API Extra Security Layer with Timestamp Protection using Laravel

Been reading on improving Rest API security. Some idea point out that put a timestamp on every API request would be good. This will prevent very basic replay attacks from people who are trying to brute force your system without changing this timestamp.

So i came out just simple solution using Middleware to validate HTTP header request.

Specify header

Define constant what would be the HTTP header name should be send by API

const TIMESTAMP = 'X-Timestamp';

Check timestamp range

Lets say we only accept timestamp different range less than 30 seconds only

now()->diffInSeconds(Carbon::parse($timestamp)) < 30


It would be something like this.

That’s it 😁. Simple solution from me. Thank for your time