Timing Security

To ensure secure and time-sensitive request handling, all SIGNED endpoints require a timestamp header and may optionally use a validity window.

Required Header

  • X-CH-TS: The UNIX timestamp (in milliseconds) representing the exact moment the request is sent. Example: 1528394129373

Optional Parameter

  • recvWindow (query parameter): Defines the duration (in milliseconds) for which the request remains valid after the timestamp.

    • Default: 5000 (if not specified)

    • Recommended: 5000 or less for better precision

Server Validation Logic

The server validates your request timestamp using the following logic:

javascriptCopyEditif (timestamp < (serverTime + 1000) && (serverTime - timestamp) <= recvWindow) {
  // Accept the request
} else {
  // Reject the request
}

⏱️ Note: If the server detects that your timestamp is more than 1 second ahead of the server time, the request will be rejected — even if it falls within recvWindow.


Why it matters:

Accurate timing is critical for trading. Network latency and instability can affect request delivery times. Using recvWindow helps ensure that requests are processed within a defined time window, improving reliability and preventing stale or potentially risky operations.

Last updated