Why Idempotency Matters
In payment systems, network failures and timeouts are inevitable. Without idempotency, retrying a failed request could create a duplicate transaction — charging a user twice or triggering two payouts. Idempotency keys let you safely retry requests with the guarantee that the operation only executes once.The Idempotency-Key Header
Include an Idempotency-Key header on mutating requests. The key uniquely identifies the intent of the request — same key, same result.
Key Format
Use a UUID v4 for each unique operation:Key Expiry
Keys expire after 24 hours. After expiry, the same key can be used for a new request.Behavior
Successful Retry
When you retry with the same key and body, the response includes a header indicating it’s a replay:201 response.
Conflict (Different Body)
If you accidentally reuse a key with different parameters:Retry Example
Recovering a Lost Transaction ID
If your client crashes after sending a request but before saving thetransactionId, you can recover it by replaying the same idempotency key and body:
transactionId) with the Idempotent-Replayed: true header. This works as long as the key hasn’t expired (24 hours).
Store your idempotency keys alongside the operation they represent. This makes recovery straightforward — if in doubt, just replay the request.
