Idempotency

Safe retries, every time. Replaying the same Idempotency-Key with the same body within 24 h returns the original response byte-for-byte; mismatched bodies are blocked with a conflict.

Every write endpoint accepts an Idempotency-Key header — that's POST /create-submission, POST /process-transaction, and the bind step on each quote-then-bind resource (POST /endorsements/{id}/bind, /cancellations/{id}/bind, /extensions/{id}/bind, /renewals/{id}/bind, /rewrites/{id}/bind, /audits/{id}/bind, /oos-rebases/{id}/bind). When present, the server guarantees that replaying the same key with the same body within a 24 h window returns the original response byte-for-byte, and blocks mismatched bodies with a conflict.

Outcomes

Idempotent submission

cURL

IDEMP=$(uuidgen)
curl -X POST https://zsznsjvcluslttkxjhng.supabase.co/functions/v1/create-submission \
  -H "X-API-Key: $SKADI_API_KEY" \
  -H "X-Timestamp: $TS" -H "X-Signature: sha256=$SIG" \
  -H "Idempotency-Key: $IDEMP" \
  -H "Content-Type: application/json" \
  -d @submission.json

Node

import { randomUUID } from "node:crypto";

await fetch(url, {
  method: "POST",
  headers: {
    "X-API-Key":       process.env.SKADI_API_KEY,
    "X-Timestamp":     ts,
    "X-Signature":     `sha256=${sig}`,
    "Idempotency-Key": randomUUID(),       // ← one per logical submission
    "Content-Type":    "application/json",
  },
  body: raw,
});

Python

import uuid

headers["Idempotency-Key"] = str(uuid.uuid4())   # one per logical submission
requests.post(url, data=raw, headers=headers)

Best practices

• Generate the key from a business identifier (submission draft id) so retries across process restarts collapse correctly.
• Keep it <=255 characters. UUIDv4 is the safe default.
• Do not reuse the same key for a genuinely different request — you'll get a 409 and waste a round-trip.
• Idempotency replays count as 0 against your rate limit budget, but the original call does count.

When to retry