The achievable version
True exactly once delivery is impossible over an unreliable network, yet many systems advertise exactly once. What they actually provide is exactly once processing, where each message affects state once even though it may be delivered many times.
The recipe
Exactly once processing is built from two layers.
- At least once delivery the broker retries until acknowledged, so no message is lost.
- Idempotent or transactional effects the consumer makes duplicates harmless, either by deduplicating on a message id or by committing the result and the offset together atomically.
If the consumer can record that a message was processed in the same transaction that applies its effect, a redelivered copy is recognized and skipped.
Transactional sinks
Stream processors reach effective exactly once by tying the output write and the input offset commit into one atomic step.
- Either both the result and the advanced offset persist, or neither does.
- A crash before commit replays the message, but the prior partial effect was never visible.
This is why the honest claim is exactly once semantics, not delivery.
Key idea
Exactly once processing pairs at least once delivery with idempotent or transactional effects so duplicates are recognized and discarded, giving exactly once outcomes without exactly once delivery.