Re: [httpapi] Header for idempotency
Sanjay Dalal <sanjay.dalal@cal.berkeley.edu> Wed, 26 May 2021 13:16 UTC
Return-Path: <sanjay.dalal@gmail.com>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3249C3A2E25 for <httpapi@ietfa.amsl.com>; Wed, 26 May 2021 06:16:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.8
X-Spam-Level:
X-Spam-Status: No, score=-0.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_SBL=0.5, URIBL_SBL_A=0.1] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cal-berkeley-edu.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6uRW4gaAI5lZ for <httpapi@ietfa.amsl.com>; Wed, 26 May 2021 06:16:02 -0700 (PDT)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A87F83A2E28 for <httpapi@ietf.org>; Wed, 26 May 2021 06:16:01 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id s25so1566276ljo.11 for <httpapi@ietf.org>; Wed, 26 May 2021 06:16:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cal-berkeley-edu.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8VrRKqYey6NHS16yfFURwffaxC8dluEeXjmGzAgucJs=; b=VznK/GwN8+nsnI8xmEj839exzHXncopkv939YAKQ4e1lcZCR/5cNtOsuM6En7trEse JPFGKPV+puvqgh1Zhf5gv0v/+hxFsT9IN3EfHw1hDMt/TBF9R2JwUN5AZoHKkcAiywYF 0HMyahPYBkg5iqd6H32GdHgMkjXe8Cb/nXUbYhMaQvfj7PkCCWLAYWvwaEUR8NSrVz2q dghuCClrH9w96DtRPH6iINOgV+qo4B/PkfxAUFvh1JHWHhi3rlPx3rIpSFvfol5nTy3t tAjWwOyRoIlz3UNP6Y8I9qd+eSIjcAM8MW1gcYb4IoFqltJJXd5pkb72luIZ5iUg3Ly3 fvoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8VrRKqYey6NHS16yfFURwffaxC8dluEeXjmGzAgucJs=; b=g2TDp5y5rflE+K9FvHFazJuOlSbgHxlPXwtYeQ64utk1wVZITKpgUI4liLRZVBm8ll XiTnApSO90j3YjgGJpqMlpao9T1/rLbyd+FnmZGkfTCxPTsd274YkhTJcGKuA7rpNG49 TbY01uduiZwSb6HangD4+zn/lLXTP0aPqo1ChvpRDiLwBA1nFIdDQXccYxoewl9STsaa 8AZMWpjQHzACHqZQ3RvxIq0eQl9e6uDhdzcyPKKIVxc9XXAnNH98OxrVseX8ac2TIJMY KBIcihp929lyaDCquzzTyP9dLdUkMdYn89lUKeSqKPeZOum13dCzHNxNKbX8EU8xDKQl kXyA==
X-Gm-Message-State: AOAM531iUCvEtACQ0km+D2fhirZJch56GVxqOnLbz011O2Z+4QCluwdM tKb4WQIZ+4+LFxRwOBuYrgBiBZB9RAEPIUFV3Ag=
X-Google-Smtp-Source: ABdhPJyOqKXl+FXwVcKDWoPtDGW9/f8dJFnqwp4SGN1jU4yOuQRfxTkbXaguIZkrXcLB9vwbxKHG+nTVJtNxqOXbC9c=
X-Received: by 2002:a2e:9d59:: with SMTP id y25mr2166185ljj.399.1622034957873; Wed, 26 May 2021 06:15:57 -0700 (PDT)
MIME-Version: 1.0
References: <CAC5fHGN_GbQo9fPm=f82QoqfVv7vtt6DNL0kE2FWXzJ_pFHxrQ@mail.gmail.com> <664c3366-0960-4869-7728-99dcc3190315@it.aoyama.ac.jp>
In-Reply-To: <664c3366-0960-4869-7728-99dcc3190315@it.aoyama.ac.jp>
From: Sanjay Dalal <sanjay.dalal@cal.berkeley.edu>
Date: Wed, 26 May 2021 06:15:46 -0700
Message-ID: <CAC5fHGNDi8PgmCCZokqsAcGnx_J9_7Hx8O_xfj5ehRqVa-GyhA@mail.gmail.com>
To: "Martin J. Dürst" <duerst@it.aoyama.ac.jp>
Cc: httpapi@ietf.org, Jayadeba Jena <jjena@paypal.com>
Content-Type: multipart/alternative; boundary="0000000000007a361405c33b7191"
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/wceyNML8LLw7l35B0dCl6a9-RFM>
Subject: Re: [httpapi] Header for idempotency
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2021 13:16:07 -0000
Hello Martin, Thank you for your comments. We would incorporate your suggestions. regards, sanjay On Tue, May 25, 2021 at 12:26 AM Martin J. Dürst <duerst@it.aoyama.ac.jp> wrote: > Hello Sanjay, others, > > I had a quick look. I'm not familiar with the details. > > However, I think the title of this draft should not be > "The Idempotency HTTP Header Field", but "The Idempotency-Key HTTP > Header Field". Same for some of the section titles in the draft. > > Also, putting BCP 14 keywords in quotes in the actual text looks really > strange. Maybe the text > > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", > "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and > "OPTIONAL" in this document are to be interpreted as described in BCP > 14 [RFC2119] [RFC8174] when, and only when, they appear in all > capitals, as shown here. > > should be changed to > > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", > "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and > "OPTIONAL" in this document are to be interpreted as described in BCP > 14 [RFC2119] [RFC8174] when, and only when, they appear in all > capitals, as shown here, and without quotes. > > Some text such as > > The idempotency key that is supplied as part of every "POST" request > MUST be unique and "MUST" not be reused with another request with a > different request payload. > > is otherwise difficult to interprete. What's the difference between MUST > and "MUST"? It looks like "MUST" isn't meant seriously. > > Regards, Martin. > > On 2021-05-25 14:11, Sanjay Dalal wrote: > > Hello all, > > > > Jayadeba and I would like to submit a draft for The Idempotency HTTP > Header > > Field <https://datatracker.ietf.org/doc/html/draft-idempotency-header-01 > > > > to this working group for further consideration. > > > > We have listed below some organizations using this header. Many of these > > were already using the header before we wrote the draft. Many are using > the > > concept in their APIs but differently (listed below as well). > Predominantly > > this header is used by fintech companies and financial orgs but we have > > found usage elsewhere too including in Django and https.org (HTTP for > > Scala). > > > > Let us know how we can proceed. See the abstract and implementation > status > > below. > > > > thanks, > > sanjay > > > > https://datatracker.ietf.org/doc/html/draft-idempotency-header-01 > > > > *Abstract* > > > > The HTTP Idempotency request header field can be used to carry > idempotency > > key in order to make non-idempotent HTTP methods such as POST or PATCH > > fault-tolerant. > > > > > > *Implementation Status* > > > > Organization: Stripe > > > > o Description: Stripe uses custom HTTP header named "Idempotency- > > Key" > > o Reference: https://stripe.com/docs/idempotency > > > > Organization: Adyen > > > > o Description: Adyen uses custom HTTP header named "Idempotency-Key" > > o Reference: https://docs.adyen.com/development-resources/api- > > idempotency/ > > > > Organization: Dwolla > > > > o Description: Dwolla uses custom HTTP header named "Idempotency- > > Key" > > o Reference: https://docs.dwolla.com/ > > > > Organization: Interledger > > > > o Description: Interledger uses custom HTTP header named > > "Idempotency-Key" > > o Reference: https://github.com/interledger/ > > > > Organization: WorldPay > > > > o Description: WorldPay uses custom HTTP header named "Idempotency- > > Key" > > o Reference: https://developer.worldpay.com/docs/wpg/idempotency > > > > Organization: Yandex > > > > o Description: Yandex uses custom HTTP header named "Idempotency- > > Key" > > o Reference: https://cloud.yandex.com/docs/api-design- > > guide/concepts/idempotency > > > > *Implementing the Concept* > > > > This is a list of implementations that implement the general concept, > > but do so using different mechanisms: > > > > Organization: Django > > > > o Description: Django uses custom HTTP header named > > "HTTP_IDEMPOTENCY_KEY" > > > > o Reference: https://pypi.org/project/django-idempotency-key > > > > Organization: Twilio > > > > o Description: Twilio uses custom HTTP header named "I-Twilio- > > Idempotency-Token" in webhooks > > > > o Reference: https://www.twilio.com/docs/usage/webhooks/webhooks- > > connection-overrides > > > > Organization: PayPal > > > > o Description: PayPal uses custom HTTP header named "PayPal-Request- > > Id" > > > > o Reference: https://developer.paypal.com/docs/business/develop/ > > idempotency > > > > Organization: RazorPay > > > > o Description: RazorPay uses custom HTTP header named "X-Payout- > > Idempotency" > > > > o Reference: https://razorpay.com/docs/razorpayx/api/idempotency/ > > > > Organization: OpenBanking > > > > o Description: OpenBanking uses custom HTTP header called "x- > > idempotency-key" > > > > o Reference: https://openbankinguk.github.io/read-write-api- > > site3/v3.1.6/profiles/read-write-data-api-profile.html#request- > > headers > > > > Organization: Square > > > > o Description: To make an idempotent API call, Square recommends > > adding a property named "idempotency_key" with a unique value in > > the request body. > > > > o Reference: > https://developer.squareup.com/docs/build-basics/using- > > rest-api > > > > Organization: Google Standard Payments > > > > o Description: Google Standard Payments API uses a property named > > "requestId" in request body in order to provider idempotency in > > various use cases. > > > > o Reference: https://developers.google.com/standard-payments/ > > payment-processor-service-api/rest/v1/TopLevel/capture > > > > Organization: BBVA > > > > o Description: BBVA Open Platform uses custom HTTP header called "X- > > Unique-Transaction-ID" > > > > o Reference: > > https://bbvaopenplatform.com/apiReference/APIbasics/content/x- > > unique-transaction-id > > > > Organization: WebEngage > > > > o Description: WebEngage uses custom HTTP header called "x-request- > > id" to identify webhook POST requests uniquely to achieve events > > idempotency. > > > > o Reference: https://docs.webengage.com/docs/webhooks > > > > > > -- > Prof. Dr.sc. Martin J. Dürst > Department of Intelligent Information Technology > College of Science and Engineering > Aoyama Gakuin University > Fuchinobe 5-1-10, Chuo-ku, Sagamihara > 252-5258 Japan >
- [httpapi] Header for idempotency Sanjay Dalal
- Re: [httpapi] Header for idempotency Martin J. Dürst
- Re: [httpapi] Header for idempotency Sanjay Dalal
- Re: [httpapi] Header for idempotency Mark Nottingham
- Re: [httpapi] Header for idempotency Erik Wilde
- Re: [httpapi] Header for idempotency Darrel Miller