You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: openapi/README.md
+56Lines changed: 56 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -567,6 +567,62 @@ All errors follow a consistent structure:
567
567
568
568
---
569
569
570
+
## Idempotency
571
+
572
+
Any API endpoint that triggers money movement **must** support idempotency to prevent duplicate transactions caused by retries, network failures, or client timeouts.
573
+
574
+
We follow the [IETF Idempotency-Key HTTP Header Field](https://datatracker.ietf.org/doc/draft-ietf-httpapi-idempotency-key-header/) specification.
575
+
576
+
### Endpoints Requiring Idempotency
577
+
578
+
| Endpoint | Description |
579
+
|----------|-------------|
580
+
| `POST /quotes` (with `immediatelyExecute: true`) | Creates and executes a quote in one step |
581
+
| `POST /quotes/{quoteId}/execute` | Executes a previously created quote |
582
+
| `POST /transfer-in` | Initiates an inbound transfer |
583
+
| `POST /transfer-out` | Initiates an outbound transfer |
584
+
585
+
### How It Works
586
+
587
+
Clients include an `Idempotency-Key` header with a unique value (typically a UUID) on the request. The server uses this key to deduplicate requests:
588
+
589
+
- **First request**: Processes normally and stores the response keyed by the idempotency key.
590
+
- **Subsequent requests with the same key (2xx or 4xx)**: Returns the stored response without reprocessing. The response status code and body will match the original response.
591
+
- **Subsequent requests with the same key (5xx)**: Server errors are not stored — the request will be retried and processed again, allowing recovery from transient failures.
0 commit comments