Been reading on improving Rest API security. Some idea point out that put a timestamp on every API request would be good. This will prevent very basic replay attacks from people who are trying to brute force your system without changing this timestamp.
So i came out just simple solution using Middleware to validate HTTP header request.
Define constant what would be the HTTP header name should be send by API
const TIMESTAMP = 'X-Timestamp';
Check timestamp range
Lets say we only accept timestamp different range less than 30 seconds only
now()->diffInSeconds(Carbon::parse($timestamp)) < 30
It would be something like this.
That’s it 😁. Simple solution from me. Thank for your time