HTTP POST requests in general are not idempotent - sending the same request multiple times means something different from sending it only once. This can happen if you are using retries to mitigate temporary networking issues. In that case we may receive "the same" request multiple times, and inadvertently create duplicate entities (Loans, PaymentOrders, TransactionRequests etc).
To avoid this problem all POST endpoints support passing an Idempotency-Keyheader. Duplicated POST requests with the same Idempotency-Key header value and request body are effectively ignored, and the response from the first such request is repeated. The key and associated response are only valid for a limited time window after which any late duplicate request will be treated as a new one.
For Idempotency-Key value we suggest using some form of naturally unique identifier. For instance, when creating a new organization you can use create-<registration number> since you will likely never create the organization multiple times. If no natural identifier is available, any random string is fine - for instance a Guid.