FFreeToolsBox
Open tools
Practical developer guide

Unix Timestamp Seconds vs Milliseconds: The 10-Digit and 13-Digit Trap

A guide to recognizing Unix timestamp units, converting UTC and local time correctly, and avoiding common API, log, and JWT time mistakes.

Updated 2026-05-317 min readOpen Unix Timestamp ConverterWorkflow: API debugging

Key takeaway

The boundary in one sentence

A 10-digit Unix timestamp is usually seconds; a 13-digit value is usually milliseconds. Mixing them can shift dates by decades or create instantly expired tokens.

Updated guidance: use this guide with sanitized examples, compare the before and after state, then verify any production decision in your own environment before copying the result into another system.

Decision checklist

Before you use the related tool

  • Sanitize first: replace secrets, identifiers, and customer data with safe sample values.
  • Check the boundary: decide whether the tool explains, transforms, validates, or only previews data.
  • Compare output: review the before/after state instead of blindly copying generated text.
  • Verify externally: production security, legal, or financial decisions need project-specific validation.
1

The digit-count shortcut

Unix time is often represented as seconds since 1970-01-01T00:00:00Z. Many JavaScript APIs use milliseconds instead. A current seconds timestamp is around 10 digits; a current milliseconds timestamp is around 13 digits.

This shortcut is not a formal guarantee, but it catches many bugs quickly. If a date appears in 1970 or far in the future, check whether the value was interpreted with the wrong unit.

2

JavaScript and APIs

Date.now() returns milliseconds. Many backend APIs, databases, JWT claims, and log formats use seconds. Passing Date.now() directly where seconds are expected can create huge values. Dividing a seconds value by 1000 again can produce a date near 1970.

  • JavaScript Date.now(): milliseconds.
  • JWT exp, iat, nbf: commonly seconds.
  • Some databases store milliseconds, microseconds, or ISO strings.
3

UTC and local display

A timestamp represents an instant. Displaying that instant in UTC or local time changes the human-readable clock time, not the underlying instant. This is why two developers in different time zones may see different local displays for the same value.

When debugging distributed systems, compare UTC first, then local time if user-facing behavior matters.

4

Expiration bugs

Authentication bugs often come from using the wrong unit for exp or nbf. A token may appear expired immediately or valid for far longer than intended. Always check the issuing library documentation and the consuming service expectations.

For user-facing sessions, also account for clock skew between machines. A small tolerance may be intentional, but it should be explicit.

5

Safe workflow

Use a converter to inspect suspicious values in both seconds and milliseconds. Keep sample values anonymized when they come from tokens, logs, or customer events.

Document the unit at every API boundary. A field named expiresAtMs is less ambiguous than expiresAt.