Skip to main content

Preventing Duplicate Payment Requests: A Lightweight Idempotency Utility

Image
By mvryo

Photo by Towfiqu barbhuiya on Unsplash


In financial systems, executing the same request twice (like a payment) can be catastrophic. A user might:

  • Get charged twice
  • See double entries
  • Or even worse, lose trust in your system

To avoid this, APIs (especially for payments) often support idempotency keys. But not all backends or platforms provide built-in support. So I built one from scratch for my Kotlin backend.

🔁 What is Idempotency?

In software engineering, idempotency means that performing the same operation multiple times produces the same result as doing it once.

In simpler terms:

If you submit the same request twice, only one result should be processed.

💡 Real-world analogy

Imagine clicking a “Pay Now” button.
You click once — nothing happens — so you click again.
Without idempotency, you might be charged twice.
With idempotency, only one charge goes through — even if the button was clicked multiple times.

🛠️ In APIs

Many APIs (especially payment gateways) accept an idempotency key, these can be client-generated or server-stored unique identifiers for each operation. If the same key is used again, the server will:

  • Return the original response, or
  • Reject the duplicate, depending on the design

This makes APIs safe and reliable under:

  • Network retries
  • UI double-clicks
  • Unexpected client behavior

🛠️ The Kotlin Implementation

Here’s the full utility class:

import java.time.Instant
import java.util.concurrent.ConcurrentHashMap
import java.util.concurrent.Executors
import java.util.concurrent.ScheduledExecutorService
import java.util.concurrent.TimeUnit
import javax.annotation.PostConstruct
import javax.annotation.PreDestroy

class IdempotencyUtil {
    private val store = ConcurrentHashMap<String, Long>() // referenceNo -> expiryTimestamp
    private lateinit var cleaner: ScheduledExecutorService
    private val ttlMillis = TimeUnit.MINUTES.toMillis(5) // 5-minute TTL

    fun isDuplicate(referenceNo: String): Boolean {
        val now = Instant.now().toEpochMilli()
        val expiry = store[referenceNo]

        return if (expiry != null && expiry > now) {
            true // Duplicate within TTL
        } else {
            store[referenceNo] = now + ttlMillis
            false
        }
    }

    @PostConstruct
    fun startCleanupTask() {
        cleaner = Executors.newSingleThreadScheduledExecutor()

        cleaner.scheduleAtFixedRate({
            val now = Instant.now().toEpochMilli()
            store.entries.removeIf { it.value < now }
        }, 1, 1, TimeUnit.MINUTES)
    }

    @PreDestroy
    fun stopCleanupTask() {
        cleaner.shutdown()
    }
}

🔍 Code Breakdown

⏳ What is TTL (Time-To-Live)?

TTL (Time-To-Live) defines how long a piece of data should stay valid.

In our case, we only want to prevent duplicates within a short window (like 5 minutes). This allows:

  • Users to retry safely
  • Systems to avoid infinite memory growth
  • Reference numbers to “expire” after a while
private val ttlMillis = TimeUnit.MINUTES.toMillis(5)

This sets our window. If the same referenceNo comes in after 5 minutes, it might be processed again. However, if your system performs an additional check for an existing transaction with the same referenceNo before creating a new one, you can still prevent duplicate processing entirely.

✅ isDuplicate

This is the core method:

fun isDuplicate(referenceNo: String): Boolean
  • Checks if the referenceNo exists and hasn’t expired
  • If it hasn’t been seen, it stores it with a TTL

🧹 Cleanup Task

@PostConstruct
fun startCleanupTask()
  • Schedules a cleanup job every minute
  • Removes expired entries from memory
store.entries.removeIf { it.value < now }

🔌 Shutdown Safety

@PreDestroy
fun stopCleanupTask()

Ensures the scheduled executor shuts down gracefully when the app exits.

⚖️ Pros and Cons

✔️ Pros

  • Simple and easy to integrate
  • No external dependencies
  • Great for small-scale services or prototypes

❌ Cons

  • Not distributed: Only works within a single instance
  • Not persistent: Keys are lost on app restart
  • Potential for race conditions under extreme concurrency

🔧 Improvements and Alternatives

1. Configurable TTL

Make TTL configurable via constructor or external config.

2. Distributed Storage

For high availability, store reference numbers in Redis or Hazelcast.

3. Monitoring

Add logs or metrics to track duplicate detection frequency.

📈 Real-World Use Case: Payment Gateway

In my case, I built this utility to wrap a payment gateway endpoint. Whenever a payment is initiated:

  • The client sends a referenceNo
  • The backend checks isDuplicate(referenceNo)
  • If it’s already been processed recently, the request is ignored

This protects against:

  • Double clicks
  • Retry storms
  • Poorly written clients

And it saved me from a lot of debugging.

🧩 Final Thoughts

This Kotlin utility proves that even a few lines of code can deliver real business value — like preventing duplicate transactions in your system.

While this version is intentionally lightweight and non-persistent, it lays the foundation for more robust, distributed idempotency handling in the future.

💬 What About You?

  • Have you had to prevent duplicate payments?
  • What strategies do you use for idempotency?
Labels:

Comments

Post a Comment

Popular posts from this blog

Understanding Number Systems: Decimal, Binary, and Hexadecimal

By mvryo
In everyday life, we use numbers all the time, whether for counting, telling time, or handling money. The number system we’re most familiar with is the   decimal system , but computers use other systems, such as   binary   and   hexadecimal . Let’s break down these number systems to understand how they work. What is a Number System? A number system is a way of representing numbers using a set of symbols and rules. The most common number systems are: Decimal (Base 10) Binary (Base 2) Hexadecimal (Base 16) Each system has a different “base” that tells us how many unique digits (symbols) are used to represent numbers. Decimal Number System (Base 10) This is the system we use daily. It has  10 digits , ranging from  0 to 9 . Example: The number  529  in decimal means: 5 × 1⁰² + 2 × 1⁰¹ + 9 × 1⁰⁰ =  500 + 20 + 9 = 529 Each position represents a power of 10, starting from the rightmost digit. Why Base 10? Decimal is base 10 because it has 10 digits...
Post a Comment
Read More »

How to Monetize Your API as an Individual Developer While Hosting on Your Own Server?

By mvryo
In the API economy, cloud services like AWS, Google Cloud, and Azure offer many conveniences, such as scaling and infrastructure management. However, some developers prefer more control and autonomy, opting to host their APIs on personal servers. Whether for cost efficiency, data privacy, or customization, hosting your own API comes with both advantages and challenges. But, even without cloud platforms, there are effective ways to monetize your API. This guide will explore how individual developers can successfully monetize their APIs while hosting them on their own servers. Why Host Your API on Your Own Server? Hosting your own API gives you full control over the infrastructure and potentially lower long-term costs. Here’s why some developers choose this approach: Cost Control : Instead of paying ongoing cloud fees, you may opt for a one-time or lower-cost hosting solution that fits your budget and resource needs. Data Ownership : You have full control over data, which is critical if ...
Post a Comment
Read More »

The Weight of Responsibility: A Developer’s Journey to Balance Passion and Reality

By mvryo
For the past several years, Eddie has been on a steady climb in his career as a developer, but recently, he found himself at a crossroads — caught between the weight of his responsibilities and the desire to pursue his true passions. His journey began with a three-month internship as a web developer, which led to nearly four years in an application developer role. After that, he spent almost a year as a systems associate, managing tasks across systems analysis, quality assurance, and business analysis. Eventually, he returned to full-time software development for another two years before transitioning into more complex roles. For over a year, he worked as a multi-role software developer and database administrator before stepping into his current position as a senior software developer, database administrator, and cloud administrator — occasionally handling security tasks as well. Now, with over 8 years of professional experience, he also leads a small team of developers, which has been...
Post a Comment
Read More »

The Hidden Costs of Overdesign and Bad Practices in API Systems

By mvryo
In software development, simplicity and clarity are often sacrificed in favor of overly complex solutions. While it can be tempting to add more features and intricate designs to ensure robustness, overdesign and poor practices can have significant consequences. They frustrate developers, lead to inefficiencies, increase costs, and put unnecessary strain on system resources.  A recent example involving a team that has faced challenges with complexity highlights the pitfalls of such an approach. Overdesign: The Problem of Too Much Complexity Overdesign occurs when systems are built with more complexity than necessary. This might manifest in bloated APIs, convoluted data flows, or excessive checks and processes that don’t add substantial value. The goal is often to anticipate future problems, but this approach typically results in cumbersome systems that are difficult to maintain and scale. In one case, a company found itself paying a hefty price just to host two API services and a po...
Post a Comment
Read More »

Selenium for Beginners: What, Where, When, and Why to Use It in Automated Testing

By mvryo
In today’s software development landscape, automated testing has become essential for delivering robust applications efficiently. Among various automated testing tools,   Selenium   stands out as one of the most widely used and beginner-friendly options. As you embark on your journey into automated testing, it’s crucial to understand the   what, where, when, and why   of using Selenium. In this guide we will run through these essentials and help you decide if Selenium is the right tool for you. What is Selenium? Selenium  is an open-source framework used primarily for automating web browsers. It enables developers and testers to write scripts that interact with websites, simulating actions like clicking buttons, filling out forms, and navigating pages, which allows for comprehensive automated testing. Selenium supports multiple programming languages, including Python, Java, C#, and JavaScript, making it flexible for teams with different coding preferences. Key C...
Post a Comment
Read More »