Suitable for internet-operative applications that use connected devices/sensors and have resource limitations.
  • Capable of translating HTTP, supports multicast, and exerts the bare minimum cost burden.
  • Only helps machines to communicate (in the network).

CoAP Architecture

The WWW and the constraints ecosystem are the 2 foundational elements of the CoAP protocol architecture. Here, the server monitors and helps in communication happening using CoAP and HTTP while proxy devices bridge the existing gap for these 2 ecosystem, making the communication smoother. 

CoAP allows HTTP clients (also called CoAP clients here) to talk or exchange data/information with each other within resource constraints. 

While one tries to understand this architecture, gaining acquaintances with some key terms is crucial:

  • Endpoints are the nodes that host have knowledge of;
  • Client sends requests and replies to incoming requests;
  • Server gets and forwards requests. It also gets and forwards the messages received in response to the requests it had processed.
  • Sender creates and sends the original message.
  • Recipient gets the information sent by the client or forwarded by the server. 
CoAP Architecture

CoAP Function

The key role of CoAP is to act like HTTP wherever restricted devices are a part of communication. While filling the gap of HTTP, it enables devices like actuators and sensors to interact over the internet.

The devices, involved in the process, are administered and controlled by considering data as a system’s component. CoAP protocol can operate its functions in an environment having reduced bandwidth and extreme congestion as it consumes reduced power and network bandwidth.  

Networks featuring intense congestion and constrained connectivity are not ideal conditions for TCP-based protocols to carry out their responsibilities. CoAP comes as a rescuer at this place and supports the wen transfers. 

Web transfers happening using satellites and covering long distances can be accomplished with full perfection using CoAP. Networks featuring billions of nodes take the help of the CoAP protocol for information exchange.  

Regardless of the function handled or role played, CoAP promised security of highest grade as DTLS parameters as default security parameter; the counterpart of 128 bit RSA keys. 

Speaking of its deployment, it’s simple and hassle-free. It can be implemented from scratch for a straightforward application.   

For the application ecosystem where CoAP is not desirable, generic implementations are offered for various platforms. Most of the CoAP implementations are done privately while few are published in open-source libraries like MIT license. 

CoAP Features

The defining features that place CoAP protocol separate from other protocols are as stated next. As it shares great similarities with HTTP, developers face bare minimum difficulties while using it. 

CoAP is an integration-friendly protocol and can be paired easily with applications using cross-protocol proxies. Seamlessly, it integrates with JSON, XML, CBOR, and various other data formats. In the process, the web client doesn’t get hints about a sensor resource being accessed. 

Developers are endowed with various payloads and have the freedom to make a choice to bring the ideal payload into action. 

The successful IoT device/application demands the usage of billions of nodes at a time. CoAP is designed to handle such huge mode amounts with full perfection while keeping the overheads under control. It can operate on tons of microcontrollers while using the least possible resources. RAM space as low as 10KiB and code space as 100 KiB is enough for CoAP. 

As resources demanded by CoAP are on the minimum side, it keeps the wastes under control. There is no need to deploy a hefty transport stack for web transfers. The header and encoding, used for message processing, are compact and don’t cause any fragments on the link layer. At a time, it supports the functions of multiple servers. 

CoAP offers a comprehensive resource directory to spot the properties of the node. 

CoAP is verified by RFC 7252, is developed for the future, and is able to deal with congestion control issues.  

CoAP Layer

The protocol works through its two layers:

  1. CoAP Messages Model

It makes UDP transactions possible at endpoints in the confirmable (CON) or non-confirmable (NON) format. Every CoAP message features a distinct ID to keep the possibilities of message duplications at bay. 

The 3 key parts involved to build this layer are binary header, computer option, and payload.  

As explained before, confirmable texts are reliable and easy-to-construct message that are fast and are resent until the receipt of a confirmation of successful delivery (ACK) with message ID. 

  1. CoAp Request/Response Model

This layer takes care of CON and NON message requests. Acceptance of these requests depend on server’s availability. Cases are:

  1. If idle, the server will handle the request right away. If a CON, the client will get an ACK for it. If the ACK is shared as a Token and differs from the ID, it is essential to map it properly by matching request-response pairs. 
  2. If there is a delay or wait involved, the ACK is sent but as an empty text. When its turn arrvies, the request is processed andthe client gets a fresh CON.

The key traits of the Request/Response model are mentioned next:

  • Request or response codes for CoAP are same as for the HTTP, except for the fact that they are in the binary format (0-8 byte Tokens) in CoAP’s case. 
  • Request methods for making calls (GET, PUT, POST, and DELETE) are declared in the process. 
  • A CON response could either be stored in an ACK message or forward as CON/NON. 


As there are great similarities, we won’t blame you if you consider these two identical. For instance, they both are used for IoT devices as they both necessitate less amounts of network packets causing more power-optimized performance, less storage consumption, and longer battery power. 

CoAP and MQTT are distinct from each other on various fronts:


This model has publishers and subscribers as main participantsUses requests and responses
Central broker handles message dispatching, following the optimal publisher to client path.Message dispatching happens on a unicasting basis (one-to-one). The process is same as HTTP.
Event-oriented operationsViable for state transfer
Establishing a continual and long-lasting TCP connection with the broker is essential for the client.Involved parties use UDP packets (async) for message passing and communication.
No message labeling but have to use diverse messages for different purposes.It defines messages properly and makes its discovery easy.

REST Protocol and CoAP

RESTful protocol refers to REpresentational State Transfer and is operational over HTTP. In its casel, every entity is treated as a resource and is accessible via the mutual interface. REST is hugely powered by web technology but is not solely dependent on HTTP

Suitable for IoT applications, CoAP is often called a lightweight RESTful dialect. It requires less CPU resources and bandwidth on the network if we compare. IoT device development is a hefty task if it happens over HTTP as it involves billions of nodes. However, due to its nature, architecture and working, CoAP is capable of performing all of this.



Subscribe for the latest news

May 13, 2024
Learning Objectives
Subscribe for
the latest news
Related Topics