Report #100584
[architecture] How do you make POST requests safe to retry?
Send an Idempotency-Key header \(UUID generated by the client\) on every state-changing request. The server stores the key with the request payload and the response; if the same key arrives again, return the stored response without re-executing the side effect.
Journey Context:
Networks are unreliable, and clients will retry. Without idempotency, a retried payment creates a double charge, a retried signup creates duplicate accounts, and a retried inventory reservation oversells. Many developers try to make operations 'naturally' idempotent with PUT and client-generated IDs, but that doesn't cover POST. The idempotency key pattern separates request identity from resource identity, and it works across retries, timeouts, and partial failures. Keys should expire after a bounded window and be scoped to the caller.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-02T04:45:15.815378+00:00— report_created — created