A middleware for making endpoints idempotent.
The purpose of the middleware is to guarantee that execution of mutating endpoints happens exactly once,
regardless of the number of requests.
We achieve this by caching responses, and returning already-saved responses to the user on repeated requests.
Responses are only cached when an idempotency-key HTTP header is present, so clients must opt-into this behaviour.
Additionally, only configured HTTP methods (by default, POST
and PATCH
) that return JSON payloads are cached and replayed.
This is largely modelled after stripe' implementation.
The middleware is compatible with both Starlette
and FastAPI apps.
Installation
pip install asgi-idempotency-header
Setup
Add the middleware to your app like this:
from fastapi import FastAPI
from idempotency_header_middleware import IdempotencyHeaderMiddleware
from idempotency_header_middleware.backends import RedisBackend
backend = RedisBackend(redis=redis)
app = FastAPI()
app.add_middleware(IdempotencyHeaderMiddleware(backend=backend))
or like this:
from fastapi import FastAPI
from fastapi.middleware import Middleware
from idempotency_header_middleware import IdempotencyHeaderMiddleware
from idempotency_header_middleware.backends import RedisBackend
backend = RedisBackend(redis=redis)
app = FastAPI(
middleware=[
Middleware(
IdempotencyHeaderMiddleware,
backend=backend,
)
]
)
If you're using Starlette
, just substitute FastAPI
for Starlette
and it should work the same.
Configuration
The middleware takes a few arguments. A full example looks like this:
from aioredis import from_url
from idempotency_header_middleware import IdempotencyHeaderMiddleware
from idempotency_header_middleware.backends import RedisBackend
redis = from_url(redis_url)
backend = RedisBackend(redis=redis)
IdempotencyHeaderMiddleware(
backend,
idempotency_header_key='Idempotency-Key',
replay_header_key='Idempotent-Replayed',
enforce_uuid4_formatting=False,
expiry=60 * 60 * 24,
applicable_methods=['POST', 'PATCH']
)
The following section describes each argument:
Backend
from idempotency_header_middleware.backends import RedisBackend, MemoryBackend
backend: Union[RedisBackend, MemoryBackend]
The backend is the only required argument, as it defines how and where to store a response.
The package comes with an aioredis backend implementation, and a
memory-backend for testing.
Contributions for more backends are welcomed, and configuring a custom backend is pretty simple - just take a look at
the existing ones.
idempotency_header_key: str = 'Idempotency-Key'
The idempotency header key is the header value to check for. When present, the middleware will be used if the HTTP
method is in the applicable methods.
The default value is "Idempotency-Key"
, but it can be defined as any string.
replay_header_key: str = 'Idempotent-Replayed'
The replay header is added to replayed responses. It provides a way for the client to tell whether the action was
performed for the first time or not.
Enforce UUID formatting
enforce_uuid4_formatting: bool = False
Convenience option for stricter header value validation.
Clients can technically set any value they want in their header,
but the shorter the key value is, the higher the risk of value-collisions is from other users.
If two users accidentally send in the same header value for what's meant to be two separate requests,
the middleware will interpret them as the same.
By enabling this option, you can force users to use UUIDs as header values, and pretty much eliminate this risk.
When validation fails, a 422 response is returned from the middleware, informing the user that the header value is malformed.
Expiry
expiry: int = 60 * 60 * 24
How long to cache responses for, measured in seconds. Set to 24 hours by default.
Applicable Methods
applicable_methods=['POST', 'PATCH']
What HTTP methods to consider for idempotency. If the request method is one of the methods in this list, and the
idempotency header is sent, the middleware will be used. By default, only POST
and PATCH
methods are cached and replayed.
Quick summary of behaviours
Briefly summarized, this is how the middleware functions:
- The first request is processed, and consequent requests are replayed, until the response expires.
expiry
can be set to None
to skip expiry, but most likely you will want to expire responses
after a while. - If two requests comes in at the same time - i.e., if a second request hits the middlware before
the first request has finished, the middleware will return a 409, informing the user that a request
is being processed, and that we cannot handle the second request.
- The middleware only handles HTTP requests.
- By default, the middleware only handles requests with
POST
and PATCH
methods. Other HTTP methods skip this middleware. - Only valid JSON responses with
content-type
== application/json
are cached.