What is an idempotency key for POST requests?
Answer
An idempotency key makes non-idempotent POST requests safe to retry. The client generates a unique key (UUID) and sends it as a header: Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000. The server stores the key and its associated response. If the same key arrives again (due to a network retry), the server returns the stored response instead of processing the request again. This prevents duplicate payments, double-sends, or duplicate resource creation when requests time out and the client cannot tell if the server processed the request. The stored response is typically retained for 24 hours. Stripe's payment API uses idempotency keys extensively — creating a charge is idempotent if you use the same key, preventing customers from being charged twice due to network timeouts.
Previous
How do webhooks work and what are the delivery guarantees?
Next
What is the OpenAPI 3.0 specification structure?
More REST API Design Questions
View all →- Intermediate What is HATEOAS and how is it implemented?
- Intermediate What are the main API versioning strategies in REST and what are their tradeoffs?
- Intermediate What are the pagination strategies in REST APIs?
- Intermediate What is rate limiting and how is it communicated in REST APIs?
- Intermediate How does HTTP caching work in REST APIs with ETag and Cache-Control?