Reliability·3 min read

Idempotency

An operation you can safely apply more than once and get the same result: the foundation of every retryable system.

First time reading this? Start here

Plain English: 'set my balance to $100' is idempotent, so running it twice doesn't double-set anything. 'Add $10 to my balance' is NOT, so running it twice charges me extra. Networks lose responses constantly, so any operation that matters has to be designed so a retry doesn't break things.

Used in:Payment Gateway Apache Kafka Notification System

What it is

A property of an operation: F(x) == F(F(x)) == F(F(F(x))). 'Set balance to $100' is idempotent. 'Add $10 to balance' is not: retry it and the user is overcharged. Idempotency is what makes networks tolerable. Networks lose responses, timeouts lie, retries happen, and without idempotency, every retry is a potential bug.

The problem it solves

Every distributed system has at-least-once delivery somewhere. A request times out, the client retries, the server processes both, and now what? Without idempotency, you get duplicate charges, doubled inventory adjustments, duplicate emails. With idempotency, the second request is a no-op or returns the cached result.

How it works

Three common patterns: (1) Idempotency keys, where the client sends a unique key with each request; the server records it and returns the cached response on retry (Stripe's model). (2) Natural idempotence, where you design the operation so it's inherently safe to repeat (PUT, upserts, 'set' instead of 'add'). (3) Versioned writes, where you include an expected version; the second write fails the optimistic-lock check and is a no-op.

Why use it

Makes retries safe, so the entire failure-handling story gets simpler
Lets you use at-least-once delivery (cheap) instead of exactly-once (very expensive)
Standard pattern in payments, queues, webhooks, every reliable API

What it costs you

Storage cost: idempotency keys have to be remembered for some window (24h, 7d, forever)
Easy to get wrong, since partial idempotency (some side effects deduplicated, others not) is worse than none
Requires discipline on the client, where keys must actually be unique per logical operation, not per retry attempt

Where it shows up in our architectures

Payment Gateway →
Idempotency keys on every charge request, Stripe-style. Duplicate POSTs return the original response, no double-charge
Apache Kafka →
At-least-once delivery is the default. Consumers must be idempotent, processing the same message twice without effect
Notification System →
Send-notification accepts an idempotency key so a flaky publisher's retries don't spam the user

Gotchas

'Idempotent' means the *end state* is the same on retry, not necessarily that the second call returns the same response. (POST with an idempotency key usually returns the cached response; PUT just overwrites.)
Side effects beyond the database (emails, webhooks, queue publishes) need their own deduplication; DB idempotency alone doesn't cover them.
Idempotency keys must outlive the retry window. If your client retries for 24h but you only remember keys for 1h, you'll process a 'duplicate' as a new request.
Time-based keys are a bug magnet; use a UUID per logical operation, not a timestamp.

Your notes

Private to you