# Timestamp

KwikPaisa APIs require a valid UNIX timestamp in every API request to ensure secure communication and protect APIs against replay attacks and unauthorized request reuse.

The timestamp must be sent in the `X-TIMESTAMP` header for every authenticated API request.

***

## What is X-TIMESTAMP?

`X-TIMESTAMP` represents the current UNIX timestamp in seconds.

KwikPaisa uses this timestamp to:

* Validate request freshness
* Prevent replay attacks
* Verify request authenticity
* Improve API security

***

## Example Header

```http
X-TIMESTAMP: 1778659835
```

## Generate Timestamp

The timestamp should always be generated dynamically before sending an API request.

{% tabs %}
{% tab title="JavaScript" %}

```
const timestamp = Math.floor(Date.now() / 1000);
console.log(timestamp);
```

{% endtab %}

{% tab title="PHP" %}

```
<?php
$timestamp = time();
echo $timestamp;
```

{% endtab %}

{% tab title="Python" %}

```
import time
timestamp = int(time.time())
print(timestamp)
```

{% endtab %}

{% tab title="Node.js" %}

```
const timestamp = Math.floor(Date.now() / 1000);
console.log(timestamp);
```

{% endtab %}

{% tab title="Java" %}

```
long timestamp = System.currentTimeMillis() / 1000;
System.out.println(timestamp);
```

{% endtab %}

{% tab title="Go" %}

```
package main
import (
	"fmt"
	"time"
)
func main() {
	timestamp := time.Now().Unix()
	fmt.Println(timestamp)
}
```

{% endtab %}

{% tab title=".NET (C#)" %}

```
using System;
class Program
{
    static void Main()
    {
        long timestamp = DateTimeOffset
            .UtcNow
            .ToUnixTimeSeconds();
        Console.WriteLine(timestamp);
    }
}
```

{% endtab %}

{% tab title="Flutter / Dart" %}

```
int timestamp = DateTime.now()
    .millisecondsSinceEpoch ~/ 1000;
print(timestamp);
```

{% endtab %}
{% endtabs %}

## Important Notes

* Timestamp must always be generated in UNIX seconds format
* Generate a fresh timestamp for every API request
* Expired timestamps may be rejected
* Server and client system time should remain synchronized
* Reusing old timestamps may invalidate requests

***

## Replay Attack Protection

KwikPaisa validates timestamps to protect APIs against replay attacks.

Replay attacks occur when previously valid API requests are reused maliciously.

Using dynamic timestamps helps:

* Prevent duplicate request execution
* Improve request security
* Validate request freshness

***

## Example API Request

```http
curl 
--request 
POST \
--url 
https://sandbox.kwikpaisa.com/api/v3/pg/order/create \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--header "X-API-KEY: pk_test_xxxxxxxxx" \
--header "X-SIGNATURE: GENERATED_SIGNATURE" \
--header "X-TIMESTAMP: 1778659835" \
--data '{}'
```

***

## Common Errors

### 401 Unauthorized

Possible reasons:

* Expired timestamp
* Invalid timestamp format
* Timestamp mismatch
* Missing `X-TIMESTAMP` header

***

## Best Practices

* Always generate timestamps server-side
* Synchronize server time using NTP
* Never hardcode timestamps
* Generate timestamps immediately before requests
* Validate timestamps while processing webhooks


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developers.kwikpaisa.com/v3-guide/authentication/timestamp.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.