What is a nonce window?

One of the optional settings that is available when generating a new API key is a nonce window.

A nonce window is a short time frame (1 second, 10 seconds, etc.) during which API requests with an invalid nonce (specifically a nonce value lower than a previously used nonce value) will not cause an invalid nonce error (EAPI:Invalid nonce).

The purpose of a nonce window is to overcome nonce errors caused by network inconsistency (such as when API requests arrive in an order different to the order that they were sent due to network latency).

In most situations, the nonce window setting can be kept at its default value of 0 (zero), but in the event that invalid nonce errors are received for no apparent reason, the nonce window setting can be helpful.

The appropriate setting for a nonce window depends upon the resolution of the nonce itself.

Examples for a nonce based upon the current UNIX time in milliseconds (a popular and effective choice for a nonce) would be:

  • a nonce window setting of 5000 allowing a 5 second nonce window,
  • a nonce window setting of 8000 allowing an 8 second nonce window,
  • or a nonce window setting of 500 allowing an 0.5 second nonce window.

Examples for a nonce based upon a simple incrementing counter (1, 2, 3, and so on) would be:

  • a nonce window setting of 30 allowing a 10 second nonce window at a maximum API call rate of 3 calls per second,
  • a nonce window setting of 50 allowing a 5 second nonce window at a maximum API call rate of 10 calls per second,
  • or a nonce window setting of 5 allowing a 5 second nonce window at a maximum API call rate of 1 call per second.