Fwd: Fitbit API notice: HTTPS required starting Monday, November 3, 2014

[Bastian Greshake]

I think we should be fine with that, because iirc "fitgem", which we use for communicating with their API uses TLS, but as my laptop is still suffering from its HDD failure I'm not in the position to do some more extensive testing atm (hope to be back at normal productivity next week).

Cheers,
Bastian

---------- Forwarded message ----------
From: <a...@fitbit.com>
Date: 6 August 2014 00:48
Subject: Fitbit API notice: HTTPS required starting Monday, November 3, 2014
To: bgre...@googlemail.com

You are receiving this email because you have registered an application to use the Fitbit API at https://dev.fitbit.com/. This is a 90 day notice of a potentially breaking change to your integration with the Fitbit API.

On Monday, November 3, 2014, connections to api.fitbit.com will be restricted to HTTPS connections only. TLS (“SSL”) will be required to use all api.fitbit.com endpoints, including all steps of OAuth.

TLS creates a secure communication channel between your application and Fitbit’s API. If your application uses plaintext HTTP connections to access the Fitbit API, you need to update it to use HTTPS immediately.

For most applications, changing http:// to https:// on requests to api.fitbit.com and redirects to www.fitbit.com is all that is necessary to comply with this requirement.

The Fitbit API will return a HTTP 403 error to all non-HTTPS requests starting on November 3, 2014.

A “blackout test” will be performed on Tuesday, October 7, 2014. Non-HTTPS requests will fail for a brief period of time. This time will be announced in the API support forum and status page.

If you have questions about securely connecting to Fitbit’s API, please post them in our support forum.

—The Fitbit API Team