Idempotent operations (e.g., GET, PUT with full resource) can be retried safely. Non-idempotent (POST creating resources) need dedup keys or client-generated ids.
Pattern: client sends idempotency-key header; server deduplicates requests using that key.
POST /chargeIdempotency-Key: abc-123{ "amount": 100}Server stores the key → response mapping for short TTL and returns previous result on duplicate.