API Design: Idempotency

A user clicks "Pay Now". The internet blips. They click it again. Do you charge them twice?

Defining Idempotency

An operation is idempotent if applying it multiple times has the same effect as applying it once.

• f(f(x)) = f(x)

Safe methods: * GET: Fetching a profile twice doesn't change it. * PUT: Updating address to "New York" twice results in "New York". * DELETE: Deleting ID 5 twice? The second time might 404, but the state (ID 5 is gone) is the same.

Unsafe methods: * POST: Creating a payment.

The Fix

Use an Idempotency Key. The client generates a UUID (123-abc) and sends it with the request. The server checks Redis: "Have I seen 123-abc?" * Yes: Return the cached response. * No: Process payment, save response.

Conclusion

Build resilient APIs that assume clients will retry. Because they will.