Request Tokens (Request Idempotency)
When a user sends a request to CREATE or UPDATE a resource, a REQUEST-TOKEN header can be sent to identify the request as unique. A record in the RequestTokens table will be created containing the id
of the logged in user, the given token, the primary resource category number and the id of the created/updated resource. Whenever we detect that a request is duplicate (by checking the login/REQUEST-TOKEN sent) we simply return the results of the original request and an indicator (duplicateRequest) set to true in the details part of the response.
All request tokens expire after 48 hours so a unique request token can be used again.
Request tokens are shared between all requests, so after a request token is sent the first time it will block all subsequent requests (either create or update), even if the resource and body of the request are
different from the original request.
The RequestTokens table is not available to all users (only ADMINs have access to the table) and records can be created, queried or deleted.
Example:
First request to create a new transaction will be processed:
POST: /txns
HEADERS:
REQUEST-TOKEN: abcdef123456
BODY:
{
"type":"1",
"merchant":"000000000000007",
"mid":"01242567",
"origin":"2",
"total":"4500",
"terminal":"123654789",
"payment":{
"number":"4111111111111111",
"expiration":"0818",
"cvv":"123"
},
"zip":"99999"
}
2. Second request to create a new transaction will be blocked (note it’s using the same request token):
POST: /txns
HEADERS:
REQUEST-TOKEN: abcdef123456
BODY:
{
"type":"1",
"merchant":"000000000000007",
"mid":"01242567",
"origin":"2",
"total":"4500",
"terminal":"123654789",
"payment":{
"number":"4111111111111111",
"expiration":"0818",
"cvv":"123"
},
"zip":"99999"
}
RESPONSE:
"details": {
"duplicateRequest": true
}
3. Request to update the transaction will be blocked (note it’s still using the same request token):
PUT: /txns/00000000000000001
HEADERS:
REQUEST-TOKEN: abcdef123456
BODY:
{
"batch":null
}
RESPONSE:
"details": {
"duplicateRequest": true
}
4. Request to update the transaction will be processed (note the new request token):
PUT: /txns/00000000000000001
HEADERS:
REQUEST-TOKEN: 123456abcdef
BODY:
{
"batch":null
}
5. Request to create a new transaction will be processed even though the transaction seems duplicate (note the new request token):
POST: /txns
HEADERS:
REQUEST-TOKEN: 654321fedcba
BODY:
{
"type":"1",
"merchant":"000000000000007",
"mid":"01242567",
"origin":"2",
"total":"4500",
"terminal":"123654789",
"payment":{
"number":"4111111111111111",
"expiration":"0818",
"cvv":"123"
},
"zip":"99999"
}