Idempotency: the simplest way to prevent money bugs
Retries are normal on the internet. If retries can duplicate money changes, you will eventually hit a real incident.
The problem
- User double-clicks “Withdraw” or network retries the request.
- Gateway/webhook may send duplicate events.
- A worker may reprocess after a crash.
Idempotency in one line
“Same request should have the same effect exactly once.”
- Client sends an idempotency key for money-changing actions.
- Server stores result for that key.
- Any retry returns the same result, without re-applying changes.
PM checklist
- Every deposit/withdraw/order/adjustment must accept an idempotency key.
- Backoffice actions must also be idempotent.
- UI should display “processing” to reduce repeated clicks.
- Audit logs should link actions to idempotency keys.