API Extra Security Layer with Timestamp Protection using Laravel

Been reading on improving Rest API security. Some idea point out that put a timestamp on every API request would be good. This will prevent very basic replay attacks from people who are trying to brute force your system without changing this timestamp.

Image for post
Image for post

So i came out just simple solution using Middleware to validate HTTP header request.

Specify header

Define constant what would be the HTTP header name should be send by API

const TIMESTAMP = 'X-Timestamp';

Check timestamp range

Lets say we only accept timestamp different range less than 30 seconds only

now()->diffInSeconds(Carbon::parse($timestamp)) < 30

Lastly

It would be something like this.

Thats it 😁. Simple solution from me. Thank for your time

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store