Journal
The most important header in payments
Short one, but it’s the thing I’d put on a wall if I could.
The network will fail you at the worst possible moment: after your request reached the payment provider, after it charged the card, and before the response got back to you. Now you’re holding a timeout and a question with no good answer — did that charge go through? Retry, and you might double-charge. Don’t retry, and you might have dropped a real payment.
The idempotency key dissolves the dilemma. You generate a unique key per logical operation and send it with the request. The provider records the outcome against that key. If the same key shows up again, it doesn’t redo the work — it replays the stored result. Retry becomes safe. That’s the whole trick, and it’s enormous.
Stripe’s version is worth reading as a reference: you pass an
Idempotency-Key header, they save the
status and body of the first response, and they keep the key for at least 24 hours. Reuse it
inside that window and you get the original result back, not a second charge.
Two things people get wrong. First, the key has to be tied to the operation, not the attempt — generate it once, before the first try, and reuse the exact same key on every retry. Generate a fresh one per attempt and you’ve built an elaborate way to double-charge. Second, keys expire. Retrying after the retention window is a brand-new request as far as the provider is concerned, so your own side still needs a durable record of what you’ve already done.
Idempotency isn’t a payments-only idea, but payments are where it stops being nice-to-have and becomes the load-bearing wall.
Archie