75

I was wondering about this.

Suppose I have a user resource with id and name fields. If I want to update a field I could just do a PATCH request to the resource like this

PATCH /users/42
{"name": "john doe"}

And then the application will update user 42 name.

But why if I repeat this request the outcome would be different?

According to RFC 5789

PATCH is neither safe nor idempotent

asked Oct 24, 2014 at 8:41
8
  • @gnat doesn't a similar argument hold also for the PUT method which is instead considered idempotent? (see restcookbook.com/HTTP Methods/put-vs-post/) Commented Oct 24, 2014 at 9:16
  • "PUT has idempotent semantics and thus can be safely used for absolute updates ( ie we send entire state of the resource to the server ), but not also for relative updates ( ie we send just changes to the resource state ), since that would violate its semantics..." (POST and PUT requests – is it just the convention?) Commented Oct 24, 2014 at 9:22
  • 1
    Obviously... But you could say PUT is not idempotent because between two equal requests a second client could make a third request in-between the two But since we don't care about previous data, that's not a problem. The same argument holds for PATCH requests. Commented Oct 24, 2014 at 9:26
  • 2
    I took the liberty of adding a reference to the relevant specification, as I believe that is highly relevant in the context of this question. Commented Oct 24, 2014 at 9:52
  • Could be, that PATCH execution relies on the client's threads count and may be affected while clicking 'refresh page' during call? Commented Oct 24, 2014 at 10:43

4 Answers 4

57

A PATCH request can be idempotent, but it isn't required to be. That is the reason it is characterized as non-idempotent.

Whether PATCH can be idempotent or not depends strongly on how the required changes are communicated.

For example, if the patch format is in the form of {change: 'Stock' add: -1}, then any PATCH request after the first one would have a different effect than the first request, i.e. a further decrease in the assumed stock of the product.

Another reason for non-idempotency can be that applying the modification on something else than the original resource can render the resource invalid. This would then also be the case if you apply the change multiple times.

Robert Harvey
201k55 gold badges469 silver badges682 bronze badges
answered Oct 24, 2014 at 10:45
8
  • 5
    I don't understand the last paragraph, can you give an example of how "applying the modification on something else than the original resource can render the resource invalid", and how this relates to applying a change multiple times to the same resource? Commented Aug 12, 2015 at 10:44
  • 3
    @RobinGreen: Assume that the resource is represented in XML with the requirement that there is at most one <name> element. If the PATCH adds a <name> element to a resource the originally didn't contain one, then applying the PATCH twice (or applying it to a resource that already contains a <name>) makes the resource invalid, because it would suddenly contain two <name> elements which is not allowed for such resources. Commented Aug 12, 2015 at 11:41
  • 25
    The first example you gave isn't relevant IMHO as it is idempotent. Example with DELETE which is idempotent, first request: resource existed but has been deleted (returns 2xx), second request: resource doesn't exist and still doesn't exist after the request, returns 4xx. The server state hasn't changed, thus the idempotency. In your example, first request: PATCH from BenFra to JohDoe, resource name was BenFra but now is JohDoe (returns 2xx), second request: PATCH from BenFra to JohDoe, resource name was JohDoe and still is JohDoe (returns 4xx). So this doesn't show PATCH can be nonidempotent. Commented Nov 18, 2016 at 11:05
  • More details here: stackoverflow.com/q/4088350/1225328 Commented Nov 18, 2016 at 11:16
  • 4
    @jamheadart, I have updated the example to use a calculation. Commented Sep 19, 2022 at 8:46
29

PATCH requests describe how to modify a resource, if you apply the same modification twice, the result may not be the same. This is because defining how the modifications are applied is up to you, you have to define the how to interpret the contents.

A PATCH request can be idempotent if you define it to be idempotent.

Idempotent example:

// Original resource
{
 name: 'Tito',
 age: 32
}
// PATCH request
{
 age: 33
}
// New resource
{
 name: 'Tito',
 age: 33
}

Non-idempotent example:

// Original resource
{
 name: 'Tito',
 age: 32
}
// PATCH request
{
 $increment: 'age'
}
// New resource
{
 name: 'Tito',
 age: 33
}

A PATCH request can written in many formats, not just JSON.

In the second example I used a made up syntax for incrementing an attribute. Clearly this is not idempotent, as sending the same request again will result in different object.

Using such a made up syntax is valid according to standards:

The difference between the PUT and PATCH requests is reflected in the way the server processes the enclosed entity to modify the resource identified by the Request-URI. In a PUT request, the enclosed entity is considered to be a modified version of the resource stored on the origin server, and the client is requesting that the stored version be replaced. With PATCH, however, the enclosed entity contains a set of instructions describing how a resource currently residing on the origin server should be modified to produce a new version.

Whether it is restful to use PATCH requests this way is not clear, some people consider it is not, here's a good answer about the issue.

answered Jun 10, 2019 at 0:26
3
  • 1
    This is a much better explanation and should be the accepted answer. OP @seldon, this is your answer, mate. Commented May 1, 2022 at 12:46
  • Completely agree, this is the correct answer @seldon - you should change it to this ! Commented Sep 19, 2022 at 0:45
  • I disagree. the answer @bartvaningenschenau is the answer. Short and to the point. Commented Oct 31, 2024 at 18:41
20

I think clear answer when PATCH in not idempotent is this paragraph from RFC 5789:

There are also cases where patch formats do not need to operate from a known base-point (e.g., appending text lines to log files, or non- colliding rows to database tables), in which case the same care in client requests is not needed.

As RFC specifies that patch contains some "general changes" to the resource, we should look beyond just typical field replacement. If resource is for a counter, then patch can request it's increment, which is clearly not idempotet.

answered Feb 25, 2019 at 17:54
0

GET is supposed to be idempotent. If I implement it on the server, and you rely on it being idempotent, but my implementation isn’t, it’s my fault.

PATCH is not guaranteed to be idempotent. So in the exact same situation, it’s your fault. Of course if I write the client code then I can publish that some specific operations are idempotent, and it would be useful to explain how other operations are not.

answered Sep 20, 2022 at 13:22

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.