Coinlocally Docs
API Document
API Document
  • Introduction
    • API Basic Information
    • HTTP Error Codes
    • General Information
    • Limits
    • Endpoint Security Type
    • Signature Authentication
    • Timing Security
    • SIGNED Endpoint Example
  • Changelog
  • Spot
    • Public
    • Market
    • Trade
    • Account
  • Futures
    • Public
    • Market
    • Trade
    • Account
  • Margin
  • Withdraw
  • WebSocket
    • Spot
    • Futures
  • Official SDK
  • Enums
  • Error
  • FAQ
Powered by GitBook
On this page
  • Required Header
  • Optional Parameter
  • Server Validation Logic
  • Why it matters:
  1. Introduction

Timing Security

To ensure secure and time-sensitive request handling, all SIGNED endpoints require a timestamp header and may optionally use a validity window.

Required Header

  • X-CH-TS: The UNIX timestamp (in milliseconds) representing the exact moment the request is sent. Example: 1528394129373

Optional Parameter

  • recvWindow (query parameter): Defines the duration (in milliseconds) for which the request remains valid after the timestamp.

    • Default: 5000 (if not specified)

    • Recommended: 5000 or less for better precision

Server Validation Logic

The server validates your request timestamp using the following logic:

javascriptCopyEditif (timestamp < (serverTime + 1000) && (serverTime - timestamp) <= recvWindow) {
  // Accept the request
} else {
  // Reject the request
}

⏱️ Note: If the server detects that your timestamp is more than 1 second ahead of the server time, the request will be rejected — even if it falls within recvWindow.

Why it matters:

Accurate timing is critical for trading. Network latency and instability can affect request delivery times. Using recvWindow helps ensure that requests are processed within a defined time window, improving reliability and preventing stale or potentially risky operations.

PreviousSignature AuthenticationNextSIGNED Endpoint Example

Last updated 17 days ago