Payments engineering abstract
Payments Reliability System Design

Payments That Never Double-Charge: Idempotency + Webhook Reconciliation

24 Dec 2025 8 min read Production Engineering
BISHOY EMAD
BISHOY EMAD
Full-Stack • Cybersecurity
Work With Us

If your checkout can be retried, refreshed, replayed by a flaky network, or re-fired by payment providers (it can), then double-charge risk is an engineering problem — not a “customer support” problem. The fix is a combined pattern: idempotent command processing + webhook reconciliation with strict state transitions.

Why Double-Charges Happen in Real Systems

Payments are distributed workflows: client, backend, gateway, fraud checks, async webhooks, queues. Failures are normal — and retries are guaranteed. If you treat a retry as “new purchase”, you create duplicates.

Idempotency Keys: The Non-Negotiable Primitive

Every “Confirm Checkout” command should carry an idempotency key. The server persists it with a unique constraint and returns the stored response on duplicates.

Production Rule Persist idempotency keys in durable storage (DB). Do not rely on in-memory caches alone.
// Pseudocode: idempotent confirm
BEGIN TRANSACTION
  existing = SELECT * FROM idempotency WHERE key=? FOR UPDATE
  IF existing: RETURN existing.response

  intent = INSERT INTO payment_intents(status='PENDING', ...)
  INSERT INTO idempotency(key, responseRef=intent.id)
COMMIT

provider = Gateway.CreateOrConfirm(intent)
UPDATE payment_intents SET status=provider.status WHERE id=intent.id
UPDATE idempotency SET response=provider.summary WHERE key=?

Webhook Reconciliation: Make the Truth Deterministic

Webhooks arrive late, duplicated, and out of order. Your handler must: verify signature, store raw event (unique by event_id), map to internal intent/order, then apply a strict state machine.

Stop Using “paid=true”

A boolean can’t represent authorization, capture, partial refunds, chargebacks, or disputes. Model explicit states with timestamps and provider references.

PENDING → AUTHORIZED → CAPTURED
FAILED / CANCELED
REFUNDED / CHARGEBACK

Security Controls Most Teams Miss

Why This Ranks & Converts

“double charged”, “duplicate payment”, “webhook retries”, “idempotency key” are high-intent keywords. This topic shows your company builds stable payment systems — a direct revenue protection promise.

Work With Us