API Extra Security Layer with Timestamp Protection using Laravel

Been reading on improving Rest API security. Some idea point out that put a timestamp on every API request would be good. This will prevent very basic replay attacks from people who are trying to brute force your system without changing this timestamp.

So i came out just simple solution using Middleware to validate HTTP header request.

Specify header

Define constant what would be the HTTP header name should be send by API

Check timestamp range

Lets say we only accept timestamp different range less than 30 seconds only

Lastly

It would be something like this.

That’s it 😁. Simple solution from me. Thank for your time

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hafiq Iqmal

Tech Lead Back-End Developer | Software Engineer | Laravel Enthusiasts | CTF Newbie | Medium writer