Ensuring API requests are safe.
GET
and DELETE
are inherently idempotent, fetching or
deleting the same item twice will simply result in the same response.
Update actions, such as PATCH
are also usually idempotent. Duplicating calls
may be inefficient, but weโve made sure that in our API update actions are safe
to be repeated.
Create actions, like POST
or PUT
however require additional guarantees to
ensure data will not be duplicated. The Invopop APIs handle these scenarios by
requiring that every model and thus every incoming operation includes either an id
field in UUID string format, or often a key
property that will be checked to ensure
it is unique before processing.
Many API endpoints will detect duplicated requests and simply return the same response
as expected initially. If however this cannot be guaranteed, the API will return a
409 Conflict
response which the client should be able to handle.