Understanding the Core Concepts of CoAP: A Comprehensive Guide

In the ever-evolving realm of the Internet of Things (IoT), the Constrained Application Protocol (CoAP) has emerged as a pivotal communication protocol. As devices become increasingly interconnected, CoAP offers an efficient and lightweight solution for constrained environments. In this article, we will delve into the core concepts of CoAP, exploring its architecture, features, message types, security mechanisms, and more.

What is CoAP?

CoAP, the Constrained Application Protocol, is a specialized protocol designed to facilitate communication between constrained devices in low-power, low-bandwidth networks. Unlike traditional protocols like HTTP, CoAP is tailored to meet the unique demands of IoT devices. By minimizing overhead and utilizing efficient messaging, CoAP enables reliable communication in resource-constrained scenarios.

CoAP Architecture

This protocol follows a client-server architecture, mirroring the structure of HTTP but optimized for IoT. Devices in a CoAP network can act as clients, servers, or both. Clients initiate communication by sending requests to servers, which in turn respond with relevant data or actions. This architectural model simplifies communication between devices and applications while considering the limitations of constrained environments.

COAP server client communication
  • The architecture is centered around the client-server model, which is a fundamental approach in CoAP, similar to HTTP. This protocol has optimized this architecture for the unique requirements of IoT environments.
  • CoAP Clients: These are devices or applications that initiate communication by sending CoAP requests to CoAP servers. Clients can be sensors, actuators, or any other IoT devices that require data or actions from the network.
  • CoAP Servers: These are devices that respond to CoAP requests from clients. Servers can also serve as resources that clients interact with. Servers process incoming requests, perform relevant actions, and generate responses containing the requested data or indicating the status of the operation.
  • CoAP Requests: Clients send CoAP requests to servers to initiate actions or retrieve data. CoAP supports various request methods, such as GET (retrieve data), POST (create new resource), PUT (update resource), and DELETE (remove resource).
  • CoAP Responses: Servers generate CoAP responses containing the requested data or the outcome of the requested action. Responses can be confirmable (CON) or non-confirmable (NON), depending on the desired level of reliability. Confirmable responses include an acknowledgment (ACK) from the client.
  • CoAP Network and Communication: The communication between clients and servers happens over the CoAP network. CoAP is designed to operate over constrained networks, which might have limited bandwidth and resources. The protocol’s lightweight nature ensures efficient communication in such environments.

CoAP Message Types

This IoT messaging protocol defines four primary message types, each serving a specific purpose:

  • CON (Confirmable): This type ensures reliable communication by requiring acknowledgment and retransmission of messages until acknowledged. It suits scenarios where data integrity is crucial.
  • NON (Non-Confirmable): NON messages prioritize efficiency over reliability, making them suitable for scenarios where occasional data loss is acceptable.
  • ACK (Acknowledgment): The recipient of a CON message sends an ACK message to confirm receipt. It forms a vital part of CoAP’s reliability mechanism.
  • RST (Reset): When a server or client receives a message that cannot be processed, it sends an RST message to indicate this situation.

CoAP Resources and URIs

CoAP resources are fundamental entities in the protocol. They are identified using Uniform Resource Identifiers (URIs), similar to URLs in HTTP. Resources can represent data, services, or actions that a device exposes to the network. This design facilitates interoperability and makes it possible to apply web paradigms to IoT applications.

CoAP Methods

CoAP supports a set of methods that clients can use to interact with resources:

GET Method

The GET method is one of the fundamental methods supported by CoAP. It allows clients to retrieve a representation of a resource from a server. A “representation” can be thought of as the current state or content of the requested resource. When a client sends a GET request, it is asking the server to provide information about the resource’s current status.

For example, in a smart home scenario, a CoAP client (such as a smartphone app) might send a GET request to a CoAP server that controls a smart thermostat. The server would respond with a representation of the thermostat’s current temperature setting, humidity level, and other relevant data.

POST Method

The POST method enables clients to send data to a server. This method is typically used for creating new resources on the server or submitting data for processing. When a client sends a POST request, it’s asking the server to handle the enclosed data and perform an action accordingly.

In the context of IoT, a CoAP client might send a POST request to a server that manages a home security system. The request could include data about a detected motion event or a door opening. The server would process this data and potentially take actions like sending alerts or logging the event.

PUT Method

The PUT method allows clients to update or create a resource’s state on the server. Clients use PUT when they want to modify the content or properties of a resource. If the resource doesn’t exist, PUT can also be used to create a new resource.

For instance, consider a CoAP-enabled environmental sensor. The sensor might send a PUT request to update its current temperature reading on the server. If the sensor detects a change in temperature, it could use PUT to ensure that the server’s record of the temperature is accurate.


As the name suggests, the DELETE method is used to request the removal or deletion of a resource on the server. When a client sends a DELETE request, it’s asking the server to eliminate the specified resource.

In an industrial setting, a CoAP client representing a maintenance robot could send a DELETE request to a server managing a broken machine. This request could prompt the server to remove the machine’s resource representation from its records, indicating that the machine is no longer operational.

In summary, CoAP’s support for these methods (GET, POST, PUT, DELETE) allows clients to interact with resources on servers in a standardized and meaningful way. Whether retrieving data, sending updates, creating resources, or requesting removal, these methods form the core of CoAP’s functionality in the IoT landscape.

CoAP Observer

In CoAP (Constrained Application Protocol), an “Observer” is a mechanism that allows clients to subscribe to resources and receive real-time updates about changes to those resources. The Observer mechanism is designed to address scenarios where devices or applications need to stay informed about changes in the state of specific resources without continuously polling the server.

In traditional client-server communication, a client would typically send periodic requests to the server to check if there have been any changes to a particular resource. This approach consumes network bandwidth and server resources, especially in cases where changes are infrequent. The Observer mechanism in CoAP offers a more efficient solution.

How COAP Observer Works?

Here’s how the Observer mechanism works:

Subscription Request: A CoAP client interested in observing a resource sends a GET request with the “Observe” option set to 0. This request indicates to the server that the client wishes to observe the resource.

Server Response: When the server receives the subscription request, it responds with the resource representation as usual, along with the current value of the “Observe” option (usually set to 0). The server also starts monitoring the resource for changes.

Resource Update: If the state of the observed resource changes, the server sends a new response to all observing clients. In this response, the “Observe” option is incremented by 1. The client receives the updated resource representation and can act upon the changes.

Subsequent Updates: The client can continue to receive updates by observing subsequent changes to the resource. Each time the resource changes, the server increments the “Observe” option and sends the updated response to the observing clients.

Canceling Observation: If a client no longer wishes to observe a resource, it can simply stop sending observation requests. Alternatively, it can send a GET request with the “Observe” option set to 1 to cancel the observation. The server will acknowledge the cancellation and stop sending updates to that client.

Observer Advantages

The Observer mechanism provides several benefits:

  • Efficiency: Observing reduces the need for continuous polling, which saves network bandwidth and reduces server load.
  • Real-time Updates: Clients receive real-time updates about changes to resources, enabling timely responses.
  • Less Latency: Observers can react promptly to changes, as they are notified as soon as the resource’s state is updated.
  • Reduced Power Consumption: Observing helps reduce the power consumption of IoT devices by minimizing the need for frequent communication.
  • However, it’s important to note that the Observer mechanism is best suited for resources that change infrequently. If a resource’s state changes rapidly, the constant stream of updates might overwhelm the network and clients.

Overall, the Observer mechanism is a valuable feature of CoAP that enhances the efficiency and effectiveness of communication in IoT applications by allowing devices to stay informed about resource changes without resorting to continuous polling.

Structure of CoAP Messages

CoAP (Constrained Application Protocol) messages are the building blocks of communication between IoT devices and servers in constrained environments. These messages follow a well-defined structure to efficiently exchange data and control information. Understanding the structure of CoAP messages is essential for developing and implementing effective communication protocols for IoT applications.

COAP message structure

A CoAP message consists of several components:

CoAP Message Header

The header of a CoAP message contains essential information about the message and its properties. It is divided into several fields:

  • Version (2 bits): Indicates the version of CoAP being used.
  • Type (2 bits): Specifies the message type (CON, NON, ACK, or RST).
  • Token Length (4 bits): Determines the length of the token field.
  • Code (8 bits): Defines the CoAP method, response, or error code.
  • Message ID (16 bits): A unique identifier for the message, used for matching requests with responses.

Token (0-8 bytes)

The token field is used to correlate related messages in a CoAP exchange. It is typically a randomly generated value that helps identify requests and responses that belong together. The token length is specified in the header.

Options (0 or more options)

Options provide additional context and metadata to the CoAP message. Each option consists of a variable-length delta (indicating the option’s number relative to the previous option) and a length field (specifying the length of the option value). Common options include:

  • Uri-Path: Identifies the resource path in the URI.
  • Uri-Query: Provides query parameters for the resource.
  • Content-Format: Specifies the format of the payload.
  • Max-Age: Indicates the cache validity duration.
  • Observing: Indicates the client’s interest in observing the resource.

Payload (0 or more bytes)

The payload contains the actual data being sent or received. It can vary in length and format based on the specific use case and the content-format option specified in the header. The payload could include sensor data, commands, or any other relevant information.

CoAP Security

Security is paramount in IoT environments, and CoAP addresses this concern by offering robust security mechanisms. It employs Datagram Transport Layer Security (DTLS) to establish a secure communication channel between devices. This ensures the confidentiality and integrity of data exchanged while thwarting potential attacks.

CoAP Block-wise Transfers

Handling large payloads efficiently is a common challenge in constrained networks. CoAP addresses this challenge through block-wise transfers. Messages are divided into smaller blocks, allowing devices to send and receive data in manageable chunks. This approach minimizes the risk of transmission errors and optimizes data transfer in scenarios with limited resources.

CoAP and Interoperability

CoAP’s compatibility with existing web technologies, such as HTTP, ensures smooth integration of IoT devices into the broader internet ecosystem. This interoperability opens the door to innovative applications that seamlessly bridge the gap between the physical and digital worlds.


Sure, here’s a tabular comparison of the key differences between CoAP (Constrained Application Protocol) and MQTT (Message Queuing Telemetry Transport):

DesignLightweight, efficient for constrained environmentsVersatile, supports various data formats and communication types
Transport ProtocolUDPTCP
Communication PatternsRequest-Response, Publish-SubscribePublish-Subscribe
QoS LevelsMultiple QoS levels (CON, NON, ACK)Three QoS levels (0, 1, 2)
SecurityDatagram Transport Layer Security (DTLS)Transport Layer Security (TLS)
Resource DiscoverySupports resource discovery through “well-known/core” link formatLacks built-in resource discovery mechanisms
Message SizeSmaller due to UDPLarger due to TCP
Network ConsiderationsSuitable for low bandwidth, unreliable connectionsSuitable for more stable and reliable networks
Use CasesIoT with constrained devices, sensor networksVersatile, broader range of use cases

Popular COAP Server and Client Libraries

These are three popular client and server libraries:

Client Libraries

  1. Copper (Java): Copper is a Java client library that provides a user-friendly interface for building CoAP client applications. It simplifies the process of sending requests, handling responses, and interacting with servers.
  2. aiocoap (Python): aiocoap is a Python library that allows you to create clients using asynchronous programming. It supports both IPv4 and IPv6 and provides an easy way to interact with CoAP resources from Python applications.
  3. Eclipse Californium (Java): Eclipse Californium is a widely used CoAP framework for Java that offers both client and server capabilities. It provides a comprehensive set of features and is well-documented, making it a popular choice for building CoAP applications.

Server Libraries

  1. Eclipse Californium (Java): In addition to being a client library, Eclipse Californium also offers server capabilities. It allows developers to create CoAP server applications in Java with features like resource handling and observation support.
  2. libcoap (C): libcoap is a C library that provides a basic implementation of the CoAP protocol for both clients and servers. It’s widely used in C-based projects for building CoAP-enabled applications.
  3. microcoap (C): microcoap is a lightweight CoAP server library written in C, designed for resource-constrained environments. It’s suitable for low-memory devices and applications where a minimalistic CoAP server is required.

These libraries offer a range of features and programming language options, making it easier for developers to implement solutions for their IoT applications.


In the dynamic landscape of the Internet of Things, the Constrained Application Protocol (CoAP) stands as a pivotal protocol that empowers communication between constrained devices. By grasping the core concepts of CoAP, developers and engineers can harness its potential to create cutting-edge IoT solutions. Through its lightweight design, efficient communication, and support for constrained devices, it plays a pivotal role in shaping the future of IoT applications.

You may also like to read:

Leave a Comment

%d bloggers like this: