# Preventing Replay Attacks

To prevent replay attacks, ensure that you check the timestamp included in the request and ignore webhook notifications with older timestamps. Here's how to do it:

Compare the timestamp provided in the `PayNow-Timestamp` header with the current time. If the timestamp is significantly older than the current time (e.g., more than a few seconds or minutes), consider the request invalid and discard it.

{% hint style="info" %}
We recommend ignoring webhook requests older than 5 minutes. Use Network Time Protocol ([NTP](https://en.wikipedia.org/wiki/Network_Time_Protocol)) to make sure that your server's clock is accurate.
{% endhint %}

**You may also store the `event_id` in your database and ignore any duplicate requests with the same ID.** This is useful for ensuring that your server does not handle the same webhook twice.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.paynow.gg/webhooks/preventing-replay-attacks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.