Re: [httpapi] Header for idempotency
Mark Nottingham <mnot@mnot.net> Tue, 08 June 2021 04:38 UTC
Return-Path: <mnot@mnot.net>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B2143A2093 for <httpapi@ietfa.amsl.com>; Mon, 7 Jun 2021 21:38:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.198
X-Spam-Level:
X-Spam-Status: No, score=-2.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_SBL=0.5, URIBL_SBL_A=0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=TO1nxvsJ; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=K2qioRPn
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1xsh_dR6U7EW for <httpapi@ietfa.amsl.com>; Mon, 7 Jun 2021 21:38:27 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E453C3A2096 for <httpapi@ietf.org>; Mon, 7 Jun 2021 21:38:26 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id BEEB25C0180; Tue, 8 Jun 2021 00:38:25 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Tue, 08 Jun 2021 00:38:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm2; bh=K WzMZszoKk0wDhrqJbG93vl2XxiXRzf4iZbDWR9mZOc=; b=TO1nxvsJCrQ2DbucE QJs2QSWOyBP9N65CnoxIiyrQYwV2J/8pzYts+e7E6u4G6GDQmtf3vpOwuUszONVe uYZ9FA/RVqo2lhzkCSqHQRg6YZfOUkCFcToPm47veCqSE7IgfPjlfSJnzI/8MCfj z4OCE5SWW8M6NGhOA5wMTFywbL4djlH1GzCBXERGXM7IByEnmgNr/4rp+lbBgtdh 75u8lRLVmiKi18WQGWQK0xs0NAo/qe7k3MAGWfUYq9lg/NRHxYaWN7A2+5OL8HBb NDMFxmB+LYzZT3cpbZLiQmospO9pxq+FFQu649EAD9EhiDofFt73nwcFEZG8YGm5 3NCcQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=KWzMZszoKk0wDhrqJbG93vl2XxiXRzf4iZbDWR9mZ Oc=; b=K2qioRPngTXQutyDbQAkRUVnCm8us/yQ+yYVbe+Uhc9CDmAfIXbrBvdlp yx3/jgLMl5Q4e9z2NajAMGkh1WSrXhzO8SqyTFVB6UfoTQNHAg1013Gu9xUFYYkU DiqKYy18u3TzOWvo2aHBhHetCfxhoCk4wHXMfB/9DYHnXxG6fKrQ020m0/8Uh5ir GtYzznwHz81XBVOl+ZbASztnlptneXzths5iEAR/0evMl/HyULKfP6wOnsiFOBj5 4lg9VBHA6IWYx299Ssjn2F8gdBce7j7EjxHu7sI/ElkZUN53rnG4fWFmdokBj33L YjR8X6cZ5miXqynxsuQMz8jIZNOAA==
X-ME-Sender: <xms:QPS-YNwscbsvF9JieWFQGoUPFZZ7FnL7_EW9RQ1QMbH2-TxWJdNIVQ> <xme:QPS-YNTdQ-iS4TLYwWPRaztGSdxU80yDmtwWnHbvGjIBdc8437ij0uvVzh7jXeDN0 FdMa9LMZNaH7RLkxw>
X-ME-Received: <xmr:QPS-YHVDAi0GpvpoXJ-Z_8IR7XA_LLbW1S1WgBtk5JQpQ-PbIyfESSPN_6cb589duwbEqoWhcngpy8kkcRmmBbbp-WP8SfRcuHIuCdk7XoFQWR4YLvP2jxE3>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrfedtkedgjeejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne goufhushhpvggtthffohhmrghinhculdegledmnecujfgurheptggguffhjgffgffkfhfv ofesthhqmhdthhdtvdenucfhrhhomhepofgrrhhkucfpohhtthhinhhghhgrmhcuoehmnh hothesmhhnohhtrdhnvghtqeenucggtffrrghtthgvrhhnpeekueelleduleeihffftdev vdefffffgfdvveeiueffvdeugedvtefgvddukedtteenucffohhmrghinhephhhtthhpsh drohhrghdpihgvthhfrdhorhhgpdhsthhrihhpvgdrtghomhdprgguhigvnhdrtghomhdp ugifohhllhgrrdgtohhmpdhgihhthhhusgdrtghomhdpfihorhhlughprgihrdgtohhmpd ihrghnuggvgidrtghomhdpphihphhirdhorhhgpdhtfihilhhiohdrtghomhdpphgrhihp rghlrdgtohhmpdhrrgiiohhrphgrhidrtghomhdpghhithhhuhgsrdhiohdpshhquhgrrh gvuhhprdgtohhmpdhgohhoghhlvgdrtghomhdpsggsvhgrohhpvghnphhlrghtfhhorhhm rdgtohhmpdifvggsvghnghgrghgvrdgtohhmpdhmnhhothdrnhgvthenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmnhhothesmhhnohhtrdhn vght
X-ME-Proxy: <xmx:QPS-YPhCUR1zWhLj3QiZpcmI0xZisO6JidrKQfSdQ-UmbOaBhlb8kA> <xmx:QPS-YPAXqIYf1VfM6H4bHTFD4QGZ_NTztsSgXp504fsOd3sv-JOCAA> <xmx:QPS-YIJtOg14F02ozY1tjf55mDtCyXmMH-SIOnIFsbJq6af7pM9u3Q> <xmx:QfS-YK9o2KXagShmDhxKOjGKXR4VbWaP5KARvczaPN4bNryXy6bIAw>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 8 Jun 2021 00:38:20 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAC5fHGN_GbQo9fPm=f82QoqfVv7vtt6DNL0kE2FWXzJ_pFHxrQ@mail.gmail.com>
Date: Tue, 08 Jun 2021 14:38:15 +1000
Cc: httpapi@ietf.org, Jayadeba Jena <jjena@paypal.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <EA4386A5-F4B4-4036-BF32-B148D174D6F2@mnot.net>
References: <CAC5fHGN_GbQo9fPm=f82QoqfVv7vtt6DNL0kE2FWXzJ_pFHxrQ@mail.gmail.com>
To: Sanjay Dalal <sanjay.dalal@cal.berkeley.edu>
X-Mailer: Apple Mail (2.3654.100.0.2.22)
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/-RUf3VQOaIatuE-QujPcmkLrMOs>
Subject: Re: [httpapi] Header for idempotency
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jun 2021 04:38:32 -0000
Hi Sanjay, Sorry for the delay in responding. I think this is interesting work, and based upon the list of folks who are already doing this (as provided below), it seems like a promising area for standardisation. So +1 from me -- it would be good to see a Call for Adoption for this, and even better to see engagement from the folks below (or others!). Cheers, > On 25 May 2021, at 3:11 pm, Sanjay Dalal <sanjay.dalal@cal.berkeley.edu> wrote: > > Hello all, > > Jayadeba and I would like to submit a draft for The Idempotency HTTP Header Field to this working group for further consideration. > > We have listed below some organizations using this header. Many of these were already using the header before we wrote the draft. Many are using the concept in their APIs but differently (listed below as well). Predominantly this header is used by fintech companies and financial orgs but we have found usage elsewhere too including in Django and https.org (HTTP for Scala). > > Let us know how we can proceed. See the abstract and implementation status below. > > thanks, > sanjay > > https://datatracker.ietf.org/doc/html/draft-idempotency-header-01 > > Abstract > > The HTTP Idempotency request header field can be used to carry idempotency key in order to make non-idempotent HTTP methods such as POST or PATCH fault-tolerant. > > > Implementation Status > > Organization: Stripe > > o Description: Stripe uses custom HTTP header named "Idempotency- > Key" > o Reference: https://stripe.com/docs/idempotency > > Organization: Adyen > > o Description: Adyen uses custom HTTP header named "Idempotency-Key" > o Reference: https://docs.adyen.com/development-resources/api- > idempotency/ > > Organization: Dwolla > > o Description: Dwolla uses custom HTTP header named "Idempotency- > Key" > o Reference: https://docs.dwolla.com/ > > Organization: Interledger > > o Description: Interledger uses custom HTTP header named > "Idempotency-Key" > o Reference: https://github.com/interledger/ > > Organization: WorldPay > > o Description: WorldPay uses custom HTTP header named "Idempotency- > Key" > o Reference: https://developer.worldpay.com/docs/wpg/idempotency > > Organization: Yandex > > o Description: Yandex uses custom HTTP header named "Idempotency- > Key" > o Reference: https://cloud.yandex.com/docs/api-design- > guide/concepts/idempotency > > Implementing the Concept > > This is a list of implementations that implement the general concept, > but do so using different mechanisms: > > Organization: Django > > o Description: Django uses custom HTTP header named > "HTTP_IDEMPOTENCY_KEY" > > o Reference: https://pypi.org/project/django-idempotency-key > > Organization: Twilio > > o Description: Twilio uses custom HTTP header named "I-Twilio- > Idempotency-Token" in webhooks > > o Reference: https://www.twilio.com/docs/usage/webhooks/webhooks- > connection-overrides > > Organization: PayPal > > o Description: PayPal uses custom HTTP header named "PayPal-Request- > Id" > > o Reference: https://developer.paypal.com/docs/business/develop/ > idempotency > > Organization: RazorPay > > o Description: RazorPay uses custom HTTP header named "X-Payout- > Idempotency" > > o Reference: https://razorpay.com/docs/razorpayx/api/idempotency/ > > Organization: OpenBanking > > o Description: OpenBanking uses custom HTTP header called "x- > idempotency-key" > > o Reference: https://openbankinguk.github.io/read-write-api- > site3/v3.1.6/profiles/read-write-data-api-profile.html#request- > headers > > Organization: Square > > o Description: To make an idempotent API call, Square recommends > adding a property named "idempotency_key" with a unique value in > the request body. > > o Reference: https://developer.squareup.com/docs/build-basics/using- > rest-api > > Organization: Google Standard Payments > > o Description: Google Standard Payments API uses a property named > "requestId" in request body in order to provider idempotency in > various use cases. > > o Reference: https://developers.google.com/standard-payments/ > payment-processor-service-api/rest/v1/TopLevel/capture > > Organization: BBVA > > o Description: BBVA Open Platform uses custom HTTP header called "X- > Unique-Transaction-ID" > > o Reference: > https://bbvaopenplatform.com/apiReference/APIbasics/content/x- > unique-transaction-id > > Organization: WebEngage > > o Description: WebEngage uses custom HTTP header called "x-request- > id" to identify webhook POST requests uniquely to achieve events > idempotency. > > o Reference: https://docs.webengage.com/docs/webhooks > -- > httpapi mailing list > httpapi@ietf.org > https://www.ietf.org/mailman/listinfo/httpapi -- Mark Nottingham https://www.mnot.net/
- [httpapi] Header for idempotency Sanjay Dalal
- Re: [httpapi] Header for idempotency Martin J. Dürst
- Re: [httpapi] Header for idempotency Sanjay Dalal
- Re: [httpapi] Header for idempotency Mark Nottingham
- Re: [httpapi] Header for idempotency Erik Wilde
- Re: [httpapi] Header for idempotency Darrel Miller