Idempotency-Key header is required on authenticated POST /v1/intelligence/evaluations calls (omitting it returns 400 missing_idempotency_key). On the anonymous public test surface it is optional but recommended.
409 idempotency_in_flight; wait briefly and retry with the same key.
The JSON body also accepts idempotency_key for testing, but the header is the enterprise contract. If both are present, the header wins.
Standard idempotency semantics apply — 24-hour key retention, 409 idempotency_conflict on key reuse with a different body, X-Idempotent-Replayed: true on replays. See Idempotency.