[AVAILABLE] for what’s described below. No
Idempotency-Key header exists anywhere in this API, this page is describing the real mechanism, not a gap.businessTransactionId is the idempotency key, but not Stripe’s kind
POST /execute and POST /transactions require a caller-supplied businessTransactionId
(a UUID). Submitting the same one twice does not replay the first response the way
Stripe’s Idempotency-Key does. It fails:
DuplicateBusinessTransactionError. If your integration retries a timed-out
request with the same businessTransactionId, you get an error, not the original Execution
Trust Record. To retrieve the original result after a 409, call GET /trust-records/{businessTransactionId} (or GET /transactions/{businessTransactionId})
with the same ID.
Practical guidance for callers: generate businessTransactionId deterministically from
your own idempotency key (a UUIDv5 derived from your order ID, for example) so retries
naturally collide on the same ID, then treat a 409 on that ID as “already submitted, go
fetch it” rather than as a failure.
Nonces are a different, internal concept
The word “nonce” in this system refers to the single-usenonce inside a
SignedExecutionAuthorization, part of the internal decision-to-execution pipeline, not
something a REST API caller sends or manages. It is checked by a NonceStore when the
gateway verifies an authorization has not already been consumed,
before the execution it authorizes is allowed to run.
See Execution Authorization for the full mechanism
this protects.
What this means together
Two independent replay defenses exist at two different layers, and neither is anIdempotency-Key header:
| Layer | Mechanism | What repeating gets you |
|---|---|---|
REST API (businessTransactionId) | Uniqueness check against storage | 409, not the original response |
Internal authorization (nonce) | Single-use check in NonceStore | Rejected authorization, execution never runs |
businessTransactionId uniqueness check from the API.