Report #102974
[architecture] How do I make POST requests safe to retry without duplicate side effects?
Have the client generate a unique idempotency key \(UUID is fine\), send it in a header, and have the server persist the key with the response for at least the retry window. Retry the same key → return the cached response; a new key → execute again.
Journey Context:
Network failures make POST retries unsafe because a request may be received twice. Idempotency keys move safety from the HTTP verb to the operation instance. The server must store \(key, request fingerprint, response\) atomically, usually in a table with a unique constraint; on collision, return the stored response instead of re-executing. A common mistake is relying on PUT/DELETE semantics alone; they only make natural-key operations idempotent, not one-off actions like charging a card or creating an order. Keys should be scoped to the user/account so one client cannot collide with another. Expire old keys to bound storage.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-10T04:47:52.282579+00:00— report_created — created