CoAP
CoAP (Constrained Application Protocol) is a lightweight application protocol designed for communication between resource-constrained devices within IoT, Industrial Internet of Things and modern OT environments. The protocol provides REST-based machine communication with minimal overhead and is optimised for Embedded systems, wireless networks and low-power devices.
Within Industrial Automation, CoAP is used for:
- Sensor networks
- edge devices
- industrial IoT
- smart buildings
- energy management
- remote Telemetry
- low-power OT networks
CoAP plays an important role within modern IT OT Convergence architectures in which more small edge devices and embedded systems are integrated with cloud platforms and industrial data systems.
⚙️ What is CoAP
CoAP stands for:
Constrained Application Protocol
The protocol was developed by the IETF Constrained RESTful Environments (CoRE) working group.
Goals:
- minimal overhead
- low bandwidth
- low energy consumption
- easy implementation
- REST compatibility
- scalable machine communication
CoAP is functionally similar to HTTP but optimised for embedded systems.
🏗️ Architecture of CoAP
CoAP uses a client/server model similar to web architectures.
Architecture:
Sensor / Device
│
▼
CoAP Server
│
UDP/IP
│
CoAP Client
Important properties:
| Property | Description |
|---|---|
| Transport | UDP |
| Model | RESTful |
| Payloads | Compact |
| Header | Small |
| Discovery | Built in |
| Multicast | Supported |
📡 UDP-based communication
Unlike HTTP, which uses TCP, CoAP runs on top of UDP.
Benefits:
- lower overhead
- less Latency
- faster communication
- lower energy consumption
Important within:
- wireless sensor networks
- battery-powered devices
- embedded OT systems
Drawbacks:
- no built-in sessions
- no guaranteed delivery
- packet loss possible
CoAP therefore includes additional reliability mechanisms.
🧠 RESTful communication
CoAP uses REST principles similar to web APIs.
Supported methods:
| Method | Function |
|---|---|
| GET | Retrieve data |
| POST | Send new data |
| PUT | Modify value |
| DELETE | Remove resource |
Example:
coap://sensor01/temperature
This makes CoAP easy to integrate with modern IT architectures.
⚡ Compact protocol design
CoAP is designed for constrained devices.
Small headers
HTTP headers CAN be hundreds of bytes large.
CoAP uses headers of only a few bytes.
Benefits:
- less bandwidth
- lower CPU load
- lower energy consumption
Important for:
- wireless sensors
- embedded systems
- low-power devices
🔄 Reliability over UDP
Because UDP offers no reliability, CoAP implements its own mechanisms.
Message Types
| Type | Function |
|---|---|
| Confirmable (CON) | Acknowledgement required |
| Non-confirmable (NON) | No acknowledgement |
| Acknowledgement (ACK) | Acknowledgement |
| Reset (RST) | Invalid message |
This allows CoAP to deliver reliable communication despite UDP.
📦 Resource-based model
CoAP works with resources.
Examples:
coap://pump01/status
coap://sensor05/value
coap://hvac01/temperature
Each resource represents:
- sensor values
- device status
- configurations
- commands
- events
🔌 CoAP within industrial automation
CoAP is used in:
| Application | Use |
|---|---|
| Smart sensors | Telemetry |
| Edge devices | Data collection |
| Building automation | HVAC data |
| Energy management | Metering |
| Wireless OT | Low-power communication |
The protocol is especially suited to large numbers of small devices.
📡 CoAP Observe mechanism
CoAP supports publish/subscribe functionality through Observe.
Operation:
- Client subscribes to a resource
- Server monitors changes
- Updates are sent automatically
Benefits:
- event-driven communication
- less polling
- lower network load
Comparable to subscription mechanisms within MQTT.
🌐 Device discovery
CoAP supports automatic discovery.
Special resource:
.well-known/core
This allows clients to discover available resources.
Benefits:
- automatic provisioning
- easy integration
- scalability
Important within dynamic IoT environments.
📶 CoAP and wireless networks
CoAP is designed for unstable and limited networks.
Suitable for:
This makes CoAP popular within:
- smart buildings
- smart cities
- remote monitoring
- battery-powered OT devices
⚡ CoAP versus MQTT
MQTT and CoAP are often compared.
| Property | CoAP | MQTT |
|---|---|---|
| Architecture | REST client/server | Publish/subscribe |
| Transport | UDP | TCP |
| Overhead | Very low | Low |
| Latency | Very low | Low |
| Discovery | Yes | No |
| Multicast | Yes | No |
| Broker required | No | Yes |
| Stateful | Less | More |
Both protocols are often combined within IIoT architectures.
🧩 CoAP and Edge Computing
Within Edge Computing, CoAP often functions as a field protocol.
Typical architecture:
Sensors
│
CoAP
│
Edge Gateway
│
MQTT / OPC UA
│
Cloud / SCADA
Edge gateways often convert CoAP data to:
☁️ CoAP and cloud integration
CoAP can be integrated with cloud platforms via gateways.
Applications:
- telemetry ingestion
- cloud analytics
- device management
- Predictive Maintenance
Often combined with:
- Azure IoT
- AWS IoT
- Google Cloud IoT
🔒 Cybersecurity aspects
Because CoAP runs over UDP, Security requires special attention.
DTLS
CoAP usually uses DTLS:
Datagram Transport Layer Security
Comparable to TLS but designed for UDP.
Functions:
- encryption
- Authentication
- integrity check
⚠️ Security risks
Important threats:
| Risk | Impact |
|---|---|
| UDP spoofing | False communication |
| Replay attacks | Repeated messages |
| Resource exhaustion | DoS attacks |
| Weak authentication | Unauthorised access |
| Rogue devices | Untrustworthy data |
Low-power devices often have limited security capabilities.
🛡️ Hardening of CoAP networks
Important measures:
- DTLS encryption
- strong authentication
- Certificate Management
- Network Segmentation
- Industrial Firewall
- rate limiting
- device hardening
- Security Monitoring
Within OT networks, device Identity Management is essential.
📉 Performance considerations
Benefits
| Property | Result |
|---|---|
| Low overhead | Efficiency |
| UDP-based | Low latency |
| Small payloads | Less bandwidth |
| Low-power design | Long battery life |
Possible limitations
| Issue | Impact |
|---|---|
| Packet loss | Missed data |
| No sessions | More complex applications |
| UDP filtering | Firewall issues |
| Security overhead | Higher CPU load |
🏭 Practical applications
Smart buildings
Use for:
- HVAC sensors
- energy management
- occupancy monitoring
- lighting
Energy supply
Applications:
- smart meters
- energy telemetry
- remote sensors
Water sector
Use for:
- remote monitoring
- tank measurements
- pump sensors
Manufacturing
Applications:
- wireless sensors
- Condition Monitoring
- edge telemetry
🧪 CoAP and constrained devices
CoAP is specifically designed for devices with limited resources.
Typical constraints:
| Resource | Typical limit |
|---|---|
| CPU | Small microcontrollers |
| RAM | Kilobytes |
| Storage | Very limited |
| Energy | Battery-powered |
This makes CoAP popular within embedded industrial IoT.
📡 CoAP and IPv6
CoAP is often combined with IPv6.
Benefits:
- enormous address space
- direct device addressing
- scalability
Important for large-scale IIoT networks.
🛠️ Integration with OT platforms
CoAP is often integrated with:
| Platform | Function |
|---|---|
| SCADA | Monitoring |
| Historian | Data storage |
| MQTT Brokers | Event streaming |
| OPC UA gateways | Protocol conversion |
| Edge analytics | Local processing |
🛡️ Relevant standards and frameworks
| Standard | Relevance |
|---|---|
| RFC 7252 | CoAP standard |
| IEC 62443 | OT security |
| NIST SP 800-82 | ICS cybersecurity |
| NIST CSF | Cybersecurity governance |
IoT protocols increasingly fall under OT Security Policy.
📈 Trends and developments
Important trends:
- edge-native IIoT
- low-power OT
- smart sensor networks
- IPv6 industrialisation
- AI at the edge
- event-driven architectures
- OT-IoT convergence
CoAP grows particularly within large-scale sensor networks and embedded OT systems.
🎯 Conclusion
CoAP is a lightweight and efficient communication protocol for constrained devices within modern industrial IoT and edge environments. By combining RESTful communication with minimal overhead, the protocol provides scalable machine communication for sensors, embedded systems and low-power OT networks.
Within modern IT OT Convergence architectures, CoAP is an important protocol for wireless sensor networks, edge telemetry and embedded IIoT platforms, especially where low latency, low energy consumption and minimal network load are essential.