Blog

Idempotency keys for POST: safe retries without duplicate side effects

Clients replay requests on flaky networks; idempotency keys let servers collapse duplicates deterministically.

Published: 2025-07-20Updated: 2025-07-221 min read

restreliabilityapi-design

Interaction with CORS

Custom Idempotency-Key headers usually trigger preflight—ensure OPTIONS allows them alongside POST.

Expose whether a retry was deduplicated via a response header for observability in clients.

Scope keys per API key or user to prevent cross-tenant collisions.

Return the same status and body for duplicate submissions within the idempotency window.