When a pin is created, the service responds with unique requestid that can be later used for pin removal. When the same cid is pinned again, a different requestid is returned to differentiate between those pin requests.
Service implementation should use UUID, hash(accessToken,Pin,PinStatus.created), or any other opaque identifier that provides equally strong protection against race conditions.
As we're stateless, I would suggest returning a UUID or a hash of pin and current timestamp.
From the spec:
As we're stateless, I would suggest returning a UUID or a hash of pin and current timestamp.