Atomic Idempotency Layers in Distributed APIs with Redis and Lua
The Idempotency Imperative in Distributed Systems
In any distributed architecture, the assumption that a client will make a request exactly once is a fallacy. Network partitions, client-side timeouts, gateway errors, and simple retry logic all conspire to create duplicate requests. For read operations (GET), this is a benign annoyance. For state-mutating operations (POST, PUT, PATCH), it's a source of critical bugs: double-charging a customer, creating duplicate user accounts, or processing the same order twice.
Idempotency is the property of an operation that ensures it can be performed multiple times with the same result as if it were performed only once. While the HTTP specification defines PUT and DELETE as idempotent, it's the server's responsibility to enforce this guarantee, especially for POST requests which are explicitly non-idempotent by default.
A common approach is to require clients to send a unique Idempotency-Key in the request header. The server then tracks these keys to ensure that the underlying operation for a given key is executed only once.
The naive implementation—checking for the key in a database, and if it doesn't exist, inserting it and then processing the request—is fraught with race conditions. Two concurrent requests with the same key can both pass the initial check before either has committed the key to the database, leading to duplicate execution. This is where we need an atomic check-and-set operation, a perfect use case for an in-memory data store like Redis, supercharged with Lua scripting.
This article details the architecture and implementation of a robust, high-performance idempotency layer using Redis. We will not be discussing basic concepts, but rather the low-level mechanics of building a production-ready system that can handle concurrency, failures, and performance at scale.
Core Architectural Principles
Our idempotency layer will adhere to the following principles:
STARTED -> PROCESSING -> COMPLETED or FAILED. Our system must track this state.The Redis Data Model for Idempotency
We will use a Redis Hash to store the state for each idempotency key. A Hash is a memory-efficient data structure for storing a collection of field-value pairs. Using a single key for each request simplifies TTL management and logical grouping of data.
For a given idempotency-key, our Hash might look like this:
KEY: idempotency:some-uuid-v4
FIELDS:
- stage: "PROCESSING" | "COMPLETED"
- response_code: "201"
- response_body: "{\"order_id\": \"12345\"}"
- locked_at: "1678886400"This structure allows us to store all relevant information under a single key. The stage field is crucial for managing the request lifecycle.
Section 1: The Atomic "Check-and-Lock" Lua Script
The most critical part of the system is the initial check. A sequence of EXISTS, HSET, EXPIRE commands sent from the client is not atomic. A network round trip between each command leaves a window for another process to interfere. Redis guarantees that a Lua script is executed atomically—no other command can run concurrently while a script is executing. This is the foundation of our solution.
Here is the Lua script that handles the initial check and lock acquisition.
check_and_lock.lua
-- KEYS[1]: The idempotency key (e.g., 'idempotency:some-uuid-v4')
-- ARGV[1]: The TTL for the processing lock in seconds (e.g., '30')
-- Check if the key already exists
local key_exists = redis.call('EXISTS', KEYS[1])
if key_exists == 1 then
-- Key exists, return the current state
local stage = redis.call('HGET', KEYS[1], 'stage')
if stage == 'COMPLETED' then
-- Request was already completed, return cached response
local response_code = redis.call('HGET', KEYS[1], 'response_code')
local response_body = redis.call('HGET', KEYS[1], 'response_body')
return {'COMPLETED', response_code, response_body}
else
-- Request is currently processing, return conflict
return {'PROCESSING'}
end
else
-- Key does not exist, this is a new request.
-- Create the hash, set the stage to 'PROCESSING', and set a TTL.
redis.call('HSET', KEYS[1], 'stage', 'PROCESSING')
redis.call('EXPIRE', KEYS[1], ARGV[1])
return {'PROCEED'}
endThis script returns a table (array) indicating the outcome:
* {'PROCEED'}: The lock was acquired successfully. The application should proceed with the business logic.
* {'PROCESSING'}: Another process is currently handling this key. The API should return a 409 Conflict.
* {'COMPLETED', response_code, response_body}: The operation was already completed. The API should return the cached response.
Node.js Middleware Implementation
Let's integrate this script into a Node.js Express middleware. We'll use the ioredis client, which has excellent support for Lua scripts.
// redisClient.js
const Redis = require('ioredis');
const fs = require('fs');
const path = require('path');
const redis = new Redis({
// Your Redis connection options
});
// Load and register the Lua script
redis.defineCommand('checkAndLock', {
numberOfKeys: 1,
lua: fs.readFileSync(path.join(__dirname, 'lua/check_and_lock.lua'), 'utf8'),
});
module.exports = redis;// idempotencyMiddleware.js
const redis = require('./redisClient');
const PROCESSING_LOCK_TTL_SECONDS = 30; // 30-second lock
async function idempotencyMiddleware(req, res, next) {
const idempotencyKey = req.headers['idempotency-key'];
if (!idempotencyKey) {
// Or handle as a bad request, depending on your API contract
return next();
}
const redisKey = `idempotency:${idempotencyKey}`;
try {
const result = await redis.checkAndLock(redisKey, PROCESSING_LOCK_TTL_SECONDS);
const status = result[0];
if (status === 'PROCEED') {
// Attach key to the request object for later use
req.idempotencyKey = redisKey;
return next();
}
if (status === 'PROCESSING') {
// Another request is in-flight
return res.status(409).json({ error: 'Request is already being processed.' });
}
if (status === 'COMPLETED') {
// Request was already completed, return cached response
const responseCode = parseInt(result[1], 10);
const responseBody = result[2] ? JSON.parse(result[2]) : null;
console.log(`Returning cached response for key: ${redisKey}`);
return res.status(responseCode).json(responseBody);
}
} catch (error) {
console.error('Redis error in idempotency middleware:', error);
// Fail open or closed? Failing open is risky. Failing closed is safer.
return res.status(500).json({ error: 'Idempotency service error.' });
}
}
module.exports = idempotencyMiddleware;This middleware now provides the atomic entrypoint. If it calls next(), we have a guarantee that we hold a temporary lock on the operation.
Section 2: Storing the Final Response
Once the business logic is complete, we must update the Redis key to mark the operation as COMPLETED and store the response. Again, we'll use a Lua script for atomicity, although it's less critical here than in the locking phase. Using a script is still good practice as it reduces network round trips.
store_result.lua
-- KEYS[1]: The idempotency key
-- ARGV[1]: The final TTL for the cached response in seconds (e.g., '86400' for 24 hours)
-- ARGV[2]: The HTTP response code (e.g., '201')
-- ARGV[3]: The JSON response body (e.g., '{"order_id": "12345"}')
redis.call('HSET', KEYS[1], 'stage', 'COMPLETED')
redis.call('HSET', KEYS[1], 'response_code', ARGV[2])
redis.call('HSET', KEYS[1], 'response_body', ARGV[3])
-- Set the final, longer TTL
redis.call('EXPIRE', KEYS[1], ARGV[1])
return 'OK'Integrating with the Application Logic
We need a way to capture the response and call this script before the response is sent to the client. We can do this by wrapping the res.json and res.send methods.
// redisClient.js (add the new command)
redis.defineCommand('storeResult', {
numberOfKeys: 1,
lua: fs.readFileSync(path.join(__dirname, 'lua/store_result.lua'), 'utf8'),
});// a more advanced idempotencyMiddleware.js
const redis = require('./redisClient');
const PROCESSING_LOCK_TTL_SECONDS = 30;
const COMPLETED_RESPONSE_TTL_SECONDS = 24 * 60 * 60; // 24 hours
async function idempotencyMiddleware(req, res, next) {
const idempotencyKey = req.headers['idempotency-key'];
if (!idempotencyKey) {
return next();
}
const redisKey = `idempotency:${idempotencyKey}`;
try {
const result = await redis.checkAndLock(redisKey, PROCESSING_LOCK_TTL_SECONDS);
const status = result[0];
if (status === 'PROCEED') {
req.idempotencyKey = redisKey;
// Monkey-patch res.json to store the result before sending
const originalJson = res.json.bind(res);
res.json = (body) => {
// Only store successful responses (2xx)
if (res.statusCode >= 200 && res.statusCode < 300) {
redis.storeResult(
redisKey,
COMPLETED_RESPONSE_TTL_SECONDS,
res.statusCode,
JSON.stringify(body)
).catch(err => console.error(`Failed to store idempotency result for ${redisKey}`, err));
}
return originalJson(body);
};
return next();
}
// ... (handle 'PROCESSING' and 'COMPLETED' as before)
} catch (error) {
// ... (error handling as before)
}
}
module.exports = idempotencyMiddleware;Now, when a controller calls res.json({...}), our wrapper function intercepts it, fires off the storeResult command to Redis (without waiting for it), and then proceeds to send the response to the client.
Example Controller Usage
const express = require('express');
const idempotencyMiddleware = require('./idempotencyMiddleware');
const app = express();
app.use(express.json());
// Apply the middleware to a specific route
app.post('/api/orders', idempotencyMiddleware, async (req, res) => {
try {
// Simulate a slow database operation
console.log(`Processing new order for key: ${req.idempotencyKey}`);
await new Promise(resolve => setTimeout(resolve, 2000));
const order = { order_id: `ord_${Date.now()}`, items: req.body.items };
// The patched res.json will handle storing the result in Redis
res.status(201).json(order);
} catch (error) {
console.error('Order processing failed:', error);
// We should ideally clear the idempotency key on failure
if (req.idempotencyKey) {
redis.del(req.idempotencyKey).catch(err => console.error(`Failed to clear idempotency key ${req.idempotencyKey}`, err));
}
res.status(500).json({ error: 'Failed to create order.' });
}
});
app.listen(3000, () => console.log('Server running on port 3000'));Section 3: Advanced Considerations and Edge Cases
A working implementation is just the start. A production system must contend with failures, performance bottlenecks, and operational complexities.
Edge Case: Server Crash During Processing
Problem: A request comes in, the checkAndLock script successfully creates a key with stage: PROCESSING and a 30-second TTL. The Node.js process then crashes before it can complete the operation and store the final result.
Solution: This is precisely why the PROCESSING lock has a short TTL. The key will be stuck in the PROCESSING state for 30 seconds. Any retries during this window will receive a 409 Conflict. After 30 seconds, the key expires from Redis automatically. The next client retry will find no key and will be able to start the process anew by acquiring a new lock. The PROCESSING_LOCK_TTL_SECONDS value should be chosen carefully: it must be longer than your expected maximum processing time for the operation, but short enough to not cause an unacceptable delay for users in a crash scenario.
Performance: Managing Large Response Payloads
Problem: Storing multi-megabyte JSON responses in Redis for every idempotent request can consume a significant amount of memory, impacting Redis performance and cost.
Solution 1: Conditional Caching: Only cache responses below a certain size threshold. For larger responses, simply store the stage: COMPLETED and the response_code but leave the response_body empty. Subsequent requests will get a generic success response (e.g., 200 OK with {"status": "completed"}) instead of the full original body, but will still be prevented from re-executing the operation.
Solution 2: Offload to Blob Storage: For very large payloads, store the response body in a dedicated blob store like Amazon S3 or Google Cloud Storage. In Redis, store the S3 object key or GCS URL instead of the body itself. When serving a cached response, the application would fetch the payload from blob storage. This adds latency but drastically reduces Redis memory pressure.
-- store_result_with_s3_reference.lua
-- ARGV[3] is now the S3 object key
redis.call('HSET', KEYS[1], 'response_body_ref', ARGV[3])
redis.call('HSET', KEYS[1], 'response_body_type', 'S3_REFERENCE')
-- ... rest of the scriptHigh-Throughput and Redis Topology
Problem: In a high-traffic system, the idempotency check can become a bottleneck. How does this pattern scale with a Redis Cluster?
Solution: This pattern is perfectly compatible with Redis Cluster. Since each idempotency key is unique and self-contained, the keys will be distributed across the different shards (hash slots) of the cluster. The Lua scripts will execute on the specific shard that owns the key. There are no multi-key operations that would cross shard boundaries, so the implementation remains the same.
One critical detail: you cannot offload the initial checkAndLock to a read replica. The operation involves a potential write (HSET, EXPIRE) and must be directed to the primary node for that shard to ensure consistency.
Edge Case: Redis Primary Failover and Split Brain
This is the most complex failure mode. Consider this sequence of events in a primary-replica setup with asynchronous replication:
Idempotency-Key: K1 arrives. It is routed to the current Primary (P1).checkAndLock executes on P1, creating the lock for K1.K1 is replicated to the Replica (R1).- The cluster promotes R1 to be the new Primary (P2).
Idempotency-Key: K1, arrives. It is routed to the new Primary (P2).K1 was never replicated, P2 sees no key and executes checkAndLock, granting a lock. We now have two processes executing the same operation.This is a classic distributed systems problem. The fundamental trade-off is between availability and consistency. The standard Redis replication model prioritizes availability and performance, accepting a small window of data loss on failover.
Mitigation Strategies:
WAIT command after the HSET call within the Lua script. WAIT 1 500 would block the script until the write has been acknowledged by at least 1 replica, with a 500ms timeout. This adds significant latency to every request and reduces throughput, but it dramatically reduces the window for data loss. It transforms the trade-off from high-performance/eventual-consistency to lower-performance/higher-consistency.check-and-set would be handled by a CP store, at a significant performance cost.The controversial Redlock algorithm attempts to solve this by acquiring locks from a majority of independent Redis masters, but its guarantees have been heavily debated (see Martin Kleppmann's critique). For most practical API idempotency, accepting the small risk of asynchronous replication or using WAIT for critical operations is the more pragmatic approach.
Conclusion: A Pattern for Production Resilience
Building a truly resilient distributed system requires moving beyond optimistic assumptions and tackling the messy reality of network retries and concurrent requests. The idempotency layer pattern, when implemented correctly with atomic operations, provides a powerful safeguard against data corruption caused by duplicate mutations.
By leveraging the raw performance of Redis and the atomicity guarantees of Lua scripts, we can construct a layer that is both highly performant and robust. The provided Node.js implementation serves as a blueprint, but the core Lua scripts are language-agnostic and can be adapted to any stack.
The key takeaways for senior engineers are:
check-then-set logic with separate client commands. Use Lua or Redis transactions.This pattern is not a silver bullet, but a foundational component for building predictable and reliable APIs in an unpredictable distributed world.