I noticed a very old thread about idempotent POST that went dead #764.
I think it is a common use case to have natural keys (uniqueness constraints that identify unique resources), but to allow the system to provide a generated id. I POST the resource and get a 201 Created with Location. Great.
Its also very common that this could happen many times concurrently or in quick succession. In this semantic I don’t want to return a 409 conflict (I may in other cases), I want the client logic to be race agnostic -or at least ambivalent. The semantic of course is data model dependent.
I see 2 choices (you may suggest others):
- Lie and say I created it the second/third/fourth time, even though I didn’t and return 201 Created + Location (same location each time)
- Be honest, return 201 Created+ Location for the first POST and 200 OK + Location (same location each time) for subsequent ones.
I think option (1) violates the spirit of the jsonapi spec, but make client handling very slightly easier, whereas option (2) appears to be acceptable, and the client handling is still pretty clean.
I’m pressing forward with (2) but very keen to hear thoughts and ideas from the community experienced in using jsonapi.