> For the complete documentation index, see [llms.txt](https://docs.unix.market/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.unix.market/authentication/nonce-and-replay-protection.md).

# Nonce & Replay Protection

Every signed UniX write request carries `nonce` and `expires_after`. Both are millisecond Unix timestamps and both are signed.

* `nonce` prevents a signed request from being reused.
* `expires_after` limits how long a signed request remains valid if it is delayed before submission.

## Public Signing Fields

| Field            | Meaning                                                                                                                                                                                  |
| ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `signer_address` | Signer address in the HTTP body. The node recomputes `signing_hash`, recovers the signer from `signature`, and rejects the request unless the recovered address equals `signer_address`. |
| `target_address` | Optional target account for Method A requests. If omitted, the target defaults to `signer_address`. Method B does not use this field.                                                    |
| `nonce`          | `uint64` millisecond timestamp. Use the current millisecond timestamp and ensure it is unique within the signer nonce space.                                                             |
| `expires_after`  | `uint64` request expiration timestamp in milliseconds. Examples in this guide use `nonce + 600_000` for a 10-minute validity window.                                                     |
| `signature`      | ECDSA result `{ r, s, v }`. The signature object itself is not signed; it is submitted so the node can recover and verify the signer.                                                    |

## Nonce Rules

| Rule           | Detail                                                                                                                                   |
| -------------- | ---------------------------------------------------------------------------------------------------------------------------------------- |
| Type           | `uint64` millisecond timestamp.                                                                                                          |
| Tracking scope | Per `signer_address`. A user wallet and each Agent Key have separate nonce spaces.                                                       |
| Uniqueness     | Under the same `signer_address`, a nonce must not have been used before.                                                                 |
| Time window    | The nonce must be within `(T - 2 days, T + 1 day)`, where `T` is the block time.                                                         |
| Concurrency    | Concurrent requests from different Agent Keys are independent. Concurrent requests from the same signer must use different nonce values. |
| Expiration     | A request submitted after `expires_after` is rejected even if the nonce itself is otherwise valid.                                       |

## Agent Revocation

When an Agent Key is revoked, the chain records `revoked_at`. If the same Agent address is later re-authorized, any historical transaction with `nonce <= revoked_at` is rejected.

This prevents old signed Agent transactions from becoming valid again after the Agent address is reused.

| Event                            | Effect                                                |
| -------------------------------- | ----------------------------------------------------- |
| Agent first authorized           | The Agent uses its own per-signer nonce space.        |
| Agent revoked                    | Chain records `revoked_at`.                           |
| Same Agent address re-authorized | Any signature with `nonce <= revoked_at` is rejected. |

## Common Failures

| Code    | Meaning                                                                                                                                     |
| ------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
| `10001` | Signature verification failed. The recovered signer does not match `signer_address`, or the signed payload does not match the request body. |
| `10002` | Nonce has already been used or is outside the allowed nonce window.                                                                         |
| `10004` | Transaction expired.                                                                                                                        |


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.unix.market/authentication/nonce-and-replay-protection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.