Verify timestamp
Code samples for verifying the timestamps of requests.
When Canva sends an HTTP request to an app, it includes a UNIX timestamp (in seconds) of when the request was sent. To protect itself against replay attacks, an app must:
  1. 1.
    Compare the timestamp of when the request was sent with when it was received.
  2. 2.
    Verify that the timestamps are within 5 minutes (300 seconds) of one another.
When the timestamps are not within 5 minutes of one another, the app must reject the request by returning a 401 status code.
This page provides functions in a variety of programming languages to verify timestamps.
For step-by-step tutorials, refer to:

Examples

This section provides examples in the following languages:

Go

1
package main
2
3
import (
4
"fmt"
5
"math"
6
)
7
8
func IsValidTimestamp(sentAtSeconds int, receivedAtSeconds int, leniencyInSeconds int) bool {
9
return int(math.Abs(float64(sentAtSeconds - receivedAtSeconds))) < leniencyInSeconds
10
}
11
12
func main() {
13
// Valid timestamps
14
fmt.Println(IsValidTimestamp(1590980773, 1590980773, 300)) // => true
15
fmt.Println(IsValidTimestamp(1590980773, 1590980523, 300)) // => true
16
fmt.Println(IsValidTimestamp(1590980773, 1590981023, 300)) // => true
17
18
// Invalid timestamps
19
fmt.Println(IsValidTimestamp(1590980773, 1590980273, 300)) // => false
20
fmt.Println(IsValidTimestamp(1590980773, 1590981273, 300)) // => false
21
}
Copied!

Java

1
public class Example {
2
public static void main(String[] args) {
3
// Valid timestamps
4
System.out.println(isValidTimestamp(1590980773, 1590980773, 300)); // => true
5
System.out.println(isValidTimestamp(1590980773, 1590980523, 300)); // => true
6
System.out.println(isValidTimestamp(1590980773, 1590981023, 300)); // => true
7
8
// Invalid timestamps
9
System.out.println(isValidTimestamp(1590980773, 1590980273, 300)); // => false
10
System.out.println(isValidTimestamp(1590980773, 1590981273, 300)); // => false
11
}
12
13
static Boolean isValidTimestamp(Integer sentAtSeconds, Integer receivedAtSeconds, Integer leniencyInSeconds) {
14
return Math.abs(sentAtSeconds - receivedAtSeconds) < leniencyInSeconds;
15
}
16
}
Copied!

JavaScript

1
function isValidTimestamp(
2
sentAtSeconds,
3
receivedAtSeconds,
4
leniencyInSeconds = 300
5
) {
6
return Math.abs(sentAtSeconds - receivedAtSeconds) < leniencyInSeconds;
7
}
8
9
// Valid timestamps
10
console.log(isValidTimestamp(1590980773, 1590980773)); // => true
11
console.log(isValidTimestamp(1590980773, 1590981023)); // => true
12
console.log(isValidTimestamp(1590980773, 1590980523)); // => true
13
14
// Invalid timestamps
15
console.log(isValidTimestamp(1590980773, 1590980273)); // => false
16
console.log(isValidTimestamp(1590980773, 1590981273)); // => false
Copied!

PHP

1
<?php
2
3
function isValidTimestamp(int $sentAtSeconds, int $receivedAtSeconds, int $leniencyInSeconds = 300) {
4
return abs($sentAtSeconds - $receivedAtSeconds) < $leniencyInSeconds;
5
}
6
7
// Valid timestamps
8
var_dump(isValidTimestamp(1590980773, 1590980773)); // => bool(true)
9
var_dump(isValidTimestamp(1590980773, 1590980523)); // => bool(true)
10
var_dump(isValidTimestamp(1590980773, 1590981023)); // => bool(true)
11
12
// Invalid timestamps
13
var_dump(isValidTimestamp(1590980773, 1590980273)); // => bool(false)
14
var_dump(isValidTimestamp(1590980773, 1590981273)); // => bool(false)
15
16
?>
Copied!

Python

1
def is_valid_timestamp(sent_at_seconds, received_at_seconds, leniency_in_seconds = 300):
2
return abs(sent_at_seconds - received_at_seconds) < leniency_in_seconds
3
4
# Valid timestamps
5
print(is_valid_timestamp(1590980773, 1590980773)) # => True
6
print(is_valid_timestamp(1590980773, 1590980523)) # => True
7
print(is_valid_timestamp(1590980773, 1590981023)) # => True
8
9
# Invalid timestamps
10
print(is_valid_timestamp(1590980773, 1590980273)) # => False
11
print(is_valid_timestamp(1590980773, 1590981273)) # => False
Copied!

Ruby

1
def is_valid_timestamp(sent_at_seconds, received_at_seconds, leniency_in_seconds = 300)
2
(sent_at_seconds - received_at_seconds).abs < leniency_in_seconds
3
end
4
5
# Valid timestamps
6
puts is_valid_timestamp(1590980773, 1590980773) # => true
7
puts is_valid_timestamp(1590980773, 1590980523) # => true
8
puts is_valid_timestamp(1590980773, 1590981023) # => true
9
10
# Invalid timestamps
11
puts is_valid_timestamp(1590980773, 1590980273) # => false
12
puts is_valid_timestamp(1590980773, 1590981273) # => false
Copied!

TypeScript

1
function isValidTimestamp(
2
sentAtSeconds: number,
3
receivedAtSeconds: number,
4
leniencyInSeconds: number = 300
5
): boolean {
6
return Math.abs(sentAtSeconds - receivedAtSeconds) < leniencyInSeconds;
7
}
8
9
// Valid timestamps
10
console.log(isValidTimestamp(1590980773, 1590980773)); // => true
11
console.log(isValidTimestamp(1590980773, 1590981023)); // => true
12
console.log(isValidTimestamp(1590980773, 1590980523)); // => true
13
14
// Invalid timestamps
15
console.log(isValidTimestamp(1590980773, 1590980273)); // => false
16
console.log(isValidTimestamp(1590980773, 1590981273)); // => false
Copied!
Last modified 3mo ago
Copy link
Contents
Examples