Why does the Web API responds «401 Unauthorized» for a request?

The generated header has a lifetime of 300s and it expires if not used during this time.
Each nonce might be used only once in specific time for generation of the password digest.
By default, the nonce cooldown time is also set to 300s.
This rule is aimed to improve safety of the application and prevent “replay” attacks.

orocrm.com/documentation/2.0/cookbook/how-to-use-wsse-authentication#header-and-nonce-lifetime

Details:

See also: