Home/Guides/Signature timestamp validation window (Stripe-style)

Signature timestamp validation window (Stripe-style)

Stripe-style signatures combine timestamp and payload. You must parse the tolerance (e.g. five minutes) and reject older events. This prevents replay while allowing clock drift.

Common causes

Timestamp header missing or malformed.
Tolerance too tight for your deployment regions.
Verifying parsed JSON instead of raw body.

How to fix

Use Timestamp Validator to test skew and tolerance.
Compare against current server time in UTC.
Follow provider docs for exact header names.

Use our tool

Validate timestamp

Webhook tester guide: test endpoint, payload, and response
Content parser guide: parse and validate Content-Type header
Fix webhook signature verification fail

All guides