The SDK retry after payment must send an identical request. Any change to method, path, headers, or body invalidates the request hash binding.
Retry invariants
| Field | Must match |
|---|---|
| HTTP method | Initial request |
| URL path | Initial request |
| Request body | Byte-identical (including JSON key order for hashed bodies) |
| Auth headers | Same bearer token if present |
The SDK handles retry internally — do not intercept and modify the retried request.
What happens on mismatch
If the retried request body differs from the original:
- Request hash verification fails
- Payment may be captured but request rejected
- Error:
payment_verification_failed
Expired requirements
402 responses include expiresAt. If payment takes too long:
- Error:
payment_expired - Retry the original request to get a fresh 402 with new nonce and request hash
Reused transactions
Each 402 nonce is single-use. Reusing a transaction hash:
- Error:
payment_reusedorpayment_replay - Submit a new on-chain transaction with the fresh requirement