POST times out, you can’t tell whether the
resource was created or not — retrying blindly risks creating a duplicate.
Idempotency keys solve this. By attaching a unique key to a creating POST,
you can safely retry the same request as many times as you need: the Chataigne API
performs the operation exactly once and returns the original response on every replay.
An idempotency key is required on every resource-creating
POST (for example,
creating a location or a special closing). It is ignored on GET, PATCH, PUT,
and DELETE, which are already naturally idempotent.How it works
Send a unique value in theIdempotency-Key header. The API stores the first
response associated with that key and replays it for any subsequent request that
arrives with the same key.
A unique value you generate per logical operation. Use a UUID (v4) or any other
high-entropy, collision-resistant string. Keys are scoped per API key and retained
for 24 hours, after which they are discarded and a request with the same key is
treated as new.
| Scenario | Behavior |
|---|---|
| First request | The operation runs and the response is stored against the key. |
| Replay — same key, same body | The original response is returned with Idempotent-Replayed: true. The operation does not run again. |
| Mismatch — same key, different body | 409 with error type idempotency_error. |
| In-flight — same key, original still processing | 409 with error type conflict_error. |
| Expired — same key, more than 24h later | Treated as a brand-new request. |
Present and set to
true only on replayed responses. Its absence means the request
was processed for the first time. Use it to detect retries in logs and metrics.Creating the same location twice
The example below creates a location under an organization, then issues the exact same request a second time. The second call returns the sameloc_… resource —
no duplicate is created.
First response — 201 Created
Replayed response — 201 Created
X-Request-Id differs between the original and the replay — each HTTP exchange gets
its own request ID — but the response body is byte-for-byte the original.Error cases
Mismatched body — idempotency_error
Reusing a key with a different request body is almost always a bug (the most
common cause is regenerating data on retry instead of reusing the original payload).
The API rejects it rather than silently returning a stale result.
409 Conflict
Concurrent duplicate — conflict_error
If a second request arrives with the same key while the first is still being
processed, the duplicate is rejected with conflict_error. This protects you from
double-submits caused by impatient retries or parallel workers.
409 Conflict
conflict_error, wait briefly and retry with the same key — once
the original request completes, the retry will replay its stored response.
Best practices
One key per operation
Generate a fresh key for each distinct create. Reuse it only when retrying that
same operation.
Use a UUID
A v4 UUID gives you collision-free keys without coordination across processes.
Retry within 24h
Keys are retained for 24 hours. Retry inside that window to guarantee a replay
rather than a new resource.
Check the replay header
Inspect
Idempotent-Replayed to tell first-time creates from retries in your
logs and dashboards.Idempotency keys behave identically on the Admin API (
/admin/v1). The same rules,
headers, and 24-hour retention apply.