You are receiving this email because you have registered an application to use the Fitbit API at https://dev.fitbit.com/. This is a 90 day notice of a potentially breaking change to your integration with the Fitbit API.
On Monday, November 3, 2014, connections to api.fitbit.com will be restricted to HTTPS connections only. TLS (“SSL”) will be required to use all api.fitbit.com endpoints, including all steps of OAuth.
TLS creates a secure communication channel between your application and Fitbit’s API. If your application uses plaintext HTTP connections to access the Fitbit API, you need to update it to use HTTPS immediately.
For most applications, changing
https:// on requests to api.fitbit.com and redirects to www.fitbit.com is all that is necessary to comply with this requirement.
The Fitbit API will return a HTTP 403 error to all non-HTTPS requests starting on November 3, 2014.
A “blackout test” will be performed on Tuesday, October 7, 2014. Non-HTTPS requests will fail for a brief period of time. This time will be announced in the API support forum and status page.
If you have questions about securely connecting to Fitbit’s API, please post them in our support forum.