Idempotency & Duplicate Prevention

When this skill applies

Use this skill when:

Implementing any PPP endpoint handler that processes payments, cancellations, captures, or refunds
Ensuring repeated Gateway calls with the same identifiers produce identical results without re-processing
Building a payment state machine to prevent invalid transitions (e.g., capturing a cancelled payment)
Handling the Gateway's 7-day retry window for
```
undefined
```
status payments

Do not use this skill for:

PPP endpoint response shapes and HTTP methods — use
```
payment-provider-protocol
```
Async callback URL notification logic — use
```
payment-async-flow
```
PCI compliance and Secure Proxy — use
```
payment-pci-security
```

Decision rules

Use
```
paymentId
```
as the idempotency key for Create Payment — every call with the same
```
paymentId
```
must return the same result.
Use
```
requestId
```
as the idempotency key for Cancel, Capture, and Refund operations.
If the Gateway sends a second Create Payment with the same
```
paymentId
```
, return the stored response without calling the acquirer again.
Async payment methods (Boleto, Pix) MUST return
```
status: "undefined"
```
— never
```
"approved"
```
until the acquirer confirms.
A payment moves through defined states:
```
undefined
```
→
```
approved
```
→
```
settled
```
, or
```
undefined
```
→
```
denied
```
, or
```
approved
```
→
```
cancelled
```
. Enforce valid transitions only.
Use a persistent data store (PostgreSQL, DynamoDB, VBase for VTEX IO) — never in-memory storage that is lost on restart.

Hard constraints

Constraint: MUST use paymentId as idempotency key for Create Payment

The connector MUST check for an existing record with the given

paymentId

before processing a new payment. If a record exists, return the stored response without calling the acquirer again.

Why this matters The VTEX Gateway retries Create Payment requests with

undefined

status for up to 7 days. Without idempotency on

paymentId

, each retry creates a new charge at the acquirer, resulting in duplicate charges to the customer. This is a financial loss and a critical production incident.

Detection If the Create Payment handler does not check for an existing

paymentId

before processing, STOP. The handler must query the data store for the

paymentId

first.

Correct

typescript

async function createPaymentHandler(req: Request, res: Response): Promise<void> {
  const { paymentId } = req.body;

  // Check for existing payment — idempotency guard
  const existingPayment = await paymentStore.findByPaymentId(paymentId);
  if (existingPayment) {
    // Return the exact same response — no new acquirer call
    res.status(200).json(existingPayment.response);
    return;
  }

  // First time seeing this paymentId — process with acquirer
  const result = await acquirer.authorize(req.body);

  const response = {
    paymentId,
    status: result.status,
    authorizationId: result.authorizationId ?? null,
    nsu: result.nsu ?? null,
    tid: result.tid ?? null,
    acquirer: "MyProvider",
    code: result.code ?? null,
    message: result.message ?? null,
    delayToAutoSettle: 21600,
    delayToAutoSettleAfterAntifraud: 1800,
    delayToCancel: 21600,
  };

  // Store the response for future idempotent lookups
  await paymentStore.save(paymentId, { request: req.body, response });

  res.status(200).json(response);
}

Wrong

typescript

async function createPaymentHandler(req: Request, res: Response): Promise<void> {
  const { paymentId } = req.body;

  // No idempotency check — every call hits the acquirer
  // If the Gateway retries this (which it will for undefined status),
  // the customer gets charged multiple times
  const result = await acquirer.authorize(req.body);

  res.status(200).json({
    paymentId,
    status: result.status,
    authorizationId: result.authorizationId ?? null,
    nsu: result.nsu ?? null,
    tid: result.tid ?? null,
    acquirer: "MyProvider",
    code: null,
    message: null,
    delayToAutoSettle: 21600,
    delayToAutoSettleAfterAntifraud: 1800,
    delayToCancel: 21600,
  });
}

Constraint: MUST return identical response for duplicate requests

When the connector receives a Create Payment request with a

paymentId

that already exists in the data store, it MUST return the exact stored response. It MUST NOT create a new record, generate new identifiers, or re-process the payment.

Why this matters The Gateway uses the response fields (

authorizationId

tid

nsu

status

) to track the transaction. If a retry returns different values, the Gateway loses track of the original transaction, causing reconciliation failures and potential double settlements.

Detection If the handler creates a new database record or generates new identifiers when it finds an existing

paymentId

, STOP. The handler must return the previously stored response verbatim.

Correct

typescript

async function createPaymentHandler(req: Request, res: Response): Promise<void> {
  const { paymentId } = req.body;

  const existing = await paymentStore.findByPaymentId(paymentId);
  if (existing) {
    // Return the EXACT stored response — same authorizationId, tid, nsu, status
    res.status(200).json(existing.response);
    return;
  }

  // ... process new payment and store response
}

Wrong

typescript

async function createPaymentHandler(req: Request, res: Response): Promise<void> {
  const { paymentId } = req.body;

  const existing = await paymentStore.findByPaymentId(paymentId);
  if (existing) {
    // WRONG: Generating new identifiers for an existing payment
    // The Gateway will see different tid/nsu and lose track of the transaction
    const newTid = generateNewTid();
    res.status(200).json({
      ...existing.response,
      tid: newTid,  // Different from original — breaks reconciliation
      nsu: generateNewNsu(),
    });
    return;
  }

  // ... process new payment
}

Constraint: MUST NOT approve async payments synchronously

If a payment method is asynchronous (e.g., Boleto, Pix, bank redirect), the Create Payment response MUST return

status: "undefined"

. It MUST NOT return

status: "approved"

status: "denied"

until the payment is actually confirmed or rejected by the acquirer.

Why this matters Returning

approved

for an async method tells the Gateway the payment is confirmed before the customer has actually paid. The order ships, but no money was collected. The merchant loses the product and the revenue. The correct flow is to return

undefined

and use the

callbackUrl

to notify the Gateway when the payment is confirmed.

Detection If the Create Payment handler returns

status: "approved"

status: "denied"

for an asynchronous payment method (Boleto, Pix, bank transfer, redirect-based), STOP. Async methods must return

"undefined"

and use callbacks.

Correct

typescript

async function createPaymentHandler(req: Request, res: Response): Promise<void> {
  const { paymentId, paymentMethod, callbackUrl } = req.body;

  const isAsyncMethod = ["BankInvoice", "Pix"].includes(paymentMethod);

  if (isAsyncMethod) {
    const pending = await acquirer.initiateAsyncPayment(req.body);

    await paymentStore.save(paymentId, {
      status: "undefined",
      callbackUrl,
      acquirerRef: pending.reference,
    });

    res.status(200).json({
      paymentId,
      status: "undefined",  // Correct for async
      authorizationId: pending.authorizationId ?? null,
      nsu: pending.nsu ?? null,
      tid: pending.tid ?? null,
      acquirer: "MyProvider",
      code: "ASYNC-PENDING",
      message: "Awaiting customer payment",
      delayToAutoSettle: 21600,
      delayToAutoSettleAfterAntifraud: 1800,
      delayToCancel: 604800,  // 7 days for async
      paymentUrl: pending.paymentUrl,
    });
    return;
  }

  // Sync methods can return approved/denied immediately
  // ...
}

Wrong

typescript

async function createPaymentHandler(req: Request, res: Response): Promise<void> {
  const { paymentId, paymentMethod } = req.body;

  // WRONG: Approving a Pix payment synchronously
  // The customer hasn't paid yet — the order will ship without payment
  const result = await acquirer.createPixCharge(req.body);

  res.status(200).json({
    paymentId,
    status: "approved",  // WRONG — Pix is async, should be "undefined"
    authorizationId: result.authorizationId ?? null,
    nsu: null,
    tid: null,
    acquirer: "MyProvider",
    code: null,
    message: null,
    delayToAutoSettle: 21600,
    delayToAutoSettleAfterAntifraud: 1800,
    delayToCancel: 21600,
  });
}

Preferred pattern

Payment state store with idempotency support:

typescript

interface PaymentRecord {
  paymentId: string;
  status: "undefined" | "approved" | "denied" | "cancelled" | "settled" | "refunded";
  response: Record<string, unknown>;
  callbackUrl?: string;
  createdAt: Date;
  updatedAt: Date;
}

interface OperationRecord {
  requestId: string;
  paymentId: string;
  operation: "cancel" | "capture" | "refund";
  response: Record<string, unknown>;
  createdAt: Date;
}

Idempotent Create Payment with state machine:

typescript

const store = new PaymentStore();

async function createPaymentHandler(req: Request, res: Response): Promise<void> {
  const { paymentId, paymentMethod, callbackUrl } = req.body;

  // Idempotency check
  const existing = await store.findByPaymentId(paymentId);
  if (existing) {
    res.status(200).json(existing.response);
    return;
  }

  const isAsync = ["BankInvoice", "Pix"].includes(paymentMethod);
  const result = await acquirer.process(req.body);

  const status = isAsync ? "undefined" : result.status;
  const response = {
    paymentId,
    status,
    authorizationId: result.authorizationId ?? null,
    nsu: result.nsu ?? null,
    tid: result.tid ?? null,
    acquirer: "MyProvider",
    code: result.code ?? null,
    message: result.message ?? null,
    delayToAutoSettle: 21600,
    delayToAutoSettleAfterAntifraud: 1800,
    delayToCancel: isAsync ? 604800 : 21600,
    ...(result.paymentUrl ? { paymentUrl: result.paymentUrl } : {}),
  };

  await store.save(paymentId, {
    paymentId, status, response, callbackUrl,
    createdAt: new Date(), updatedAt: new Date(),
  });

  res.status(200).json(response);
}

Idempotent Cancel with

requestId

guard and state validation:

typescript

async function cancelPaymentHandler(req: Request, res: Response): Promise<void> {
  const { paymentId } = req.params;
  const { requestId } = req.body;

  // Operation idempotency check
  const existingOp = await store.findOperation(requestId);
  if (existingOp) {
    res.status(200).json(existingOp.response);
    return;
  }

  // State machine validation
  const payment = await store.findByPaymentId(paymentId);
  if (!payment || !["undefined", "approved"].includes(payment.status)) {
    res.status(200).json({
      paymentId,
      cancellationId: null,
      code: "cancel-failed",
      message: `Cannot cancel payment in ${payment?.status ?? "unknown"} state`,
      requestId,
    });
    return;
  }

  const result = await acquirer.cancel(paymentId);
  const response = {
    paymentId,
    cancellationId: result.cancellationId ?? null,
    code: result.code ?? null,
    message: result.message ?? "Successfully cancelled",
    requestId,
  };

  await store.updateStatus(paymentId, "cancelled");
  await store.saveOperation(requestId, {
    requestId, paymentId, operation: "cancel", response, createdAt: new Date(),
  });

  res.status(200).json(response);
}

Common failure modes

Processing duplicate payments — Calling the acquirer for every Create Payment request without checking if the
```
paymentId
```
already exists. The Gateway retries
```
undefined
```
payments for up to 7 days, so a single $100 payment can result in hundreds of duplicate charges.
Synchronous approval of async payment methods — Returning
```
status: "approved"
```
immediately for Boleto or Pix before the customer has actually paid. The order ships without payment collected.
Losing state between retries — Storing payment state in memory (
```
Map
```
, local variable) instead of a persistent database. On process restart, all state is lost and the next retry creates a duplicate charge.
Generating new identifiers for duplicate requests — Returning different
```
tid
```
,
```
nsu
```
, or
```
authorizationId
```
values when the Gateway retries with the same
```
paymentId
```
. This breaks Gateway reconciliation and can cause double settlements.
Ignoring requestId on Cancel/Capture/Refund — Not checking
```
requestId
```
before processing operations, causing duplicate cancellations or refunds when the Gateway retries.

Review checklist

Does the Create Payment handler check the data store for an existing
```
paymentId
```
before calling the acquirer?
Are stored responses returned verbatim for duplicate
```
paymentId
```
requests?
Do Cancel, Capture, and Refund handlers check for existing
```
requestId
```
before processing?
Is the payment state machine enforced (e.g., cannot capture a cancelled payment)?
Do async payment methods (Boleto, Pix) return
```
status: "undefined"
```
instead of
```
"approved"
```
?
Is payment state stored in a persistent database (not in-memory)?
Are
```
delayToCancel
```
values extended for async methods (e.g., 604800 seconds = 7 days)?

Related skills

```
payment-provider-protocol
```
— Endpoint contracts and response shapes
```
payment-async-flow
```
— Callback URL notification and the 7-day retry window
```
payment-pci-security
```
— PCI compliance and Secure Proxy

Reference

Implementing a Payment Provider — Official guide explaining idempotency requirements for Cancel, Capture, and Refund operations
Developing a Payment Connector for VTEX — Help Center guide with idempotency implementation steps using paymentId and VBase
Purchase Flows — Detailed authorization, capture, and cancellation flow documentation including retry behavior
Payment Provider Protocol (Help Center) — Protocol overview including callback URL retry mechanics and 7-day retry window
Payment Provider Protocol API Reference — Full API specification with requestId and paymentId field definitions

payment-idempotency

NPX Install

Tags

SKILL.md Content

Idempotency & Duplicate Prevention

When this skill applies

Decision rules

Hard constraints

Constraint: MUST use paymentId as idempotency key for Create Payment

Constraint: MUST return identical response for duplicate requests

Constraint: MUST NOT approve async payments synchronously

Preferred pattern

Common failure modes

Review checklist

Related skills

Reference