What is a Nonce?

What is a Nonce?

The nonce parameter is basically a counter. Imagine that you created a new API key and started the counter at 0. Each time you send a request to our API we require you to submit it with a nonce that is larger than the previous nonce. So the next call your nonce would be 1, then 2, and so forth.

The underlying idea is that perhaps you are sending several requests at the same time and you want to prevent a malicious party from re-sending multiple copies of your previous request (also known as a replay attack). By requiring that a different nonce is sent each time, we are effectively providing replay protection against using forged or even intercepted payloads with older data (as specified by older Nonces). 

Numbers can be skipped in a nonce, but the value can never go backwards or stay the same. Using the current unix timestamp as a nonce is common, because it ensures the value will always increase and never go backwards.

Note: There is no way to reset the nonce counter to a lower value so be sure to use a nonce generation method that won't generate numbers less than the previous nonce. A persistent counter or the current time in hundredths of a second precision or higher is suggested. Too many requests with nonces below the last valid nonce (EAPI:Invalid nonce) can result in temporary bans.