I am making the following http request to create a financial transaction on another system.<p>The request follows this path:<p>Http request -> Service -> Third Party(like stripe but not stripe).<p>Should the idempotency_key be put into the http request so clients will have to generate it (most likely a uuid) or alternatively should the idempotency key be generated in the service itself?<p>I'm putting it out here on hacker news for people who have experience building and maintaining API's for financial institutions.
I like how Stripe does idempotent requests [0]. Essentially, you end up saying, "do this thing, which I'm calling 'charge-for-cust-foo', but only do it once, even if I tell you to do it again." Putting the "burden" of generating a unique idempotency key on the client seems to be the best solution, otherwise, they have to somehow store the idempotency key that your service generates to re-send it for the next request, which adds complexity on their end, especially when the request could be sent from multiple servers that need to share which key belongs to which request (i.e. multiple servers rule out storing the keys in memory, which would already pose a risk due to crashes/restarts clearing memory).<p>[0]: <a href="https://stripe.com/docs/api/idempotent_requests" rel="nofollow">https://stripe.com/docs/api/idempotent_requests</a>