Implementing the Idempotency-Key specification on Apache APISIX

Author: Nicolas Frankel

Original post on Foojay: Read More

Recently, I wrote an analysis of the IETF Idempotency-Key specification. The specification aims to avoid duplicated requests.

In short, the idea is for the client to send a unique key along with the request:

If the server doesn’t know the key, it proceeds as usual and then stores the response
If the server knows the key, it short-circuits any further processing and immediately returns the stored response

This post shows how to implement it with Apache APISIX.

Overview

Before starting coding, we need to define a couple of things. Apache APISIX offers a plugin-based architecture. Hence, we will code the above logic in a plugin.

Apache APISIX builds upon OpenResty, which builds upon nginx. Each component defines phases, which map more or less across the components. For more info on phases, please see this previous post.

Finally, we shall decide on a priority. Priority defines the order in which APISIX runs plugins inside a phase. I decided on 1500, as all authentication plugins have a priority in the 2000 and more range, but I want to return the cached response ASAP.

The specification requires us to store data. APISIX offers many abstractions, but storage is not one of them. We need access via the idempotency key so it looks like a key-value store.

I arbitrarily chose Redis, as it’s pretty widespread and the client is already part of the APISIX distribution. Note that simple Redis doesn’t offer JSON storage; hence, I use the redis-stack Docker image.

The local infrastructure is the following:

services:
apisix:
image: apache/apisix:3.9.0-debian
volumes:
– ./apisix/config.yml:/usr/local/apisix/conf/config.yaml:ro
– ./apisix/apisix.yml:/usr/local/apisix/conf/apisix.yaml:ro #1
– ./plugin/src:/opt/apisix/plugins:ro #2
ports:
– “9080:9080”
redis:
image: redis/redis-stack:7.2.0-v9
ports:
– “8001:8001” #3

Static route configuration
Path to our future plugin
Port of Redis Insights (GUI). Not necessary per se, but very useful during development for debugging

The APISIX configuration is the following:

deployment:
role: data_plane
role_data_plane:
config_provider: yaml #1

apisix:
extra_lua_path: /opt/?.lua #2

plugins:
– idempotency # priority: 1500 #3

plugin_attr: #4
idempotency:
host: redis #5

Configure APISIX for static routes configuration
Configure the location of our plugin
Custom plugins need to be explicitly declared. The priority comment is not required but is good practice and improves maintainability
Common plugin configuration across all routes
See below

Finally, we declare our single route:

routes:
– uri: /*
plugins:
idempotency: ~ #1
upstream:
nodes:
“httpbin.org:80”: 1 #2
#END #3

Declare the plugin that we are going to create
httpbin is a useful upstream as we can try different URIs and methods
Mandatory for static routes configuration!

With this infrastructure in place, we can start the implementation.

Laying out the plugin

The foundations of an Apache APISIX plugin are pretty basic:

local plugin_name = “idempotency”

local _M = {
version = 1.0,
priority = 1500,
schema = {},
name = plugin_name,
}

return _M

The next step is configuration, e.g. Redis host and port. For starters, we shall offer a single Redis configuration across all routes. That’s the idea behind the plugin_attr section in the config.yaml file: common configuration. Let’s flesh out our plugin:

local core = require(“apisix.core”)
local plugin = require(“apisix.plugin”)

local attr_schema = { –1
type = “object”,
properties = {
host = {
type = “string”,
description = “Redis host”,
default = “localhost”,
},
port = {
type = “integer”,
description = “Redis port”,
default = 6379,
},
},
}

function _M.init()
local attr = plugin.plugin_attr(plugin_name) or {}
local ok, err = core.schema.check(attr_schema, attr) –2
if not ok then
core.log.error(“Failed to check the plugin_attr[“, plugin_name, “]”, “: “, err)
return false, err
end
end

Define the shape of the configuration
Check the configuration is valid

Because I defined default values in the plugin, I can override only the host to redis to run inside my Docker Compose infrastructure and use the default port.

Next, I need to create the Redis client. Note that the platform prevents me from connecting in any phase after the rewrite/access section. Hence, I’ll create it in the init() method and keep it until the end.

local redis_new = require(“resty.redis”).new –1

function _M.init()

— …

redis = redis_new() –2
redis:set_timeout(1000)
local ok, err = redis:connect(attr.host, attr.port)
if not ok then
core.log.error(“Failed to connect to Redis: “, err)
return false, err
end
end

Reference the new function of the OpenResty Redis module
Call it to get an instance

The Redis client is now available in the redis variable throughout the rest of the plugin execution cycle.

Implementing the nominal path

In my previous software engineer life, I usually implemented the nominal path first. Afterward, I made the code more robust by managing error cases individually. This way, if I had to release at any point, I would still deliver business values – with warnings. I shall approach this mini-project the same way.

The pseudo-algorithm on the nominal path looks like the following:

DO extract idempotency key from request
DO look up value from Redis
IF value doesn’t exist
DO set key in Redis with empty value
ELSE
RETURN cached response
DO forward to upstream
DO store response in Redis
RETURN response

We need to map the logic to the phase I mentioned above. Two phases are available before the upstream, rewrite and access; three after, header_filter, body_filter and log. The access phase seemed obvious for work before, but I needed to figure out between the three others. I randomly chose the body_filter, but I’m more than willing to listen to sensible arguments for other phases.

Note that I removed logs to make the code more readable. Error and informational logs are necessary to ease debugging production issues.

function _M.access(conf, ctx)
local idempotency_key = core.request.header(ctx, “Idempotency-Key”) –1
local redis_key = “idempotency#” .. idempotency_key –2
local resp, err = redis:hgetall(redis_key) –3
if not resp then
return
end
if next(resp) == nil then –4
local resp, err = redis:hset(redis_key, “request”, true ) –4
if not resp then
return
end
else
local data = normalize_hgetall_result(resp) –5
local response = core.json.decode(data[“response”]) –6
local body = response[“body”] –7
local status_code = response[“status”] –7
local headers = response[“headers”] for k, v in pairs(headers) do –7
core.response.set_header(k, v)
end
return core.response.exit(status_code, body) –8
end
end

Extract the idempotency key from the request
Prefix the key so we avoid potential collisions
Get the data set stored in Redis under the idempotency key
If the key is not found, store it with a boolean mark
Transform the data in a Lua table via a custom utility function
The response is stored in JSON format to account for headers
Reconstruct the response
Return the reconstructed response to the client. Note the return statement: APISIX skips the later lifecycle phases

function _M.body_filter(conf, ctx)
local idempotency_key = core.request.header(ctx, “Idempotency-Key”) –1
local redis_key = “idempotency#” .. idempotency_key
if core.response then
local response = { –2
status = ngx.status,
body = core.response.hold_body_chunk(ctx, true),
headers = ngx.resp.get_headers()
}
local redis_key = “idempotency#” .. redis_key
local resp, err = red:set(redis_key, “response”, core.json.encode(response)) –3
if not resp then
return
end
end
end

xtract the idempotency key from the request
Arrange the different elements of a response in a Lua table
Store the JSON-encoded response in a Redis set

Tests reveal that it works as expected.
Try:

curl -i -X POST -H ‘Idempotency-Key: A’ localhost:9080/response-headers?freeform=hello
curl -i -H ‘Idempotency-Key: B’ localhost:9080/status/250
curl -i -H ‘Idempotency-Key: C’ -H ‘foo: bar’ localhost:9080/status/250

Also, try to reuse a mismatched idempotency key, e.g., A, for the third request. As we haven’t implemented any error management yet, you’ll get the cached response for another request. It’s time to up our game.

Implementing error paths

The specification defines several error paths:

Idempotency-Key is missing
Idempotency-Key is already used
A request is outstanding for this Idempotency-Key

Let’s implement them one by one. First, let’s check that the request has an idempotency key. Note that we can configure the plugin on a per-route basis, so if the route includes the plugin, we can conclude that it’s mandatory.

function _M.access(conf, ctx)
local idempotency_key = core.request.header(ctx, “Idempotency-Key”)
if not idempotency_key then
return core.response.exit(400, “This operation is idempotent and it requires correct usage of Idempotency Key”)
end
— …

Just return the appropriate 400 if the key is missing. That one was easy.

Checking the reuse of an existing key for a different request is slightly more involved. We first need to store the request, or more precisely, the fingerprint of what constitutes a request. Two requests are the same if they have: the same method, the same path, the same body, and the same headers. Depending on your situation, the domain (and the port) might or may not be part of them. For my simple implementation, I’ll leave it out.

There are several problems to solve. First, I didn’t find an existing API to hash the core.request object like there is in other languages I’m more familiar with, e.g., Java’s Object.hash(). I decided to encode the object in JSON and hash the string. However, the existing core.request has sub-elements that cannot be converted to JSON. I had to extract the parts mentioned above and convert the table.

local function hash_request(request, ctx)
local request = { –1
method = core.request.get_method(),
uri = ctx.var.request_uri,
headers = core.request.headers(),
body = core.request.get_body()
}
local json = core.json.stably_encode(request) –2
return ngx.encode_base64(json) –3
end

Create a table with only the relevant parts
The cjson library produces JSON whose members might be sorted differently across several calls. Hence, it results in different hashes. The core.json.stably_encode fixes that issue.
Hash it

Then, instead of storing a boolean when receiving the request, we store the resulting hash instead.

local hash = hash_request(core.request, ctx)
if next(resp) == nil then
core.log.warn(“No key found in Redis for Idempotency-Key, set it: “, redis_key)
local resp, err = redis:hset(redis_key, “request”, hash)
if not resp then
core.log.error(“Failed to set data in Redis: “, err)
return
end
then — …

We read the hash stored under the idempotency key on the other branch. If they don’t match, we exit with the relevant error code:

local data = normalize_hgetall_result(resp)
local stored_hash = data[“request”] if hash ~= stored_hash then
return core.response.exit(422, “This operation is idempotent and it requires correct usage of Idempotency Key. Idempotency Key MUST not be reused across different payloads of this operation.”)
end

The final error management happens just afterward. Imagine the following scenario:

A request comes with idempotency key X
The plugin fingerprints and stores the hash in Redis
APISIX forwards the request to the upstream
A duplicate request comes with the same idempotency key, X
The plugin reads the data from Redis and finds no cached response

The upstream didn’t finish processing the request; hence, the first request hasn’t yet reached the body_filter phase.

We append the following code to the above snippet:

if not data[“response”] then
return core.response.exit(409, ” request with the same Idempotency-Key for the same operation is being processed or is outstanding.”)
end

That’s it.

Conclusion

In this post, I showed a simple implementation of the Idempotency-Key header specification on Apache APISIX via a plugin.

At this stage, it has room for improvement: automated tests, the ability to configure Redis on a per route basis, configure the domain/path to be part of the request, configure a Redis cluster instead of a single instance, use another K/V store, etc.

Yet, it does implement the specification and has the potential to evolve into a more production-grade implementation.

The complete source code for this post can be found on GitHub.

To go further:

Idempotency-Key HTTP Header Field
Fixing duplicate API requests
Plugin Develop – APISIX website
How to Build an Apache APISIX Plugin From 0 to 1

Originally published at A Java Geek on April 7th, 2024

The post Implementing the Idempotency-Key specification on Apache APISIX appeared first on foojay.