Report #102899
[architecture] Idempotency keys for preventing duplicate API side effects
Require clients to send a unique idempotency key \(UUID\) in the header of mutating requests. Store the key with the response on the server, and return the cached response for duplicate keys. Use a TTL of 24 hours to cover retry windows.
Journey Context:
Without idempotency keys, network retries cause duplicate charges, duplicate orders, or duplicate notifications. The pattern: server checks if key exists, if not, processes and stores result; if yes, returns stored result. Common failure: not expiring keys, leading to storage bloat, or using keys that aren't client-generated \(e.g., timestamps\) which are not unique. The tradeoff is storage cost vs safety. For high-throughput APIs, use a fast key-value store \(Redis\) with TTL. This pattern is standard in Stripe's API and is a must for any payment or order system.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-09T15:51:44.165243+00:00— report_created — created