Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

tjsherrill's avatar

Should I store Idempotency keys?

First off, I am new to idempotency. Okay, I have a three-step process a user takes to onboard themselves into my app.

Each step starts with a view, then the user fills in some information and submits it. The post requests from these steps should be idempotent. So, when I load the views I could create and pass idempotency v4 uuid's. This is simple. My question is, do I have any reason to store these keys? Creating them and passing them to the view is not hard. I can then pass them into the post request just fine. But when I create them, should I store them? And if I should then how would I go back and get it later?

thanks in advance.

0 likes
5 replies
LaryAI's avatar
LaryAI
AI
2 years ago
Level 58

Yes, it is recommended to store the idempotency keys for future reference. Storing the keys allows you to track and identify the requests made by the user, which can be useful for debugging, auditing, or handling any issues that may arise.

To store the idempotency keys, you can use a database or any other persistent storage mechanism. Here's an example of how you can store and retrieve the idempotency keys using a database:

// Assuming you have a database connection established

// Generate a new idempotency key
$idempotencyKey = uuidv4();

// Store the idempotency key in the database
DB::table('idempotency_keys')->insert([
    'key' => $idempotencyKey,
    'user_id' => $userId, // Assuming you have a user ID
]);

// Later, when you need to retrieve the idempotency key
$idempotencyKey = DB::table('idempotency_keys')
    ->where('user_id', $userId)
    ->value('key');

// Use the retrieved idempotency key in your post request

In this example, we assume you have a table named idempotency_keys with columns key and user_id to store the idempotency keys and associate them with the user. You can modify the table structure according to your needs.

Remember to adjust the code to fit your specific application and database setup.

tjsherrill's avatar

So I would then use the same idempotency key for other requests too. As the client, it sounds like its ok to use the idempotency key on different requests since each request just needs a key. Is this right?

I was reading and this article seems in-depth: https://www.lpalmieri.com/posts/idempotency/#4-1-idempotency-in-action-payments

Seems like maybe I should store an idempotency key for each request and maybe store: key, user_id and request_url so that I could look it up later? And then I should delete them daily, since the Server in this case expires idempotency keys after 24 hours?

martinbean's avatar

@tjsherrill Do you not need to store the idempotency key so you know whether to process the incoming request or not?

If the user sends a request with a key, how do you know whether or not to process the request if you’re not storing keys to check if that request has already been processed or not?

ahmedshamim's avatar

@tjsherrill Yes, you need to store the idempotency key to check whether the request is a duplicate or not. If the idempotency key is already seen, that means it's a duplicate request and you should not process it. It'd be better to store the key in cache instead of DB so that you can define a 'ttl' like 24 hours and it'd expire automatically after that time. it's better not to reuse the idempotency key in other requests and store them on the client side. It's up to you how you'll store it on the server side though. There are different kinds of implementations and you ca choose what works for you the best. For example, Stripe stores the idempotency key along with the request body: https://stripe.com/docs/api/idempotent_requests

Please or to participate in this conversation.