Idempotency for a financial transaction API

  softwareengineering

Say you have a REST API endpoint like POST /move-money which transfers money from your main account to a savings pot. There are three path parameters

  • accountId for the user’s account
  • potId for the user’s savings pot
  • transferId which is a GUID generated by the calling client

Assume there’s also a body with additional details but those are irrelevant for the question.

The goal is to achieve idempotency on the endpoint so that if two concurrent requests arrive at the service, the amount will be transferred only once. So to be precise:

Is it enough to use the transferId (which is generated by the client) as an idempotency key?

Is it redundant or necessary to perform a lock on the accountId to ensure idempotency?

What would be the sequence of actions necessary to ensure idempotency, as in at what point do we store the transferId and when do we perform the check?

  • java
  • rest
  • api
  • api-design

LEAVE A COMMENT