We need to ensure that the time on a device matches the current time when logging requests. We need to do this to ensure that the audit log we generate is unquestionable and can be stood over in confidence as a correct audit.
To do this we would,
1) Have the Android app send a current timestamp with each request. If the phone doesn't have connection then the timestamp is stored alongside the sync queue.
2) For an immediate requests the server checks this timestamp and if it differs by 30 seconds(network latency) then the server throws an error.
3) The app handles this and displays a message asking the user of the phone to update the time on the phone.
API Specs
1) Submit a header called client_timestamp
2) client_timestamp must be UTC and in ISO8601 format
3) client_timestamp must be the current time set on the phone
4) client_timestamp is not required yet but will be checked if submitted
5) If client_timestamp is outside 30 seconds difference than the server's time then the API will return a http status of 417.
6) The app should handle this status for any API call made.
7) The app should display a message asking the user to fix their phone's time.
We need to ensure that the time on a device matches the current time when logging requests. We need to do this to ensure that the audit log we generate is unquestionable and can be stood over in confidence as a correct audit.
To do this we would,
1) Have the Android app send a current timestamp with each request. If the phone doesn't have connection then the timestamp is stored alongside the sync queue. 2) For an immediate requests the server checks this timestamp and if it differs by 30 seconds(network latency) then the server throws an error. 3) The app handles this and displays a message asking the user of the phone to update the time on the phone.
API Specs
1) Submit a header called client_timestamp 2) client_timestamp must be UTC and in ISO8601 format 3) client_timestamp must be the current time set on the phone 4) client_timestamp is not required yet but will be checked if submitted
5) If client_timestamp is outside 30 seconds difference than the server's time then the API will return a http status of 417. 6) The app should handle this status for any API call made. 7) The app should display a message asking the user to fix their phone's time.