Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
02-26-2013, 12:52 PM #1
I understand how to prevent replay attacks - your API user sends the current timestamp along with the API request. When I get the request on my server, I check the timestamp...if it's too old, throw away the request.
This works great if I'm using cURL on my web server or something to post to the API, because I can rely on the server time. How does this work if I want to post to the API directly from JS, though? I can't rely on the client time and I don't want to have to send the server time down from PHP and store it in JS.
Assume this is all over SSL. Thanks!
Last edited by bacterozoid; 02-26-2013 at 01:04 PM.
02-26-2013, 01:04 PM #2