What does "Uniqueness of the key MUST be defined by the resource owner" mean? #34
Description
The document states:
The idempotency key MUST be unique and MUST NOT be reused with another request with a different request payload.
Uniqueness of the key MUST be defined by the resource owner and MUST be implemented by the clients of the resource. It is RECOMMENDED that a UUID {{!RFC4122}} or a similar random identifier be used as an idempotency key.
If we were to remove the sentence "Uniqueness of the key MUST be defined by the resource owner and MUST be implemented by the clients of the resource." would the document be missing important information?
Looking at the first four existing implementations mentioned in the document, there appear to be no hard requirements on the format of the key. One stated that it had to be less than 36 characters, and one suggested using UUID. However, there doesn't seem to be any strict coordination needed. Also, a number of the services don't require the idempotency key to be sent. It appears to be an opt-in feature. The current wording in this document would seem to make those implementations non-compliant.