Ask HN: Idempotency Key: Where to Generate the Attribute

2 pointsboonez1237y ago2 comments

I am making the following http request to create a financial transaction on another system.

The request follows this path:

Http request -> Service -> Third Party(like stripe but not stripe).

Should the idempotency_key be put into the http request so clients will have to generate it (most likely a uuid) or alternatively should the idempotency key be generated in the service itself?

I'm putting it out here on hacker news for people who have experience building and maintaining API's for financial institutions.

2 comments

ezekg7y ago

I like how Stripe does idempotent requests [0]. Essentially, you end up saying, "do this thing, which I'm calling 'charge-for-cust-foo', but only do it once, even if I tell you to do it again." Putting the "burden" of generating a unique idempotency key on the client seems to be the best solution, otherwise, they have to somehow store the idempotency key that your service generates to re-send it for the next request, which adds complexity on their end, especially when the request could be sent from multiple servers that need to share which key belongs to which request (i.e. multiple servers rule out storing the keys in memory, which would already pose a risk due to crashes/restarts clearing memory).

[0]: https://stripe.com/docs/api/idempotent_requests

verdverm7y ago

put the least burden on users as possible

j / k navigate · click thread line to collapse