I've read HTTP documentation, but I can't understand what is idempotency. Can someone help?
Asked
Active
Viewed 1.2e+01k times
113
-
1Are you asking what "idempotent" means, or are you asking why the "idempotent" verbs are are useful? – Phrogz Jul 10 '17 at 21:27
-
3See ***[The Two Generals' Problem](https://www.youtube.com/watch?v=IP-rGJKSZ3s&t=415s)*** for an excellent video explanation for why *idempotency* is useful. – Lord Elrond Jul 22 '20 at 18:09
-
1Nice link reference, but it drops you right in the middle the sponsored advert. Coincidence? :) – houcros Jul 13 '21 at 13:59
5 Answers
184
What is idempotency in HTTP methods?
Idempotency is a property of HTTP methods.
A request method is considered idempotent if the intended effect on the server of multiple identical requests with that method is the same as the effect for a single such request. And it's worthwhile to mention that idempotency is about the effect produced on the state of the resource on the server and not about the response status code received by the client.
To illustrate this, consider the DELETE method, which is defined as idempotent. Now consider a client performs a DELETE request to delete a resource from the server. The server processes the request, the resource gets deleted and the server returns 204. Then the client repeats the same DELETE request and, as the resource has already been deleted, the server returns 404.
Despite the different status code received by the client, the effect produced by a single DELETE request is the same effect of multiple DELETE requests to the same URI.
Finally, requests with idempotent methods can be repeated automatically if a communication failure occurs before the client is able to read the server's response. The client knows that repeating the request will have the same intended effect, even if the original request succeeded, though the response might be different.
RFC 7231
Let's have a look at the RFC 7231, the document defines the semantics and the content of the HTTP/1.1 protocol. See the quotes below (highlights are mine).
HTTP methods can be safe:
Request methods are considered "safe" if their defined semantics are essentially read-only; i.e., the client does not request, and does not expect, any state change on the origin server as a result of applying a safe method to a target resource. [...]
This definition of safe methods does not prevent an implementation from including behavior that is potentially harmful, that is not entirely read-only, or that causes side effects while invoking a safe method. What is important, however, is that the client did not request that additional behavior and cannot be held accountable for it. [...]
Of the request methods defined by this specification, the
GET,HEAD,OPTIONS, andTRACEmethods are defined to be safe. [...]
And/or idempotent:
A request method is considered "idempotent" if the intended effect on the server of multiple identical requests with that method is the same as the effect for a single such request. Of the request methods defined by this specification,
PUT,DELETE, and safe request methods are idempotent. [...]Like the definition of safe, the idempotent property only applies to what has been requested by the user; a server is free to log each request separately, retain a revision control history, or implement other non-idempotent side effects for each idempotent request. [...]
Summarizing, the HTTP methods are classified as following:
+---------+------+------------+
| Method | Safe | Idempotent |
+---------+------+------------+
| CONNECT | no | no |
| DELETE | no | yes |
| GET | yes | yes |
| HEAD | yes | yes |
| OPTIONS | yes | yes |
| POST | no | no |
| PUT | no | yes |
| TRACE | yes | yes |
+---------+------+------------+
RFC 5789
The RFC 5789 defines the PATCH method, which is neither safe nor idempotent. However, to prevent collisions, PATCH requests can be issued such a way as to be idempotent, as quoted below:
A
PATCHrequest can be issued in such a way as to be idempotent, which also helps prevent bad outcomes from collisions between twoPATCHrequests on the same resource in a similar time frame. Collisions from multiplePATCHrequests may be more dangerous thanPUTcollisions because some patch formats need to operate from a known base-point or else they will corrupt the resource. Clients using this kind of patch application SHOULD use a conditional request such that the request will fail if the resource has been updated since the client last accessed the resource. For example, the client can use a strongETagin anIf-Matchheader on thePATCHrequest.
Community
- 1
- 1
cassiomolin
- 124,154
- 35
- 280
- 359
-
1How is `DELETE` an idempotent method? Which if successful would normally return a `200 (OK)` or `204 (No Content)`. – Nisarg Patil Oct 22 '18 at 07:04
-
5@NisargPatil Please refer to [this question](https://stackoverflow.com/q/4088350/1426227). – cassiomolin Oct 22 '18 at 07:13
-
1
-
-
REST tutorials state that the resource should be updated using `PUT` instead of `POST` because `PUT` is idempotent. "if the `PUT` request fails, we may simply resend it until we get a successful response from the server". What prevents me from re-sending a failed `POST` request (with the update) ? Something wrong will happen ? – mangusta Feb 15 '20 at 15:43
-
@mangusta I treat POSTs as idempotent following that same mindset you mentioned (as does Square, Stripe and others). I'd argue it falls in the definition, trying to change nothing to the same something through multiple same requests (due to failed comms or whatever) to achieve the same affect (add that 1 thing). Using the idempotency_key feels more effective than dupe request checking or handling the fallout from batches of "failed" POSTs. – C.J. Mar 06 '20 at 22:54
-
1@C.J. I see. I thought there might be some functionality-related reason (built into the HTTP itself) of why PUT can be resent without worries while POST cannot. Now it appears that we are simply required to conform to the HTTP standards and the behaviour is totally based on how the server is implemented – mangusta Mar 07 '20 at 07:44
-
8
In my understanding, idempotency has nothing to do with the result (=Server Response), but with the server-state after one or multiple calls.
Let's say you want to delete a resource on the server by calling
DELETE /resource/123
The call may return with a HTTP-Response 200 OK and the deleted resource as payload in the first place. In a second call, the Response will be 204 NO_CONTENT as the resource has already been deleted by the first call.
After each request the server-state is the same, therefore idempotency is fulfilled. The HTTP/1.1 says nothing about the response
A request method is considered "idempotent" if the intended effect on the server of multiple identical requests with that method is the same as the effect for a single such request
Peter Anderle
- 81
- 1
- 2
-
3Nit: 204 No Content is not really a good response code to indicate that a resource has been deleted. – Evert Sep 22 '18 at 15:58
-
-
2@MasterJoe I'm taking this back a little. I think now a recommendation is that it's OK for multiple idempotent requests to return the same status, even if only the first one actually deleted the resource. `204` is sometimes confused to mean: 'This resource is deleted', which is probably why I mentioned this ... but my comment was wrong. – Evert Sep 10 '20 at 18:09
0
TLDR
Idempotenc : GET, PUT : WHY ?
GET If fired recursively exact
/resource/123it will give same resultPUT If fired recursively exact
/user/123it will give same result
NON Idempotence :DELETE ,POST : WHY ?
DELETE If fired recursively exact
/user/123it will give different result second time(404 or NOT_FOUND)POST If fired recursively exact
/user/(id is assigned by server)it will give different result every-time
Conclusion : DELETE is Idempotenc by http docs , but its behaviour is Non-idempotence
if request gives same result
for exact same url fired recursly
vijay
- 10,276
- 11
- 64
- 79
-
12
-
@JulianReschke "DELETE is defined to be idempotent. ? YES" but its behaviour is NON IDEMPOTENT – vijay Sep 22 '18 at 15:55
-
13Yes, it is idempotent. "A request method is considered "idempotent" if the intended effect on the server of multiple identical requests with that method is the same as the effect for a single such request." That is the case for DELETE. Status codes are irrelevant, the state of the resource is. – Julian Reschke Sep 22 '18 at 16:31
-
@JulianReschke In DELETE rest api `/user/123`, 1st Time it returns(200 OR success) BUT during second time it SHOULD return (404 OR NOT_FOUND).From api point of view its Emitting Different OUTPUT(1st 202 && 2nd 404) .Though on server its not updating anything but its emitting different Result for same http request,What About That ? – vijay Sep 22 '18 at 16:40
-
5That's fine. What's relevant is that after the request, the resource is gone. – Julian Reschke Sep 23 '18 at 06:23
-
6@vijay I don't think being Idempotent is about "what result is given". Instead it is about the state or origin/server. – Anil Bhaskar Jan 18 '19 at 05:55
-
@vijay have you edited the answer ( few updates given by Julian ) because not sure whether your answer modified or not . – SakthiSureshAnand Aug 12 '20 at 17:23
-
-
@vijay thanks, could not notified the history sorry . thanks for your time :) happy coding – SakthiSureshAnand Aug 13 '20 at 07:10
-
-
@JulianReschke - So I think that the answer is incorrect now. Should we return 204 every time or return 200 1st time & 204 after that ? By your given definition of idempotence, 200 + 404 or 200 + 204 should be considered as having same effect on a server, even though the response of the server is different. I have typically seen returning only 204. Do a get to see if you have 404. 200 + 404 seems like deviant design to me. – MasterJoe Sep 10 '20 at 17:43
-
In the context of idempotency, the status code doesn't matter. The resulting server state does. – Julian Reschke Sep 11 '20 at 08:38
-
What matters is the state of the backend, even if the response is 2XX the first time and the second time a 404, the state of the backend is the same after both calls. That makes it idempotent. – raspacorp Aug 15 '23 at 03:04
-1
An idempotent HTTP method is an HTTP method that can be called many times without different outcomes. It would not matter if the method is called only once, or ten times over. The result should be the same. It essentially means that the result of a successfully performed request is independent of the number of times it is executed. For example, in arithmetic, adding zero to a number is idempotent operation.
POST is NOT idempotent. GET, PUT, DELETE, HEAD, OPTIONS and TRACE are idempotent.
1>POST -->Every time you call this Method It will give Different Result Why-->Consider a Scenario where you are creating new resources Each time you call this method it will resulting in creating new resources Giving you the different result each time and hence ,POST(in simple word "Insert") is non idempotent method.
2>Other will Give you the Same result
Mahesh Nighut
- 115
- 1
- 10
-
1Idempotency is not related to Response from a HTTP method,Please check the accepted answer on this post. – Nagesh Tripathi Jan 13 '20 at 03:36
-
@NageshTripathi There was nothing mentioned about the response to a request, only about the result on the server (or rather the affected resources/entities), which correctly identifies idempotency. They even gave an analogy in math which describes the mode of operation pretty well. – hurikhan77 Dec 15 '22 at 11:03
-11
Idenpotent methods (GET,OPTIONS) don't change anything at the server (other than possibly adding log entries). Non-idempotent (PUT,POST,DELETE) methods change the data which is used to populate content in the web pages or effect change elsewhere (such as moving a crane, transferring funds, sending an email).
symcbean
- 47,736
- 6
- 59
- 94
-
7That's not entirely correct. Idempotent means that you can repeat the request and the result should be the same. PUT and DELETE fall in that category too. – Gerard van Helden Jul 10 '17 at 18:57