blog.suje.sh

Understanding Idempotency — Building Reliable APIs and Microservices

#Distributed Systems, #Spring Boot, #Microservices, #Reliability

For the last few years, I have been working on building Java microservices using Spring Boot.
In day-to-day development, I often come across terms like retries, transactions, and duplicate requests, especially when building APIs that interact with other services or databases.

While working on one such service recently, I came across the concept of idempotency.
It’s one of those ideas that look simple on the surface but play a big role in making systems reliable.
I decided to explore it in a bit more detail and write down what I learned here.

What is Idempotency?

Idempotency means that an operation can be called multiple times without changing the result beyond the initial call.

In other words:

“If you retry the same request again, it should not change the outcome.”

This concept is very useful in distributed systems where retries are common — due to network issues, timeouts, or failures.

Example: Payment API

Imagine a user clicking a “Pay Now” button.
If the request goes through but the response is delayed, the client might retry the same call.

If the backend is not idempotent, that could trigger multiple charges.
An idempotent API, on the other hand, makes sure that even if the same request is retried, the user is charged only once.

HTTP Methods and Idempotency

HTTP defines some methods as naturally idempotent.
Here’s a quick reference:

MethodIdempotentDescription
GETSafe — only reads data.
DELETEDeleting again has no effect.
PUTUpdates or replaces a resource with the same state.
POSTCreates a new resource each time.
PATCH⚠️ DependsOnly idempotent if written carefully.

Most APIs that deal with creation or state changes (POST) need extra care to be idempotent.

Why It Matters

Retries happen more often than we think:

  • API gateways and clients retry after timeouts
  • Users refresh pages or double-click buttons
  • Message queues re-deliver the same message

Without idempotency, this can lead to duplicate database entries, double payments, or inconsistent system state.
Once you start thinking about reliability, idempotency quickly becomes a must-have.

How to Design Idempotent APIs

1. Use an Idempotency Key

Clients can send a unique key with each request.
If the same key appears again, the server simply returns the previous result.

Example:

POST /payments
Idempotency-Key: 8a1f3c2d-2c9f-4d85-a4a7-5f7e24c901cd

The backend can store the response for each key in a table.
If the same key comes again, it returns the same result.

2. Use Client-Generated Identifiers

When creating resources, the client can generate a unique ID and include it in the request.

Example:

POST /orders
{
“orderId”: “7dcefa23-fcd8-4a1b-a8db-6e6b928b56ad”
}

If the server receives the same orderId again, it knows this request was already processed.

3. Make APIs Declarative

Design APIs to describe the desired end state instead of performing actions.

Example:

PUT /cart/total
{
“value”: 500
}

This is idempotent — the result is always the same no matter how many times it’s called.

Compare this with:

POST /cart/increment

which increases the total every time — not idempotent.

4. Database Constraints and Transactions

You can use database-level uniqueness constraints to avoid processing the same event twice.
In Spring Boot, it’s common to use:

  • @Transactional to make operations atomic
  • Unique keys on columns like paymentId or orderId
  • Checks before inserts (e.g., existsByPaymentId())

Example (Kafka consumer):

@KafkaListener(topics = “payments”)
public void handlePayment(PaymentEvent event) {
if (repository.existsByPaymentId(event.getId())) {
return; // already processed
}
processPayment(event);
}

How Spring Boot Helps

Spring Boot provides good building blocks for idempotent systems:

  • Transactions for atomic operations
  • Retries using spring-retry
  • Database constraints for deduplication
  • Filters or interceptors to handle idempotency keys globally

If you design your APIs carefully, these tools make implementing idempotency much easier.

My Takeaway

After digging into idempotency, I realized it’s not just a “nice to have” — it’s a requirement for any reliable distributed system.
It helps make retries safe and prevents subtle bugs that are hard to reproduce.

Whenever I design an API now, I try to ask:

“What happens if this request is sent twice?”

If the answer is “nothing breaks,” I know I’m on the right track.

← All posts