I have reviewed a lot of information regarding the HMAC approach to securing a RESTful Web API. To prevent a replay attack, the usual recommendation is to use a TimeStamp with a constraint.
But it seems to me that a more straightforward (and fool-proof) approach would be to require a unique time-stamp, where the server accepts a specific time-stamp only once per client, so all requests from a specific client must have a unique time-stamp.
Are there any weaknesses of this TImeStamping approach in comparison to the usual recommendation?