Useless Idempotency-Key header causes wrong result from API

[belinde]

Describe the bug In Checkout API the call POST /paymentMethods uses the header Idempotency-Key, causing the API to respond with a 901 Invalid Merchant Account. Disabling that header, and leaving every other parameter unchanged, give a valid response.

To Reproduce Steps to reproduce the behavior:

1. Import JSON for Checkout API v67 in Postman
2. Edit payment methods/Returns available payment methods. to use some test account
3. Make the request, should be an error 901
4. Disable the header Idempotency-Key
5. Make the request, should be a valid response

Expected behavior The header shouldn't be set in the openapi docs, or it should be completely ignored in the API

Desktop:

• OS: ubuntu linux
• Browser Postman
• Version 67

[a-akimov]

Hi @belinde, thank you very much for reporting this.

We are trying to reproduce the issue and unfortunately don't see exact same error. Although, since Postman seems to be populating the value of Idempotency-Key by default, and the fact that this is shared between multiple endpoints and also the same for everyone who will use this OpenAPI to import into Postman, this might lead to some unexpected behaviour.

We are now looking into how we can handle this header in OpenAPI files better, but for now I recommend that you are using this public Postman collection, which we recently released: https://www.postman.com/adyendev/workspace/adyen-checkout-public/overview

Please let us know if this helps.