Idempotency-Key header on every POST mutation; if the server already processed it, it returns the cached response instead of redoing the work.
The contract
| Rule | Detail |
|---|---|
| Header name | Idempotency-Key |
| Format | UUID v4 |
| Scope | Per workspace user. Same key from a different user is independent. |
| Lifetime | 24 hours |
| What’s cached | Status code, response headers, response body |
| What counts as “same request” | Method + URL + body byte-hash |
Which endpoints support it
Every POST mutation, most importantly:POST /api/v1/facade/generate— the one that costs credits; a retried request with the same key is never charged twicePOST /api/v1/facade/brandsandPOST /api/v1/facade/brands/from-urlPOST /api/v1/facade/webhooks(+/test,/rotate-secret)POST /api/v1/generate/sign
How to use it
Response headers
| Header | Meaning |
|---|---|
X-Idempotency-Status: stored | First time we’ve seen this key — response is now cached for 24h. |
X-Idempotency-Status: cached | We’ve seen this key before — this response was replayed from cache. |
X-Idempotency-Created | Timestamp of the first request that used this key. |