← Lessons

quiz vs the machine

Gold1500

System Design

Exactly Once Charge Guarantees

Combining idempotency keys and deduplication so a customer is charged exactly one time.

5 min read · core · beat Gold to climb

Why exactly once is hard

Networks deliver at least once or at most once, never naturally exactly once. A lost acknowledgment makes a sender retry, which can charge twice; dropping retries can charge zero times. Payments need the appearance of exactly once.

How to build it

  • Give each charge an idempotency key so duplicates collapse into one.
  • Deduplicate at the boundary by recording processed keys.
  • Make the charge and the dedupe record commit in the same transaction so they cannot disagree.

The honest framing

True exactly once does not exist on the wire. What you build is at least once delivery plus idempotent processing, which together behave like exactly once from the outside.

  • Keep keys long enough to cover all retry windows.
  • Ensure the downstream processor also honors the key end to end.

Key idea

Exactly once charging is at least once delivery plus idempotent deduplication committed atomically, so retries and losses still produce a single charge.

Check yourself

Answer to earn rating on the learn ladder.

1. How is exactly once charging actually achieved?

2. Why commit the charge and dedupe record together?