How to Prevent Duplicate Orders with Anti‑Replay Tokens and Redis

During large e‑commerce promotions, repeated clicks, timeout retries, or duplicate message consumption can create many duplicate orders if no deduplication mechanism is in place, leading to oversold inventory, double payments, and accounting mismatches.

The anti‑duplicate token solution works by having the client request a unique token from the server, which stores the token in Redis with an expiration time. The client then includes this token in subsequent business‑critical requests; the server validates the token against Redis before processing the request.

Step 1 – Client obtains token: Before executing important business logic, the client calls the server to receive a token (commonly generated using UUID) which the server saves in Redis and returns to the client.

Step 2 – Client sends token with request: The client includes the token in its request. Upon receipt, the server looks up the token in Redis.

If the token exists, the request is allowed to proceed; after the business operation completes, the token is deleted from Redis. If the token is missing, the request is identified as a duplicate and the client receives a failure response.

Summary:

The token must be globally unique and stored in Redis for verification.

The approach is lock‑free and offers high performance, but adds an extra network I/O round‑trip; in high‑concurrency scenarios, atomicity of Redis check‑and‑delete can be ensured with Lua scripts.

The solution is suitable for small to medium‑sized systems and can be adapted based on specific business requirements.