#iandk

Hello! That sounds correct, yeah. The idempotency key is the one you used to make the API request that led to those Events, and those two Events were probably the result of a single API request.

I thought this key would always be unique to allow me to prevent executing the same webhook event twice.

When receiving a webhook by stripe I'm storing the received payload + the idempotency_key.

Before executing any jobs I first validate there is no entry with the same idempotency_key.

No, the idempotency key is from the API request. It's unique to the API operation. It is not unique per Event.

You can use the ID of the Event for that.

The id of the Event will uniquely identify the Event and you can use it to determine if you've processed that Event or not.

Ok. So when receiving a webhook I'd do the following

1. Check if any database model matches the event_id
2. Match? Drop webhook
3. No match? Save payload + event_id to database
4. Process webhook

Did I get that right?

Yep!

Do I even need to handle the idempotency_key then?

Not typically, unless you wanted to match the Event to a specific API operation/requests.

Idempotency keys are designed to make it safe to retry API requests where you're not sure if they succeeded or not.

They're not usually used on the Events/webhook side of things, although there are some edge cases where they come in handy.

I just want to prevent that if my application receives a webhook twice for some reason I do not execute the same event twice.

e.g. on payment_intent.succeeded

See here for more details about idempotency: https://stripe.com/docs/api/idempotent_requests

Yeah, for that use case you only need the Event ID.

I see now. Thank you