I have a web app that communicates with a backend server, and the users of the web app are organisations that each have a single login for the entire organisation. The app is meant to be used for example on TV's in the cafeteria to display todays activities and such. However, it also has an "admin" part to it, where the admin can change settings, edit news texts, etc.
My concern is that any of the admins in one of the organisations who know the login details of that organisation might login on a computer, open up Chrome Devtools and start looking at the network traffic to/from the server.
I intend to encrypt the data, so it won't be viewable in plain text. However, another concern is that the admin could save the encrypted data and try to send it to the server at a later time, potentially causing "interesting" results in the cafeteria... for example showing a news text from last year or other pranks ;)
So I got to thinking that it might be a good idea to "expire" the data being sent from the client to the server. One way to do it would be using a separate signature/HMAC based on a timestamp (using for example 30 second intervals to account for minor time delays between client/server). Another, simpler, way to do it would be to include the current timestamp with any data being sent before encrypting it. That way, when the server decrypts the data it can just check to make sure the timestamp is within a reasonable time form the current time.
Example
// Original data
data = '{"bannertext": "Remember that tomorrow is a public holiday, so no work!"}';
// Prepend timestamp
expiringData = '#ts.'+getCurrentTimestamp()+'#' + data;
// Encrypt and send the data
http.post( encrypt(expiringData) );
Since the data and timestamp are encrypted, any user looking at it in Chrome Devtools won't know what it contains. If they save the contents of the request and then try to send it later to trick everybody that there is a holiday tomorrow, it won't work because the server will see that the timestamp is old.
I am wondering if this is a commonly used technique, and if so does it have a specific name? When searching I mostly find stuff about TOTP (Time-based One Time Passwords) and HMAC-signatures with a time component, but not exactly including the timestamp with the data to be encrypted.