CoAP, the Constrained Application Protocol, is a web transfer protocol designed for devices and networks too small and too lossy to run ordinary HTTP. It was published by the IETF as RFC 7252 in June 2014, authored by Zach Shelby (ARM), Klaus Hartke, and Carsten Bormann (Universitaet Bremen TZI). The specification opens by defining its scope: CoAP is “a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks.”
The central design choice is to keep the familiar REST model of the web while shedding its weight. RFC 7252 describes a “request/response interaction model between application endpoints” with the same GET, POST, PUT, and DELETE methods and URI-addressable resources that HTTP uses, so a CoAP resource looks much like a web resource. But where HTTP rides on TCP, CoAP runs over UDP, which avoids the connection setup, buffering, and overhead that strain tiny devices. To compensate for UDP’s lack of guarantees, CoAP adds “optional reliability (with exponential back-off)” through confirmable messages that are retransmitted until acknowledged.
The target hardware is explicitly modest. The RFC names “8-bit microcontrollers with small amounts of ROM and RAM” on networks with “high packet error rates and a typical throughput of 10s of kbit/s.” To fit that envelope, CoAP uses a compact 4-byte binary header and a small set of options, giving it “low header overhead and parsing complexity.” It supports multicast, built-in resource discovery, and optional caching, and secures traffic with DTLS, the datagram-oriented cousin of TLS.
A defining feature is its deliberate alignment with HTTP. Because CoAP mirrors HTTP’s methods and response codes, the two map onto each other cleanly, and a gateway can translate between a CoAP-speaking sensor network and the HTTP-speaking web with minimal friction. This lets constrained devices participate in the same resource-oriented architecture as the rest of the internet without paying HTTP’s full cost.
CoAP became one of the core application protocols of the Internet of Things, often discussed alongside MQTT. The two solve overlapping problems differently: MQTT is a publish-subscribe message broker model, while CoAP keeps the request-response, RESTful shape of the web scaled down to a microcontroller. Both reflect the same realization that the web’s defaults were built for capable machines, and that the billions of small devices joining the network needed protocols built to their constraints.