Idempotency
How to safely retry failed requests without creating duplicate charges.
Idempotency lets you retry a failed API request with confidence that Cresora will not create a duplicate charge.
How it works
Include an Idempotency-Key header with a client-generated UUID on every state-mutating request:
-H "Idempotency-Key: idem_550e8400-e29b-41d4-a716-446655440000"Cresora stores the key and the result for 24 hours. If you retry with the same key:
- The original result is returned immediately — no second transaction is created
- The HTTP status code is the same as the original response
- A
Replay-Idempotencyresponse header indicates the cached result was returned
Key format
Use any unique string up to 255 characters. We recommend idem_ prefix + UUID v4:
"Idempotency-Key": "idem_" + crypto.randomUUID()Conflict detection
If you use the same key with different request parameters, Cresora returns 409 idempotency_key_conflict:
{ "code": "idempotency_key_conflict", "message": "Idempotency key already used with different parameters." }This is intentional — it prevents accidentally reusing a key that was already tied to a different payment.
Idempotency-Key is required for all POST /v1/payments calls in production. The sandbox accepts requests without it, but production will return 400 validation_error if the header is missing.
Which endpoints are idempotent?
| Endpoint | Idempotency-Key required |
|---|---|
POST /v1/payments | Required (production) |
POST /v1/refunds | Required (production) |
GET requests | Not applicable |
DELETE requests | Optional |