Skip to content
V3.0 // STABLE
LOAD 12%
LAT 24MS
SLA 99.99%
wahyu amirulloh

Idempotent API Design for Financial Reliability

2 min read
0 views
idempotencyapi designdistributed systemsfintech

In financial systems, a "Ghost Transaction" is a nightmare. This happens when a network timeout occurs, and the client retries a request that was actually partially processed. To solve this, we must design Idempotent APIs.

The Core Concept

An idempotent operation is one that can be performed multiple times without changing the result beyond the initial application.

[!IMPORTANT] Idempotency is not optional in Fintech. Every POST/PATCH request that moves money must be idempotent to protect against network instability.

Idempotency Key Workflow

The most robust pattern involves an Idempotency-Key header provided by the client (usually a UUID).

Live architecture
Analyzing Schema...

Arch Note

Interactive logic enabled. Click components in expanded view for technical service definitions.

Layer.0 / Distributed_System_Viz

Handling Retries

When a client retries with the same key, the service should:

  1. If Processing: Return 409 Conflict or Processing.
  2. If Completed: Return the cached response from the first successful attempt.

Failure Scenarios

ScenarioResult without IdempotencyResult with Idempotency
Client Retry on TimeoutDouble Charge (2x Withdrawal)Single Charge (2nd Req returns cached 200)
Concurrent Double-ClickParallel race conditionAtomic Lock (2nd Req rejected immediately)
Internal Server ErrorPartial data, retry might failDeterministic recovery via state machine

Consultant's Implementation Checklist

  • Database Constraints: Use a UNIQUE constraint on the idempotency_key column in your SQL database as the ultimate source of truth.
  • Standardized Header: Use a standard header name like X-Idempotency-Key.
  • Expiration Policy: Set a TTL for your idempotency cache (e.g., 24-48 hours) to prevent Redis memory bloat.
  • deterministic Response: Ensure the cached response includes the same body and status code as the original.

[!TIP] Pro-Tip: For critical H2H banking integrations, always log the request_payload alongside the idempotency_key to audit any attempts to reuse the same key with different amounts or currencies.

Building idempotent systems is about moving from "hope-based" engineering to "deterministic-based" engineering.