gRPC vs REST: When to Use Which
Choosing between gRPC and REST is not a matter of one being universally better than the other. They embody fundamentally different philosophies about how software components should communicate, and the right choice depends on who your consumers are, what your performance requirements look like, and how tightly coupled your systems can afford to be. This guide breaks down every dimension of the decision so you can make an informed choice rather than following hype.
Philosophical Foundations
REST and gRPC start from different mental models of what an API is. Understanding this distinction matters more than any benchmark, because it determines how your API feels to build against and how it evolves over time.
REST is resource-oriented. It models your domain as a collection of resources (nouns) and uses a fixed set of operations (HTTP verbs) to manipulate them. A user is a resource at /users/42. You GET it, PUT it, DELETE it. The API surface is discovered through URLs and hypermedia. REST leans on the web's existing infrastructure: caching, content negotiation, status codes, and the principle that every resource has a stable address.
gRPC is service-oriented. It models your domain as a collection of services (verbs) with strongly typed methods. You do not interact with resources at URLs -- you call UserService.GetUser(GetUserRequest). The API surface is defined in a Protocol Buffers schema that both sides compile against. gRPC leans on code generation, binary serialization, and HTTP/2 transport to optimize for machine-to-machine communication.
This is not a superficial difference. Resource orientation means REST APIs tend to be more discoverable and composable -- you can bookmark a URL, share it, cache it. Service orientation means gRPC APIs tend to be more precise and performant -- every field is typed, every method is explicit, and the wire format is optimized for machines rather than humans.
Performance: Binary vs. Text, HTTP/2 vs. HTTP/1.1
Performance is the most commonly cited reason to choose gRPC over REST, and it is a real advantage -- but the details matter more than the headlines.
Serialization
REST APIs almost universally use JSON. JSON is text-based, self-describing, and human-readable. These are features, but they come at a cost. A JSON payload carries field names as strings in every message, uses text representations of numbers, and requires parsing that involves string processing and memory allocation.
Protocol Buffers (protobuf), gRPC's default serialization format, use a binary encoding where fields are identified by numeric tags rather than string keys. Numbers are encoded in variable-length integer format. The result is payloads that are typically 2-5x smaller than equivalent JSON and parse significantly faster because the decoder knows the exact layout at compile time.
| Dimension | JSON (REST) | Protocol Buffers (gRPC) |
|---|---|---|
| Format | Text, self-describing | Binary, schema-dependent |
| Payload size | Larger (string keys, text numbers) | 2-5x smaller (numeric tags, varint) |
| Parse speed | Slower (string processing) | Faster (compiled decoders) |
| Human readability | Excellent -- readable in any text editor | Opaque -- requires schema to decode |
| Schema required to read? | No | Yes |
| Supports unknown fields? | Naturally (ignored by default) | Yes (preserved in binary) |
For a simple API returning a user object with a handful of fields, the difference is negligible. For a service returning thousands of route entries, telemetry events, or sensor readings, the difference is substantial. High-throughput internal services see real gains from protobuf's compact encoding.
Transport
gRPC mandates HTTP/2, which provides multiplexing (multiple requests over a single TCP connection), header compression (HPACK), and server push. Traditional REST APIs often run over HTTP/1.1, where each request-response pair occupies a connection and head-of-line blocking is a real problem under load.
That said, nothing prevents REST from running over HTTP/2 or even HTTP/3. Many modern REST deployments already use HTTP/2. The difference is that gRPC requires HTTP/2 and exploits its features deeply -- particularly for streaming RPCs where a single HTTP/2 stream carries multiple messages in both directions.
Streaming
This is where gRPC genuinely pulls ahead of REST. gRPC supports four communication patterns natively:
- Unary -- single request, single response (like REST)
- Server streaming -- single request, stream of responses (e.g., a BGP route feed)
- Client streaming -- stream of requests, single response (e.g., uploading sensor data in batches)
- Bidirectional streaming -- both sides send streams concurrently (e.g., real-time chat, collaborative editing)
REST can approximate streaming with Server-Sent Events (SSE), WebSockets, or chunked transfer encoding, but these are bolted on rather than first-class primitives. With gRPC, streaming is defined in the protobuf schema and handled by the generated code -- flow control, backpressure, and cancellation come for free.
Type Safety and Code Generation
gRPC's strongest advantage is arguably not performance but type safety. You define your service in a .proto file:
service RouteService {
rpc GetRoute(GetRouteRequest) returns (RouteInfo);
rpc StreamUpdates(StreamRequest) returns (stream RouteUpdate);
}
message GetRouteRequest {
string prefix = 1;
}
message RouteInfo {
string prefix = 1;
string origin_as = 2;
repeated string as_path = 3;
int64 timestamp = 4;
}From this single source of truth, the protobuf compiler generates client stubs and server interfaces in Go, Java, Python, Rust, C++, TypeScript, and a dozen other languages. The generated code handles serialization, deserialization, connection management, and transport. If a field is renamed or a type is changed, compilation fails immediately in every language -- you cannot ship a client that disagrees with the server about the message format.
REST APIs can achieve type safety through OpenAPI (Swagger) specifications and code generators, but this is opt-in rather than fundamental. Many REST APIs have no formal schema at all. When schemas exist, they are often maintained separately from the implementation and can drift. The tooling (openapi-generator, swagger-codegen) is mature but produces code of variable quality, and the validation is at specification-generation time rather than compile time.
| Aspect | gRPC / Protobuf | REST / OpenAPI |
|---|---|---|
| Schema source of truth | .proto files -- mandatory | OpenAPI spec -- optional |
| Code generation | First-class, official tooling | Third-party generators, variable quality |
| Type checking | Compile-time across all languages | Runtime (or linting with extra tooling) |
| Breaking change detection | buf breaking, protobuf lint rules | Spectral, openapi-diff, manual review |
| Cross-language consistency | Identical behavior -- same proto, same wire format | Depends on generator and language |
| Learning curve for schema | Protobuf IDL (small, strict) | OpenAPI/JSON Schema (large, flexible) |
Browser Support and gRPC-Web
This is gRPC's most significant limitation: browsers cannot make native gRPC calls. The browser's Fetch and XMLHttpRequest APIs do not expose the HTTP/2 framing that gRPC depends on. Specifically, browsers do not allow client code to access individual HTTP/2 frames, set custom trailers, or use the binary framing that gRPC's wire protocol requires.
gRPC-Web is the workaround. It is a modified protocol that works within browser constraints by encoding gRPC messages in a way that is compatible with HTTP/1.1 and standard XHR/Fetch APIs. A proxy (typically Envoy or grpc-web-proxy) sits between the browser and the gRPC backend, translating between gRPC-Web and native gRPC.
gRPC-Web works, but it adds operational complexity (you need to run and maintain the proxy) and reduces gRPC's feature set. Client streaming and bidirectional streaming are not supported through gRPC-Web. If your primary consumer is a web browser, REST provides a friction-free path: the browser's Fetch API is the native REST client.
Tooling Ecosystem
The developer experience around debugging, testing, and exploring APIs differs substantially between the two approaches.
REST Tooling
REST benefits from decades of web tooling. You can test any REST endpoint with curl from the command line, inspect requests in browser DevTools, and use tools like Postman, Insomnia, or HTTPie for interactive exploration. Every programming language has HTTP client libraries. API documentation is browsable in a web browser via Swagger UI or Redoc. Load testing works with standard HTTP tools like wrk, vegeta, or k6.
gRPC Tooling
gRPC tooling has matured significantly but remains more specialized. grpcurl is the command-line equivalent of curl for gRPC, supporting server reflection so you can discover methods and invoke them without having the proto files locally. BloomRPC (now superseded by Kreya and Postman's gRPC support) provides a GUI for exploring and testing gRPC services. Evans is another interactive gRPC client.
Debugging gRPC traffic is harder because the binary protobuf payloads are opaque in standard network tools. Wireshark has protobuf dissectors, and tools like grpc-tools can decode traffic, but it is never as simple as reading a JSON body in Chrome DevTools.
| Task | REST | gRPC |
|---|---|---|
| Quick manual test | curl https://api.example.com/users/42 | grpcurl -d '{"id":42}' host:443 UserService/GetUser |
| GUI client | Postman, Insomnia, Thunder Client | Postman (gRPC), Kreya, Evans |
| Browser inspection | DevTools Network tab -- full visibility | Opaque binary; needs proxy or plugin |
| API documentation | Swagger UI, Redoc (interactive, web-based) | buf.build registry, protoc-gen-doc |
| Load testing | wrk, vegeta, k6, ab | ghz, k6 (with xk6-grpc), locust |
| Mocking | WireMock, MockServer, Prism | grpc-mock, traffic parrot, buf connect |
| Linting/Validation | Spectral, openapi-lint | buf lint, protolint |
Observability
Monitoring and debugging production APIs requires visibility into latency, errors, and throughput. REST and gRPC handle this differently.
REST APIs communicate errors through HTTP status codes (400, 404, 500, etc.), which every piece of infrastructure -- load balancers, CDNs, monitoring tools, log aggregators -- understands natively. A spike in 5xx responses is immediately visible in any monitoring dashboard. Status codes are a shared vocabulary across the entire web ecosystem.
gRPC uses its own status codes (OK, CANCELLED, INVALID_ARGUMENT, NOT_FOUND, INTERNAL, etc.) carried in HTTP/2 trailers. These are semantically richer than HTTP status codes for RPC use cases, but they are invisible to most off-the-shelf monitoring infrastructure. A gRPC call that fails with PERMISSION_DENIED returns HTTP 200 at the transport layer -- the error is in the gRPC trailer, which your load balancer may not inspect.
This means gRPC deployments need gRPC-aware monitoring. The OpenTelemetry ecosystem has excellent gRPC interceptors for Go, Java, and Python that export spans with gRPC method names and status codes. Prometheus has grpc_server_handled_total metrics via the grpc-ecosystem middleware. But you must set this up explicitly -- it does not happen automatically the way HTTP status code monitoring does.
Versioning and Evolution
APIs change over time. How you manage those changes without breaking clients is a critical design concern.
REST Versioning
REST APIs typically version via URL paths (/v1/users, /v2/users), headers (Accept: application/vnd.api.v2+json), or query parameters (?version=2). URL versioning is the most common and most pragmatic: when you need a breaking change, you create a new version and run both in parallel until clients migrate.
The challenge is that "breaking change" in REST is ambiguous. Adding a field to a JSON response is usually safe, but clients doing strict deserialization may break. Removing a field definitely breaks clients. Renaming a field breaks everyone. There is no compile-time guarantee that a change is safe.
gRPC Versioning
Protobuf has explicit rules for backward-compatible evolution. You can add new fields (with new tag numbers), deprecate fields (without removing them), and change field names (only the tag number matters on the wire). Protobuf's reserved keyword prevents accidental reuse of old field numbers. The buf CLI can automatically detect breaking changes by comparing proto files across versions.
For truly breaking changes (restructuring a message, changing a method's semantics), gRPC services typically use package versioning: package myservice.v1 vs package myservice.v2. Both versions can run simultaneously on different gRPC endpoints.
The practical result is that gRPC services tend to evolve more safely because the wire format is designed for forward and backward compatibility, and tooling catches mistakes before deployment.
When REST Wins
REST is the better choice in several common scenarios. If any of these describe your situation, REST should be your default unless you have a specific reason to override it.
Public APIs
If your API consumers are external developers you do not control, REST is almost always the right choice. External developers expect HTTP endpoints they can call with curl, test in Postman, and integrate without installing code generators or learning protobuf. Every programming language has an HTTP client. No one needs to download a proto file and run protoc to get started.
Every major public API -- Stripe, GitHub, Twilio, Slack -- is REST (or REST-like). The universality of HTTP and JSON is a feature, not a limitation, when your goal is broad adoption.
Simple CRUD Applications
If your API maps naturally to create, read, update, and delete operations on resources, REST's uniform interface is elegant and intuitive. POST /orders, GET /orders/123, PUT /orders/123, DELETE /orders/123. The HTTP verbs map directly to the operations, the URLs are self-documenting, and you get caching semantics (GET is idempotent and cacheable) for free.
gRPC would model this as CreateOrder, GetOrder, UpdateOrder, DeleteOrder -- four distinct RPC methods that accomplish the same thing with more ceremony and less discoverability.
Browser-Native Applications
If your primary consumer is a web browser, REST is the native language. The Fetch API, form submissions, URL navigation, caching, and browser DevTools all assume HTTP with text payloads. Using gRPC means adding a gRPC-Web proxy layer and losing some streaming capabilities. The complexity is rarely worth it for a typical web application.
Cacheable Responses
REST's use of standard HTTP semantics means responses are cacheable at every layer: the browser, a CDN (like Cloudflare), a reverse proxy, a shared cache. Cache-Control headers, ETags, and conditional requests work out of the box. This is enormously valuable for read-heavy workloads.
gRPC responses are not cacheable by standard HTTP infrastructure because they use HTTP/2 POST for all requests and carry protobuf payloads that caches cannot interpret. You would need application-level caching.
When gRPC Wins
gRPC excels in environments where the overhead of REST becomes a bottleneck or where the guarantees of a typed contract matter more than universal accessibility.
Microservice Communication
Internal service-to-service communication is gRPC's sweet spot. Services are developed by teams within the same organization, so requiring proto files and code generation is not a burden -- it is a feature. The compiled contract eliminates a class of integration bugs where a producer and consumer disagree on the shape of a message. Proto files serve as a single source of truth that lives in a shared repository and is validated in CI.
The performance benefits compound in microservice architectures where a single user request may fan out to ten or twenty internal service calls. Smaller payloads, faster serialization, and connection multiplexing reduce the tail latency that accumulates across multiple hops.
Real-Time and Streaming Workloads
If your application needs to push updates continuously -- a BGP route feed, real-time metrics, live order book updates, collaborative document editing -- gRPC's native streaming support is a natural fit. Server-streaming RPCs maintain a long-lived connection where the server pushes messages as they become available. Bidirectional streaming allows both sides to send and receive concurrently.
Consider how a BGP monitoring service might expose a route update stream. With gRPC, the proto definition is explicit:
rpc WatchRoutes(WatchRequest) returns (stream RouteUpdate);
The generated code handles connection management, flow control, and reconnection. With REST, you would need to choose between WebSockets (full-duplex but no typing), SSE (server-push only, text-based), or long polling (wasteful), and build the framing and error handling yourself.
Polyglot Environments
When you have services written in Go, Java, Python, Rust, and C++ that need to communicate, gRPC's code generation eliminates the problem of hand-writing HTTP clients and JSON serializers in every language. One proto file generates correct, consistent client and server code across all of them. The wire format is identical regardless of language, so a Go client and a Rust server are guaranteed to agree on the encoding.
Strong Contract Requirements
In regulated industries, financial systems, or any environment where a silent schema mismatch could cause data corruption, gRPC's compile-time type safety is compelling. Every field has an explicit type, every method has defined request and response messages, and breaking changes are detectable by automated tooling before they reach production.
The Decision Framework
Rather than arguing about which is "better," use this framework to match the technology to your constraints:
GraphQL as an Alternative
GraphQL occupies a different niche than either REST or gRPC. Where REST is resource-oriented and gRPC is service-oriented, GraphQL is query-oriented: the client specifies exactly which fields it wants, and the server returns precisely that shape.
GraphQL shines when multiple consumers (mobile app, web app, third-party integrations) need different slices of the same data. Instead of building multiple REST endpoints or gRPC methods for each consumer's needs, you expose a single GraphQL endpoint and let clients request what they need.
However, GraphQL has its own tradeoffs: query complexity management, N+1 query problems, lack of native streaming (subscriptions exist but are less mature than gRPC streaming), and caching challenges (since everything is POST to a single endpoint, HTTP caching does not work).
| Criterion | REST | gRPC | GraphQL |
|---|---|---|---|
| Mental model | Resources (nouns) | Services (verbs) | Queries (shapes) |
| Client control over response | Fixed by server | Fixed by proto schema | Client specifies fields |
| Over/under-fetching | Common problem | Defined by message type | Eliminated by design |
| Transport | HTTP/1.1 or HTTP/2 | HTTP/2 only | HTTP (usually POST) |
| Caching | HTTP caching (excellent) | Application-level only | Difficult (single endpoint) |
| Best suited for | Public APIs, CRUD, web | Internal services, streaming | Multi-consumer data APIs |
For most teams, GraphQL and gRPC are not in competition -- they solve different problems. A common architecture uses gRPC between backend services and GraphQL (or REST) at the edge facing frontend consumers.
Transcoding: Getting Both with gRPC-HTTP/JSON
You do not always have to choose one or the other. gRPC transcoding (also called gRPC-HTTP/JSON transcoding) lets you define your API once in proto files and automatically expose it as both a gRPC service and a RESTful JSON API.
Google's google.api.http annotation maps gRPC methods to HTTP routes:
import "google/api/annotations.proto";
service UserService {
rpc GetUser(GetUserRequest) returns (User) {
option (google.api.http) = {
get: "/v1/users/{user_id}"
};
}
rpc CreateUser(CreateUserRequest) returns (User) {
option (google.api.http) = {
post: "/v1/users"
body: "*"
};
}
}With these annotations, a transcoding proxy (Envoy's gRPC-JSON transcoder filter, Google Cloud Endpoints, or the grpc-gateway project for Go) automatically generates RESTful endpoints. Internal services call UserService.GetUser via gRPC. External consumers call GET /v1/users/42 via REST. Both hit the same server implementation.
This approach gives you the best of both worlds: internal services get gRPC's performance and type safety, while external consumers get a clean REST API with JSON payloads and familiar HTTP semantics. Google uses this pattern extensively -- most Google Cloud APIs are defined in proto files with HTTP annotations and served through their transcoding infrastructure.
The tradeoff is complexity: you now have a proxy layer to configure and maintain, and some gRPC features (particularly streaming) do not map cleanly to REST semantics. But for organizations that have both internal and external API consumers, transcoding is often the pragmatic middle ground.
Hybrid Architectures in Practice
Most production systems do not use gRPC or REST exclusively. The prevailing pattern is:
- gRPC between backend services -- where performance, type safety, and streaming matter, and both sides are controlled by the same organization.
- REST (or GraphQL) at the edge -- facing browsers, mobile apps, third-party developers, and any consumer that expects standard HTTP.
- gRPC-Web or transcoding -- when you want to use gRPC internally but need to expose functionality to web clients without maintaining a separate REST implementation.
This layered approach is not a compromise but a deliberate design choice. Each protocol is used where its strengths matter most. The API gateway or edge proxy translates between the worlds, giving internal teams the benefits of gRPC while presenting a web-friendly interface to external consumers.
Summary Comparison
| Dimension | REST | gRPC |
|---|---|---|
| Philosophy | Resource-oriented (nouns + verbs) | Service-oriented (typed methods) |
| Payload format | JSON (text, self-describing) | Protobuf (binary, schema-required) |
| Transport | HTTP/1.1 or HTTP/2 | HTTP/2 only |
| Streaming | SSE, WebSocket (bolt-on) | Native (4 patterns built in) |
| Type safety | Optional (OpenAPI) | Mandatory (protobuf schema) |
| Code generation | Third-party, variable | First-class, official |
| Browser support | Native | Requires gRPC-Web proxy |
| Caching | HTTP caching (CDN, browser) | Application-level only |
| Error model | HTTP status codes (universal) | gRPC status codes (richer, less visible) |
| Tooling maturity | Decades of HTTP tooling | Growing but specialized |
| Observability | Standard HTTP monitoring | Needs gRPC-aware instrumentation |
| Versioning | URL paths, headers | Protobuf field tags, package versions |
| Best for | Public APIs, web, CRUD, caching | Microservices, streaming, polyglot |
The right answer depends on context. Default to REST for simplicity and universality. Choose gRPC when you need the performance, streaming, or type safety guarantees that justify the additional infrastructure. Use transcoding when you need both. And remember that the choice is not permanent -- many organizations start with REST and migrate specific high-traffic internal paths to gRPC as their performance requirements evolve.
For deeper dives into the technologies discussed here, see How gRPC Works, How Protocol Buffers Work, and How gRPC-Web Works.