Idempotency is the property of an operation producing the same result whether executed once or many times. In HTTP: GET/PUT/DELETE are idempotent per RFC (a repeated request does not change state). POST is non-idempotent by default but can be made so via an Idempotency-Key header (Stripe pattern). Critical for payments, orders, any "create" endpoints where a network retry must not create duplicates.
Below: details, example, related terms, FAQ.
Free online tool — HTTP header checker: instant results, no signup.
POST /v1/payments
Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000
{"amount":100,"currency":"USD"}Idempotency is a fundamental concept in RESTful API design that ensures the same operation can be performed multiple times without changing the outcome beyond the initial application. This is crucial for maintaining data integrity and consistency, especially in distributed systems where network issues can lead to repeated requests.
According to the HTTP specification, certain methods are defined as idempotent:
GET: Fetches data without altering the server state. Making multiple identical GET requests will always return the same resource representation.PUT: Updates a resource at a specific URI. Sending the same PUT request multiple times will not change the outcome after the first request; the resource remains in the same updated state.DELETE: Removes a resource. Once a resource is deleted, subsequent DELETE requests for the same resource will result in the same response, typically a 404 Not Found status.In contrast, the POST method is generally non-idempotent, as it can create new resources. For instance, if you send the same POST request to create a new user, each request will generate a new user, leading to duplicates.
To achieve idempotency with POST, an Idempotency-Key header can be used. This unique key allows the server to recognize repeated requests and return the same response without creating duplicate resources.
Implementing idempotency in your API requires careful design and consideration of how requests are handled. Below are steps and strategies to ensure idempotency:
POST, implement an Idempotency-Key header. This key should be unique for each intended operation and stored on the server side. If a request with the same key is received, the server should return the original response instead of executing the operation again.PUT request to update a resource, the server should ensure that subsequent identical requests do not alter the state further.Consider the following example of implementing an idempotent PUT request in a Node.js Express API:
app.put('/api/resource/:id', (req, res) => { const { id } = req.params; const { data } = req.body; // Update resource logic here if (resourceExists(id)) { updateResource(id, data); return res.status(200).send({ message: 'Resource updated' }); } return res.status(404).send({ message: 'Resource not found' }); }); This example ensures that multiple identical PUT requests will yield the same outcome, thus maintaining idempotency.
While implementing idempotency is essential, it comes with its own set of challenges. Understanding these challenges can help developers design better APIs:
To overcome these challenges, thorough testing and monitoring are crucial. Use logging to track how idempotent requests are handled and analyze the performance impact of idempotency mechanisms. This will help you fine-tune your API design for optimal performance while ensuring data integrity.
Network retry: server received the POST, processed it, but the response was lost in transit. The client thinks "it didn't go through, retrying" → duplicate. Idempotency-Key prevents that.
Stripe keeps them 24 hours. Enough for a retry window without bloating the DB.
Yes. Rate limits do not affect idempotency. The request is either allowed and returns data, or rejected with 429 — in both cases state does not change.
Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.