2.3 Idempotency Flashcards

1
Q

What is idempotency?

A

Idempotency essentially means that the effect of a successfully performed request on a server resource is independent of the number of times it is executed.

The property of an operation that ensures performing the same action multiple times produces the same outcome as doing it once.

Idempotent HTTP methods include GET, PUT, DELETE, HEAD, OPTIONS and TRACE and by utilizing them, developers are able to take care of retries and errors to ensure that the APIs being created do not fluctuate in performance and are consistent to use at any one time.

Regardless of whether you want to provide users with the possibility of changing their profiles, cancel orders, or delete records, you can use idempotent APIs to guarantee the success and consistency of your actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does idempotency apply to APIs?

A

A client can send the same request multiple times without causing unintended consequences, such as duplicate entries or repeated side effects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What happens if a user experiences a timeout during an online payment API call?

A

The payment API is called again as part of the retry mechanism, potentially leading to multiple charges without idempotency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the impact of idempotency on user account registrations?

A

Without idempotency, duplicate user accounts might be created if the registration form is submitted multiple times.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Why is idempotency critical for reliability and consistency?

A

It prevents undesired duplication or data corruption when clients retry requests due to network issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an Idempotent REST API?

A

An API that ensures the same request made multiple times has the same impact as making it just once.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are safe methods in REST APIs?

A

Methods that do not change server state and are non-intrusive, primarily used for retrieving information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

List examples of safe methods.

A

If we follow the REST principles in designing our APIs, we will have automatically idempotent REST APIs for GET, PUT, DELETE, HEAD, OPTIONS, and TRACE methods. Only POST and PATCH APIs will not be idempotent.

POST and PATCH are NOT idempotent.
GET, PUT, DELETE, HEAD, OPTIONS and TRACE are idempotent.

  • GET
  • HEAD
  • OPTIONS
  • TRACE
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does the GET method do?

A

Retrieves data from the resource without making any changes to its contents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the purpose of the HEAD method?

A

Returns only the headers of a resource, used to query metadata without downloading content.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does the OPTIONS method do?

A

Gets the supported HTTP verbs for a given URL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the DELETE method used for?

A

Cancels the resource at the specified URL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are idempotent methods?

A

Methods where performing the same action consecutively produces the same result as only one action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does the PUT method do?

A

Inserts the contents of the request payload into the field of the target URL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How do idempotency keys work?

A

They allow non-idempotent methods, like POST, to behave idempotently by identifying and discarding duplicate requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the function of the POST method?

A

Used to create resources or perform operations that cannot be considered idempotent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is application-level idempotency?

A

Creating localized code logic within the application to maintain idempotent qualities across different HTTP methods.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Why are idempotent APIs important?

A

They ensure reliability, consistency, predictability, robustness, simplified client logic, and improved user experience.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What reliability do idempotent APIs provide?

A

Repeated requests do not cause different responses, aiding stability in distributed systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How do idempotent APIs ensure consistency?

A

They do not alter the state of the server, avoiding undesired impacts on data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What advantage do idempotent APIs offer developers?

A

They simplify error correction and minimize bugs in client applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the benefit of idempotent APIs for user experience?

A

They guarantee operations complete regardless of network conditions or retries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are some idempotent HTTP methods?

A

2.2. HTTP GET, HEAD, OPTIONS and TRACE
GET, HEAD, OPTIONS and TRACE methods NEVER change the resource state on the server. They are purely for retrieving the resource representation or metadata at that point in time.

So invoking multiple requests will not have any write operation on the server, so GET, HEAD, OPTIONS, and TRACE are idempotent.

2.3. HTTP PUT
Generally – not necessarily – PUT APIs are used to update the resource state. If you execute a PUT API N times, the very first request will update the resource; the other N-1 requests will just overwrite the same resource state again and again – effectively not changing anything.

Hence, PUT is idempotent.

2.4 HTTP DELETE
2.4.1. Delete with the resource identifier
When you execute N similar DELETE requests, the first request will delete the resource and the response will be 200 (OK) or 204 (No Content).

Other N-1 requests will return 404 (Not Found).

Clearly, the response is different from the first request, but there is no change of state for any resource on the server-side because the original resource is already deleted.

So, DELETE is idempotent.

  • GET
  • PUT
  • DELETE
  • HEAD
  • OPTIONS
  • TRACE
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is a consequence of non-idempotent methods?

A

They can lead to redundancy and negative outcomes if retried without proper handling.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Q: What is the definition of idempotency in API requests?

A

Generally – not necessarily – POST APIs are used to create a new resource on the server. So when we execute the same POST request N times, we will have N new resources on the server. So, POST is not idempotent.

POST requests can trigger various side effects beyond just resource creation. These side effects may include sending notifications, making changes to the server’s state, or performing actions that are not idempotent.

HTTP PATCH is used for making partial updates to an existing resource without replacing the entire resource. The result of a PATCH request depends on the initial state of the resource and the specific changes provided in the request. Repeating the same PATCH request may lead to different resource states if the resource has been modified in the meantime.

26
Q

A: A request method is considered idempotent if the intended effect on the server of multiple identical requests with that method is the same as the effect for a single such request.

27
Q

Q: Why is idempotency important for APIs?

A

In the realm of RESTful web services, idempotency relates to the concept that making the same API request multiple times should yield the same result as making it just once. This means that regardless of how many times you repeat an idempotent request, the outcome remains consistent.

28
Q

A: Idempotency prevents duplicate operations when users or clients retry requests due to network failures

29
Q

Q: Which common HTTP methods are idempotent by default?

30
Q

A: GET

31
Q

Q: Which common HTTP methods are NOT idempotent by default?

32
Q

A: POST is not idempotent by default. PATCH depends on implementation.

33
Q

HTTP Methods and Idempotency

34
Q

Q: Why is GET considered idempotent?

35
Q

A: GET is read-only and doesn’t affect the server state

A

so multiple identical requests have the same effect as a single request.

36
Q

Q: Why is PUT considered idempotent?

37
Q

A: No matter how many times we call PUT with the same data

A

we should always get the same response and the resource will be updated to the same state.

38
Q

Q: Why is POST typically not idempotent?

A

Generally – not necessarily – POST APIs are used to create a new resource on the server. So when we execute the same POST request N times, we will have N new resources on the server. So, POST is not idempotent.

POST requests can trigger various side effects beyond just resource creation. These side effects may include sending notifications, making changes to the server’s state, or performing actions that are not idempotent.

HTTP PATCH is used for making partial updates to an existing resource without replacing the entire resource. The result of a PATCH request depends on the initial state of the resource and the specific changes provided in the request. Repeating the same PATCH request may lead to different resource states if the resource has been modified in the meantime.

39
Q

A: POST typically creates resources

A

so multiple identical requests would create multiple copies of the same resource or potentially fail after the first succeeds.

40
Q

Q: When might a DELETE request return different status codes but still be considered idempotent?

41
Q

A: The first DELETE might return success

A

while subsequent DELETEs might return errors (resource not found)

42
Q

Making Non-Idempotent Methods Idempotent

43
Q

Q: How can you make a POST request idempotent?

44
Q

A: Add a unique idempotency key in the request header that identifies the specific operation

A

allowing the server to recognize and handle duplicate requests.

45
Q

Q: What should an idempotency key be combined with to ensure global uniqueness?

46
Q

A: The user’s idempotency key should be combined with the user ID and the API path to ensure global uniqueness across users and endpoints.

47
Q

Q: What is a risk of using just the request body hash as an idempotency key?

48
Q

A: If the user legitimately wants to make identical requests (like ordering the same product twice)

A

using just the body hash would prevent the second valid request from being processed.

49
Q

Implementation Details

50
Q

Q: Where should idempotency keys be stored?

51
Q

A: In a distributed key-value storage system like Redis or DynamoDB

A

not in memory

52
Q

Q: What is the typical workflow when implementing idempotency?

53
Q

A: 1) Check if the idempotency key exists in storage; 2) If it exists

A

return the stored response; 3) If not

54
Q

Q: How long should idempotency keys typically be stored?

55
Q

A: Typically between 24 and 48 hours

A

depending on application needs

56
Q

Q: What is idempotency validation and when would you use it?

57
Q

A: Idempotency validation checks if the request body matches the stored hash for a given idempotency key

A

used to protect against accidental reuse of idempotency keys with different request data.

58
Q

Implementation in .NET

59
Q

Q: What libraries can help implement idempotency in .NET Core?

60
Q

A: The distributed caching library for storing keys in Redis

A

and the “idempotent-api” NuGet package that handles most of the implementation details.

61
Q

Q: How can idempotency be applied to specific endpoints in .NET Core?

62
Q

A: By creating a filter that can be added to the endpoints where idempotency is required.