(Copied from megathread)
I propose that the Internet Computer provide a way to send some sort of idempotent egress messages. In practice, this would likely be a HTTP request to some external infrastructure.
One use case for this that comes up often is to allow canisters to send email.
@diegop explains some challenges with doing this here: https://www.reddit.com/r/dfinity/comments/p0ndzh/can_the_icp_host_email_apps/h88eg78/?utm_source=share&utm_medium=ios_app&utm_name=iossmf&context=3
I propose that those concerns be addressed by the following process:
- A canister makes a new system API call that is the equivalent of “Please make a HTTP request to X” (specifying appropriate payload, headers, etc)
- The “subnet” (perhaps every node, perhaps every node until some acknowledgement response is received) makes the HTTP request
- The receiver is configured to treat incoming HTTP requests as idempotent, using a request ID as an idempotency token.
- The receiver, depending on the nature of the action, can decide whether to take action once N requests with the same request ID have been received. For something harmless, it may perform the action when receiving the first message and do nothing when receiving subsequent requests with the same request ID. For added security, it may choose to only perform the action after receiving N requests with the same request ID.
In this scenario the receiver is the one actually sending the email, and it is up to them if and when to do so.
I’m sure there is a lot more nuance to this but I hope this straw man proposal isn’t a bad place to start.
Of course, it would be great if the canister could be informed of the response to the HTTP request (or some kind of acknowledgement that it was received)
i.e. the email was successfully sent
We would need to employ idempotency in a similar way for responses/acknowledgements as well.
See also: the Two Generals’ Problem