In what sense is GET naturally idempotent?
replyThe GET/POST split is the defence (even it's only advisory).
GET-only means every time you hit the back button during an order flow, you might double-order.
GET is not supposed to make changes on the server. The usual idempotent verbs for making changes are PUT and DELETE.
replyOne thing that's confusing, here, is that idempotency only applies for the same request, but the article implies that idempotency is about whether the request contains a specific "idempotency key".
Don't do that, and this problem evaporates.