Why an idempotency key failed to prevent a double charge

An charged the same customer twice in a live system. The first payment succeeded, but the stopped about one second later, before the database recorded that .

After restarting, the agent found no finished record, assumed the payment was still pending, and tried again. The offered no protection because it was created and stored in the same local record that had not been saved, so the restarted process did not reuse it.

A stable key calculated from fixed details of the payment would remain the same after a restart, allowing the payment service to recognize the second request as a duplicate. The safer order is to save the intended payment and its stable key first, then make the charge and reuse that key for every retry.

Key points

  • The first payment succeeded, but the process stopped about one second before was recorded.
  • After restarting, the agent saw no record and charged the customer again.
  • The saved record was missing, so the retry did not reuse the original .
  • A key based on fixed payment details can stay identical across restarts.
  • Save the and key before charging, then reuse that key for every retry.
Read original