# Timing Security

To ensure secure and time-sensitive request handling, all **SIGNED** endpoints require a timestamp header and may optionally use a validity window.

## **Required Header**

* **`X-CH-TS`**: The UNIX timestamp (in milliseconds) representing the exact moment the request is sent.\
  Example: `1528394129373`

## **Optional Parameter**

* **`recvWindow`** *(query parameter)*:\
  Defines the duration (in milliseconds) for which the request remains valid after the timestamp.
  * Default: `5000` (if not specified)
  * Recommended: `5000` or less for better precision

## **Server Validation Logic**

The server validates your request timestamp using the following logic:

```javascript
javascriptCopyEditif (timestamp < (serverTime + 1000) && (serverTime - timestamp) <= recvWindow) {
  // Accept the request
} else {
  // Reject the request
}
```

> ⏱️ **Note:** If the server detects that your timestamp is more than **1 second ahead** of the server time, the request will be **rejected** — even if it falls within `recvWindow`.

***

## **Why it matters:**

Accurate timing is critical for trading. Network latency and instability can affect request delivery times. Using `recvWindow` helps ensure that requests are **processed within a defined time window**, improving reliability and preventing stale or potentially risky operations.