In order to detect replay attacks, you need to provide the current UNIX timestamp in seconds as well as a random 8 alphanumeric characters nonce in the headers of each request you send to the API.

Each timestamp older than 120 seconds on the server clock, as well as each nonce that the server has already received in the past 120 seconds, will result in an authentication error.