Re: [PR] Document Idempotency-Key semantics in OpenAPI [iceberg]

Fri, 17 Oct 2025 20:50:47 -0700 


dimas-b commented on code in PR #14196:
URL: https://github.com/apache/iceberg/pull/14196#discussion_r2389657122


##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -1903,6 +1926,39 @@ components:
       schema:
         type: string
 
+    idempotency-key:
+      name: Idempotency-Key
+      in: header
+      required: false
+      schema:
+        type: string
+        format: uuid
+        minLength: 36
+        maxLength: 36
+        example: "550e8400-e29b-41d4-a716-446655440000"
+      description: |
+        Optional client-provided idempotency key for safe request retries.
+
+        When present, the server ensures no additional effects for requests 
that carry the same
+        Idempotency-Key within the same operation/resource scope. If a prior 
request with this key
+        has been finalized, the server returns the previously finalized 
response instead of
+        re-executing the mutation.
+
+        Finalization rules:
+        - Finalize & replay: 200, 201, 204, and deterministic terminal 4xx
+        - Do not finalize (not stored/replayed): 5xx, 409 request_in_progress
+
+        Key Requirements:
+        - Must be unique per client mutation operation (e.g., updateTable, 
createTable)
+        - Key format: UUID (V7 preferred)
+        - Scoped to operation type and resource path

Review Comment:
   UUID clashes are supposed to be extremely unlikely.
   
   I believe the real requirement is that clients should use an algorithm that 
provides strong key uniqueness guarantees within the validity time window for 
the request rates that clients actually generate (UUID v7 fits that requirement 
for most practical cases, I believe). Servers _may_ (or are recommended to) 
validate that request parameters (URI path, method, resource ID, request body, 
etc.) are the same when a retry is detected.
   
   I hope that balances flexibility (in implementations) and robustness.
   
   I wonder what you and other reviews think about this too :thinking: 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to