Skip to main content

401 Error, “The request is with a future issuance timestamp (iat)” code: -12

  • Updated

Issue description

This error code typically indicates the JSON Web Token (JWT) supplied with the API user’s request is not yet valid for processing.

  • For SDK users, the JWT “initiated–at” time is defined based on the system time.
  • For users with their own API client implementations, the JWT data is defined by the user’s implementation.

Fireblocks API body response

{"message": "The request is with a future issuance timestamp (iat).", "code": -12}

Python SDK error message

fireblocks_sdk.api_types.FireblocksApiException: Got an error from fireblocks server: {"message": "The request is with a future issuance timestamp (iat).", "code": -12}

JavaScript SDK error response

response: {
status: 401,
statusText: 'Unauthorized',
headers: {
server: 'nginx',
date: ‘Tue, 28 Feb 2023 20:58:37 GMT’,
'Content-Type': 'application/octet-stream',
'content-length': '79',
'content-type': 'application/json',
connection: ‘keep-alive’
},
config: <REMOVED_CONFIG_DATA>,
request: <REMOVED_REQUEST_DATA>,
data: { "message": "The request is with a future issuance timestamp (iat).", 
"code": -12 }
}

Resolution

SDK Users

As the SDK uses the system time to define the JWT expiration time (iat field), the cause of the error is likely the system time being out of sync. Check your NTP server configuration or local time settings to ensure that the system time is correctly configured.

If the system time is confirmed to be correct and the problem persists, contact Fireblocks Support.

Custom API Client Implementation

When you have your own API Client implementation, you define your own logic for defining JWT fields, such as the “initiated-at” datetime field (iat). Beyond ensuring that the API Client has an NTP server configuration or local time settings correctly configured, the following checks can be done to ensure iat is set correctly:

  • iat is in NumericDate format (epoch time in seconds)
  • iat is set to the current system time without adding a time offset
  • When inspecting the traffic leaving the network, iat time is within a few seconds of the time the request left the network

If the API Client implementation passes all of the above checks and the problem persists, contact Fireblocks Support.

Was this article helpful?
0 out of 0 found this helpful

Related Articles