CoAP

Protocols

Definition

Constrained Application Protocol. A lightweight RESTful protocol designed for resource-constrained IoT devices, running over UDP with optional DTLS encryption. Similar to HTTP in design but optimized for low-power, lossy networks.

CoAP's REST Model for IoT

Constrained Application Protocol (CoAP) brings REST semantics — GET, POST, PUT, DELETE — to devices too small to run full HTTP stacks. Standardized in RFC 7252, it runs over UDPUser Datagram Protocol. A connectionless transport protocol that sends datagrams without establishing a connection or guaranteeing delivery. Faster than TCP, it is preferred for real-time applications like DNS queries, VoIP, gaming, and streaming. and is designed for microcontrollers with kilobytes of RAM and lossy low-power networks (6LoWPAN, IEEE 802.15.4). Its binary header is just 4 bytes, compared to hundreds of bytes in HTTP headers.

Reliability over UDP

CoAP adds a lightweight reliability layer on top of UDP. Confirmable (CON) messages require an acknowledgment; if none arrives within a timeout, the sender retransmits. Non-confirmable (NON) messages are fire-and-forget — appropriate for frequent sensor readings where occasional loss is acceptable. Message IDs and tokens prevent duplicate processing. This selective reliability costs far less than TCPTransmission Control Protocol. A reliable, connection-oriented transport protocol that guarantees ordered, error-checked delivery of data through three-way handshakes, acknowledgments, and retransmission. The foundation of HTTP, SSH, and most internet services.'s full connection management.

Observe, Multicast, and Security

CoAP's Observe extension (RFC 7641) allows a client to register interest in a resource; the server pushes updates whenever the value changes — similar to MQTTMessage Queuing Telemetry Transport. A lightweight publish-subscribe messaging protocol designed for constrained devices and low-bandwidth networks. Widely used in IoT for sensor data collection and device control.'s subscribe model without a broker. CoAP supports MulticastA network communication method that sends data from one source to a specific group of interested receivers simultaneously. Uses the 224.0.0.0/4 range in IPv4 and is commonly used for streaming and routing protocols. addressing for device discovery across a subnet. Security is provided by DTLS (Datagram TLS) — the UDP equivalent of SSL/TLSSecure Sockets Layer / Transport Layer Security. Cryptographic protocols that provide encrypted, authenticated communication over a network. SSL is deprecated; modern implementations use TLS 1.2 or TLS 1.3.. CoAP-over-DTLS provides the same confidentiality and authentication guarantees as HTTPS while remaining compatible with low-power hardware. OSCORE (RFC 8613) is a newer end-to-end security layer that works even through proxy intermediaries.

Related Terms

More in Protocols