-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdraft-idempotency-header-01.txt
672 lines (419 loc) · 22.8 KB
/
draft-idempotency-header-01.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
Network Working Group J. Jena
Internet-Draft PayPal, Inc.
Intended status: Standards Track S. Dalal
Expires: 27 May 2021 23 November 2020
The Idempotency HTTP Header Field
draft-idempotency-header-01
Abstract
The "HTTP" Idempotency request header field can be used to carry
idempotency key in order to make non-idempotent "HTTP" methods such
as "POST" or "PATCH" fault-tolerant.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 27 May 2021.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License.
Jena & Dalal Expires 27 May 2021 [Page 1]
Internet-Draft The Idempotency HTTP Header Field November 2020
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3
2. The Idempotency HTTP Request Header Field . . . . . . . . . . 3
2.1. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2. Uniqueness of Idempotency Key . . . . . . . . . . . . . . 4
2.3. Idempotency Key Validity and Expiry . . . . . . . . . . . 4
2.4. Idempotency Fingerprint . . . . . . . . . . . . . . . . . 4
2.5. Responsibilities . . . . . . . . . . . . . . . . . . . . 4
2.6. Idempotency Enforcement Scenarios . . . . . . . . . . . . 5
2.7. Error Scenarios . . . . . . . . . . . . . . . . . . . . . 6
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
3.1. The Idempotency-Key HTTP Request Header Field . . . . . . 6
4. Implementation Status . . . . . . . . . . . . . . . . . . . . 7
4.1. Implementing the Concept . . . . . . . . . . . . . . . . 8
5. Security Considerations . . . . . . . . . . . . . . . . . . . 10
6. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 10
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
7.1. Normative References . . . . . . . . . . . . . . . . . . 11
7.2. Informative References . . . . . . . . . . . . . . . . . 11
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 12
Appendix B. Appendix . . . . . . . . . . . . . . . . . . . . . . 12
B.1. Appendix A. Imported ABNF . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction
Idempotence is the property of certain operations in mathematics and
computer science whereby they can be applied multiple times without
changing the result beyond the initial application. It does not
matter if the operation is called only once, or 10s of times over.
The result "SHOULD" be the same.
Idempotency is important in building a fault-tolerant "HTTP API". An
"HTTP" request method is considered "idempotent" if the intended
effect on the server of multiple identical requests with that method
is the same as the effect for a single such request. According to
[RFC7231], "HTTP" methods "OPTIONS", "HEAD", "GET", "PUT" and
"DELETE" are idempotent while methods "POST" and "PATCH" are not.
Let's say a client of an "HTTP API" wants to create (or update) a
resource using a "POST" method. Since "POST" is "NOT" an idempotent
method, calling it multiple times can result in duplication or wrong
updates. Consider a scenario where the client sent a "POST" request
to the server, but it got a timeout. Following questions arise : Is
the resource actually created (or updated)? Did the timeout occur
during sending of the request, or when receiving of the response?
Jena & Dalal Expires 27 May 2021 [Page 2]
Internet-Draft The Idempotency HTTP Header Field November 2020
Can the client safely retry the request, or does it need to figure
out what happened in the first place? If "POST" had been an
idempotent method, such questions may not arise. Client would safely
retry a request until it actually gets a valid response from the
server.
For many use cases of "HTTP API", duplicate resource is a severe
problem from business perspective. For example, duplicate records
for requests involving any kind of money transfer "MUST NOT" be
allowed. In other cases, processing of duplicate webhook delivery is
not expected.
1.1. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
This specification uses the Augmented Backus-Naur Form (ABNF)
notation of [RFC5234] and includes, by reference, the IMF-fixdate
rule as defined in Section 7.1.1.1 of [RFC7231].
The term "resource" is to be interpreted as defined in Section 2 of
[RFC7231], that is identified by an URI. The term "resource server"
is to be interpreted as "origin server" as defined in Section 3 of
[RFC7231].
2. The Idempotency HTTP Request Header Field
An idempotency key is a unique value generated by the client which
the resource server uses to recognize subsequent retries of the same
request. The "Idempotency-Key" HTTP request header field carries
this key.
2.1. Syntax
The "Idempotency-Key" request header field describes
Idempotency-Key = idempotency-key-value
idempotency-key-value = opaque-value
opaque-value = DQUOTE *idempotencyvalue DQUOTE
idempotencyvalue = %x21 / %x23-7E / obs-text
; VCHAR except double quotes, plus obs-text
Jena & Dalal Expires 27 May 2021 [Page 3]
Internet-Draft The Idempotency HTTP Header Field November 2020
Clients MUST NOT include more than one "Idempotency-Key" header field
in the same request.
The following example shows an idempotency key using "UUID"
[RFC4122]:
Idempotency-Key: "8e03978e-40d5-43e8-bc93-6894a57f9324"
2.2. Uniqueness of Idempotency Key
The idempotency key that is supplied as part of every "POST" request
MUST be unique and "MUST" not be reused with another request with a
different request payload.
Uniqueness of the key "MUST" be defined by the resource owner and
"MUST" be implemented by the clients of the resource server. It is
"RECOMMENDED" that "UUID" [RFC4122] or a similar random identifier be
used as an idempotency key.
2.3. Idempotency Key Validity and Expiry
The resource MAY enforce time based idempotency keys, thus, be able
to purge or delete a key upon its expiry. The resource server SHOULD
define such expiration policy and publish in related documentation.
2.4. Idempotency Fingerprint
An idempotency fingerprint MAY be used in conjunction with an
idempotency key to determine the uniqueness of a request. Such a
fingerprint is generated from request payload data by the resource
server. An idempotency fingerprint generation algorithm MAY use one
of the following or similar approaches to create a fingerprint.
* Checksum of the entire request payload.
* Checksum of selected element(s) in the request payload.
* Field value match for each field in the request payload.
* Field value match for selected element(s) in the request payload.
* Request digest/signature.
2.5. Responsibilities
Client
Jena & Dalal Expires 27 May 2021 [Page 4]
Internet-Draft The Idempotency HTTP Header Field November 2020
Clients of "HTTP API" requiring idempotency, SHOULD understand the
idempotency related requirements as published by the server and use
appropriate algorithm to generate idempotency keys.
For each request, client SHOULD
* Send a unique idempotency key in the HTTP "Idempotency-Key"
request header field.
Resource Server
Resource server MUST publish idempotency related specification. This
specification MUST include expiration related policy if applicable.
Server is responsible for managing the lifecycle of the idempotency
key.
For each request, server SHOULD
* Identify idempotency key from the HTTP "Idempotency-Key" request
header field.
* Generate idempotency fingerprint if required.
* Check for idempotency considering various scenarios including the
ones described in section below.
2.6. Idempotency Enforcement Scenarios
* First time request (idempotency key or fingerprint has not been
seen)
The resource server SHOULD process the request normally and
respond with an appropriate response and status code.
* Duplicate request (idempotency key or fingerprint has been seen)
Retry
The request was retried after the original request completed. The
resource server MUST respond with the result of the previously
completed operation, success or an error.
Concurrent Request
The request was retried before the original request completed.
The resource server MUST respond with a resource conflict error.
See Error Scenarios for details.
Jena & Dalal Expires 27 May 2021 [Page 5]
Internet-Draft The Idempotency HTTP Header Field November 2020
2.7. Error Scenarios
If the "Idempotency-Key" request header is missing for a documented
idempotent operation requiring this header, the resource server MUST
reply with an "HTTP" "400" status code with body containing a link
pointing to relevant documentation. Alternately, using the "HTTP"
header "Link", the client can be informed about the error as shown
below.
HTTP/1.1 400 Bad Request
Link: <https://developer.example.com/idempotency>;
rel="describedby"; type="text/html"
If there is an attempt to reuse an idempotency key with a different
request payload, the resource server MUST reply with a "HTTP" "422"
status code with body containing a link pointing to relevant
documentation. The status code "422" is defined in Section 11.2 of
[RFC4918]. The server can also inform the client by using the "HTTP"
header "Link" as shown below.
HTTP/1.1 422 Unprocessable Entity
Link: <https://developer.example.com/idempotency>;
rel="describedby"; type="text/html"
If the request is retried, while the original request is still being
processed, the resource server MUST reply with an "HTTP" "409" status
code with body containing a link or the "HTTP" header "Link" pointing
to the relevant documentation.
HTTP/1.1 409 Conflict
Link: <https://developer.example.com/idempotency>;
rel="describedby"; type="text/html"
For other errors, the resource MUST return the appropriate status
code and error message.
3. IANA Considerations
3.1. The Idempotency-Key HTTP Request Header Field
The "Idempotency-Key" request header should be added to the permanent
registry of message header fields (see [RFC3864]), taking into
account the guidelines given by HTTP/1.1 [RFC7231].
Jena & Dalal Expires 27 May 2021 [Page 6]
Internet-Draft The Idempotency HTTP Header Field November 2020
Header Field Name: Idempotency-Key
Applicable Protocol: Hypertext Transfer Protocol (HTTP)
Status: Standard
Authors:
Jayadeba Jena
Email: [email protected]
Sanjay Dalal
Email: [email protected]
Change controller: IETF
Specification document: this specification,
Section 2 "The Idempotency HTTP Request Header Field"
4. Implementation Status
Note to RFC Editor: Please remove this section before publication.
This section records the status of known implementations of the
protocol defined by this specification at the time of posting of this
Internet-Draft, and is based on a proposal described in [RFC7942].
The description of implementations in this section is intended to
assist the IETF in its decision processes in progressing drafts to
RFCs. Please note that the listing of any individual implementation
here does not imply endorsement by the IETF. Furthermore, no effort
has been spent to verify the information presented here that was
supplied by IETF contributors. This is not intended as, and must not
be construed to be, a catalog of available implementations or their
features. Readers are advised to note that other implementations may
exist.
According to RFC 7942, "this will allow reviewers and working groups
to assign due consideration to documents that have the benefit of
running code, which may serve as evidence of valuable experimentation
and feedback that have made the implemented protocols more mature.
It is up to the individual working groups to use this information as
they see fit".
Organization: Stripe
* Description: Stripe uses custom HTTP header named "Idempotency-
Key"
Jena & Dalal Expires 27 May 2021 [Page 7]
Internet-Draft The Idempotency HTTP Header Field November 2020
* Reference: https://stripe.com/docs/idempotency
Organization: Adyen
* Description: Adyen uses custom HTTP header named "Idempotency-Key"
* Reference: https://docs.adyen.com/development-resources/api-
idempotency/
Organization: Dwolla
* Description: Dwolla uses custom HTTP header named "Idempotency-
Key"
* Reference: https://docs.dwolla.com/
Organization: Interledger
* Description: Interledger uses custom HTTP header named
"Idempotency-Key"
* Reference: https://github.com/interledger/
Organization: WorldPay
* Description: WorldPay uses custom HTTP header named "Idempotency-
Key"
* Reference: https://developer.worldpay.com/docs/wpg/idempotency
Organization: Yandex
* Description: Yandex uses custom HTTP header named "Idempotency-
Key"
* Reference: https://cloud.yandex.com/docs/api-design-
guide/concepts/idempotency
4.1. Implementing the Concept
This is a list of implementations that implement the general concept,
but do so using different mechanisms:
Organization: Django
* Description: Django uses custom HTTP header named
"HTTP_IDEMPOTENCY_KEY"
Jena & Dalal Expires 27 May 2021 [Page 8]
Internet-Draft The Idempotency HTTP Header Field November 2020
* Reference: https://pypi.org/project/django-idempotency-key
Organization: Twilio
* Description: Twilio uses custom HTTP header named "I-Twilio-
Idempotency-Token" in webhooks
* Reference: https://www.twilio.com/docs/usage/webhooks/webhooks-
connection-overrides
Organization: PayPal
* Description: PayPal uses custom HTTP header named "PayPal-Request-
Id"
* Reference: https://developer.paypal.com/docs/business/develop/
idempotency
Organization: RazorPay
* Description: RazorPay uses custom HTTP header named "X-Payout-
Idempotency"
* Reference: https://razorpay.com/docs/razorpayx/api/idempotency/
Organization: OpenBanking
* Description: OpenBanking uses custom HTTP header called "x-
idempotency-key"
* Reference: https://openbankinguk.github.io/read-write-api-
site3/v3.1.6/profiles/read-write-data-api-profile.html#request-
headers
Organization: Square
* Description: To make an idempotent API call, Square recommends
adding a property named "idempotency_key" with a unique value in
the request body.
* Reference: https://developer.squareup.com/docs/build-basics/using-
rest-api
Organization: Google Standard Payments
* Description: Google Standard Payments API uses a property named
"requestId" in request body in order to provider idempotency in
various use cases.
Jena & Dalal Expires 27 May 2021 [Page 9]
Internet-Draft The Idempotency HTTP Header Field November 2020
* Reference: https://developers.google.com/standard-payments/
payment-processor-service-api/rest/v1/TopLevel/capture
Organization: BBVA
* Description: BBVA Open Platform uses custom HTTP header called "X-
Unique-Transaction-ID"
* Reference:
https://bbvaopenplatform.com/apiReference/APIbasics/content/x-
unique-transaction-id
Organization: WebEngage
* Description: WebEngage uses custom HTTP header called "x-request-
id" to identify webhook POST requests uniquely to achieve events
idempotency.
* Reference: https://docs.webengage.com/docs/webhooks
5. Security Considerations
This section is meant to inform developers, information providers,
and users of known security concerns specific to the idempotency
keys.
For idempotent request handling, the resources MAY make use of the
value in the idempotency key to look up a cache or a persistent store
for duplicate requests matching the key. If the resource does not
validate the value of the idempotency key prior to performing such a
lookup, it MAY lead to various forms of security attacks and
compromise. To avoid such situations, the resource SHOULD publish
the expected format of the idempotency key, algorithm used to
generate it and always validate the key value as per the published
specification before processing any request.
6. Examples
The first example shows an idempotency-key header field with key
value using UUID version 4 scheme:
Idempotency-Key: "8e03978e-40d5-43e8-bc93-6894a57f9324"
Second example shows an idempotency-key header field with key value
using some random string generator:
Idempotency-Key: "clkyoesmbgybucifusbbtdsbohtyuuwz"
Jena & Dalal Expires 27 May 2021 [Page 10]
Internet-Draft The Idempotency HTTP Header Field November 2020
7. References
7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration
Procedures for Message Header Fields", BCP 90, RFC 3864,
DOI 10.17487/RFC3864, September 2004,
<https://www.rfc-editor.org/info/rfc3864>.
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
Unique IDentifier (UUID) URN Namespace", RFC 4122,
DOI 10.17487/RFC4122, July 2005,
<https://www.rfc-editor.org/info/rfc4122>.
[RFC4918] Dusseault, L., Ed., "HTTP Extensions for Web Distributed
Authoring and Versioning (WebDAV)", RFC 4918,
DOI 10.17487/RFC4918, June 2007,
<https://www.rfc-editor.org/info/rfc4918>.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008,
<https://www.rfc-editor.org/info/rfc5234>.
[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Message Syntax and Routing",
RFC 7230, DOI 10.17487/RFC7230, June 2014,
<https://www.rfc-editor.org/info/rfc7230>.
[RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Semantics and Content", RFC 7231,
DOI 10.17487/RFC7231, June 2014,
<https://www.rfc-editor.org/info/rfc7231>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
7.2. Informative References
Jena & Dalal Expires 27 May 2021 [Page 11]
Internet-Draft The Idempotency HTTP Header Field November 2020
[RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running
Code: The Implementation Status Section", BCP 205,
RFC 7942, DOI 10.17487/RFC7942, July 2016,
<https://www.rfc-editor.org/info/rfc7942>.
Appendix A. Acknowledgments
The authors would like to thank Mark Nottingham for his support for
this Internet Draft. We would like to acknowledge that this draft is
inspired by Idempotency related patterns described in API
documentation of PayPal (https://github.com/paypal/api-
standards/blob/master/patterns.md#idempotency) and Stripe
(https://stripe.com/docs/idempotency) as well as Internet Draft on
POST Once Exactly (https://tools.ietf.org/html/draft-nottingham-http-
poe-00) authored by Mark Nottingham.
The authors take all responsibility for errors and omissions.
Appendix B. Appendix
B.1. Appendix A. Imported ABNF
The following core rules are included by reference, as defined in
Appendix B.1 of [RFC5234]: ALPHA (letters), CR (carriage return),
CRLF (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double
quote), HEXDIG (hexadecimal 0-9/A-F/a-f), LF (line feed), OCTET (any
8-bit sequence of data), SP (space), and VCHAR (any visible US-ASCII
character).
The rules below are defined in [RFC7230]:
obs-text = <obs-text, see [RFC7230], Section 3.2.6>
Authors' Addresses
Jayadeba Jena
PayPal, Inc.
Email: [email protected]
Sanjay Dalal
Email: [email protected]
URI: https://github.com/sdatspun2
Jena & Dalal Expires 27 May 2021 [Page 12]