Fwd: PLEASE READ: your Fitbit API app will break in 18 days if you do not switch to HTTPS

[Bastian Greshake]

fyi :-)

Begin forwarded message:

From: a...@fitbit.com

Subject: PLEASE READ: your Fitbit API app will break in 18 days if you do not switch to HTTPS

Date: 16 Oct 2014 01:47:18 GMT+2

To: bgre...@googlemail.com

You are receiving this email because you have registered an application to use the Fitbit API at https://dev.fitbit.com/. This is a notice of a potentially breaking change to your integration with the Fitbit API.

On Tuesday, October 7, 2014, Fitbit conducted a “blackout test” that temporarily disabled non-HTTPS access to the Fitbit API. We noticed that your application has not been updated to access the Fitbit API via HTTPS.

On Monday, November 3, 2014, connections to api.fitbit.com will be restricted to HTTPS connections only. TLS (“SSL”) will be required to use all api.fitbit.com endpoints, including all steps of OAuth.

TLS creates a secure communication channel between your application and Fitbit’s API. If your application uses plaintext HTTP connections to access the Fitbit API, you need to update it to use HTTPS immediately.

For most applications, changing http:// to https:// on requests to api.fitbit.com and redirects to www.fitbit.com is all that is necessary to comply with this requirement.

The Fitbit API will return a HTTP 403 error to all non-HTTPS requests starting on November 3, 2014.

If you have questions about securely connecting to Fitbit’s API, please post them in our support forum.

—The Fitbit API Team

[Philipp Bayer]

According to the Fitgem changelog, the latest change two months ago to
0.10.0 forces SSL.
We are currently running 0.8.0. I'll just run a bundle update and that
should solve it.

Cheers,
Philipp

On 16.10.2014 10:46, Bastian Greshake wrote:
> fyi :-)
>
> Begin forwarded message:
>

>> *From: *a...@fitbit.com <mailto:a...@fitbit.com> *Subject: **PLEASE

>> READ: your Fitbit API app will break in 18 days if you do not

>> switch to HTTPS* *Date: *16 Oct 2014 01:47:18 GMT+2 *To:
>> *bgre...@googlemail.com <mailto:bgre...@googlemail.com>
>>
>> /You are receiving this email because you have registered an

>> application to use the Fitbit API at https://dev.fitbit.com/

>> <http://email.fitbit.com/wf/click?upn=CEJ7E4FIDAL-2F3hYeFWpnqNGGZl0J5mK4F1ghthueOBNlgMZCLB4y8kOJnHyleV1hoqA6IziyFtohd1T5TdMY-2B5GRsmFan2rp5NW08RgebUi8dgEvNAzM-2FHamW1y33TQe_pVf8vffZJ8g8zie-2Fmn-2Boy0A6I-2Bw-2BGn1xp-2Fx-2BMrum3wpr9UhjqPrZ4LDGWoR5w2WIx1dnyXbVVddmUHDwm9zPzFcmlJWjwq0L5wYaaFgHGZQH5BWPSlKW0CnxtsU2OXl3s2EXBMl2Lgc1kms-2BlHnuwQBQw-2Bif2r7Gcn-2BUT7uefpyn3wId4gJQ41-2BOtCC8kXX3V9EtiEBvaPkR6UVYXrct-2BA-3D-3D>.

>>
>>
This is a notice of a potentially breaking change to your integration

>> with the Fitbit API./

>>
>> On Tuesday, October 7, 2014, Fitbit conducted a “blackout test”
>> that temporarily disabled non-HTTPS access to the Fitbit API. We
>> noticed that your application has not been updated to access the
>> Fitbit API via HTTPS.
>>
>> On Monday, November 3, 2014, connections to api.fitbit.com

>> <http://api.fitbit.com> will be restricted to HTTPS connections

>> only. TLS (“SSL”) will be required to use all api.fitbit.com

>> <http://api.fitbit.com> endpoints, including all steps of OAuth.

>>
>> TLS creates a secure communication channel between your
>> application and Fitbit’s API. If your application uses plaintext
>> HTTP connections to access the Fitbit API, you need to update it
>> to use HTTPS immediately.
>>
>> For most applications, changing |http://| to |https://| on

>> requests to api.fitbit.com <http://api.fitbit.com> and redirects
>> to www.fitbit.com <http://www.fitbit.com> is all that is

>> necessary to comply with this requirement.
>>
>> The Fitbit API will return a HTTP 403 error to all non-HTTPS
>> requests starting on November 3, 2014.
>>
>> If you have questions about securely connecting to Fitbit’s API,
>> please post them in our support forum

>> <http://email.fitbit.com/wf/click?upn=XuddHarhwqvTXKz0uBI-2BKoY3YwTHepUnMYyUzLiXgmMBnPB86eB2qtySjLEH7fV9xJH94NE8VI-2B6pOzg8FZbQMn7-2F356m6zXXkPEol97s6DdCGxW4I-2BmAJOJSr9bdv9WMmdNtJEDsqzpGlzd6lBFnPVU7l9X1DGFLuO1g8wX62KJNd8ATRqlrYTfDnOECtUopIxNPVQnZaJf4yeZgUKpUQ-3D-3D_pVf8vffZJ8g8zie-2Fmn-2Boy0A6I-2Bw-2BGn1xp-2Fx-2BMrum3wpr9UhjqPrZ4LDGWoR5w2WIx1dnyXbVVddmUHDwm9zPzKIFa-2F-2FSnhgLE2LOoOG5Zc8e7amB3b687wxVv5qa8LSEMAAkACjt3xMzYzmb-2BesjIaNtcnXYAGqPl5x0t18KwoMXv5dd9WUkN2Amcx-2FLvO-2BOivurWR1GlTP8DSV8vPikkA-3D-3D>.
>>
>>
>>
—The Fitbit API Team
>> <http://email.fitbit.com/wf/click?upn=XuddHarhwqvTXKz0uBI-2BKoY3YwTHepUnMYyUzLiXgmOv6PjjXkghU4NLvIDvQ8Sp7bueGelMV8xKHgemZ2tDYYlwib7ixGVuzSCYhyK4PhU3uEbdWvptE9bNMR3vdzoXv8JTcfB7i9-2FwLJO5MZs48N-2FIfedZWVLCkYfb91IdS61DyMMSEcnBBkWhNzK3ojTFoR1Eio5DLPI-2Bcmu-2B3jM-2Fhw-3D-3D_pVf8vffZJ8g8zie-2Fmn-2Boy0A6I-2Bw-2BGn1xp-2Fx-2BMrum3wpr9UhjqPrZ4LDGWoR5w2WIx1dnyXbVVddmUHDwm9zPzAwb7uWX40SXdwQlBXDK7XoHsQ5hbbgXvNATicaa-2BQtKX0q-2BggZIs6e3bac3wQRpAkN9UMt-2FGlYGR2VhyxMul6b8mARYMkHzCb2xFmiBUP-2B8gQvHdRFhMcJCS3OcAvYCRA-3D-3D>
>>
>

[Bastian Greshake]

Great,

thanks a lot. And Mike of SNPedia contacted me. 

I've got pretty steady traffic from that address, using a client which appears to be the mediawiki gateway client in ruby.

"MediaWiki::Gateway/0.6.1"

is that you?

if so, please direct it at bots.snpedia.com not the main site.

The IP he gave is indeed us, so just fixing the request-url to bots.snpedia.com instead of snpedia.com should do the trick. :-)

Cheers,

Bastian

--The Fitbit API Team

<http://email.fitbit.com/wf/click?upn=XuddHarhwqvTXKz0uBI-2BKoY3YwTHepUnMYyUzLiXgmOv6PjjXkghU4NLvIDvQ8Sp7bueGelMV8xKHgemZ2tDYYlwib7ixGVuzSCYhyK4PhU3uEbdWvptE9bNMR3vdzoXv8JTcfB7i9-2FwLJO5MZs48N-2FIfedZWVLCkYfb91IdS61DyMMSEcnBBkWhNzK3ojTFoR1Eio5DLPI-2Bcmu-2B3jM-2Fhw-3D-3D_pVf8vffZJ8g8zie-2Fmn-2Boy0A6I-2Bw-2BGn1xp-2Fx-2BMrum3wpr9UhjqPrZ4LDGWoR5w2WIx1dnyXbVVddmUHDwm9zPzAwb7uWX40SXdwQlBXDK7XoHsQ5hbbgXvNATicaa-2BQtKX0q-2BggZIs6e3bac3wQRpAkN9UMt-2FGlYGR2VhyxMul6b8mARYMkHzCb2xFmiBUP-2B8gQvHdRFhMcJCS3OcAvYCRA-3D-3D>

--
You received this message because you are subscribed to the Google Groups "SNPr development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to snpr-developme...@googlegroups.com.
To post to this group, send email to snpr-dev...@googlegroups.com.
Visit this group at http://groups.google.com/group/snpr-development.
For more options, visit https://groups.google.com/d/optout.

[Philipp Bayer]

OK I changed that too, pushed it, once Travis-CI says it's all good (it
worked on my machine) I'll deploy

On 16.10.2014 15:23, Bastian Greshake wrote:
> Great, thanks a lot. And Mike of SNPedia contacted me.
>
>> I've got pretty steady traffic from that address, using a client
>> which appears to be the mediawiki gateway client in ruby.
>>
>> "MediaWiki::Gateway/0.6.1"
>>
>> is that you?
>>
>> if so, please direct it at bots.snpedia.com

>> <http://bots.snpedia.com> not the main site.

>
> The IP he gave is indeed us, so just fixing the request-url to

> bots.snpedia.com <http://bots.snpedia.com> instead of snpedia.com
> <http://snpedia.com> should do the trick. :-)

>
> Cheers, Bastian
>
>
>
> On 16 Oct 2014, at 15:20, Philipp Bayer <phili...@gmail.com

> <mailto:phili...@gmail.com>> wrote:
>
>> According to the Fitgem changelog, the latest change two months
>> ago to 0.10.0 forces SSL. We are currently running 0.8.0. I'll
>> just run a bundle update and that should solve it.
>>
>> Cheers, Philipp
>>
>>
>>
>> On 16.10.2014 10:46, Bastian Greshake wrote:
>>> fyi :-)
>>>
>>> Begin forwarded message:
>>>
>>>> *From: *a...@fitbit.com <mailto:a...@fitbit.com>
>>>> <mailto:a...@fitbit.com> *Subject: **PLEASE READ: your Fitbit
>>>> API app will break in 18 days if you do not switch to HTTPS*
>>>> *Date: *16 Oct 2014 01:47:18 GMT+2 *To:
>>>> *bgre...@googlemail.com <mailto:bgre...@googlemail.com>
>>>> <mailto:bgre...@googlemail.com>
>>>>
>>>> /You are receiving this email because you have registered an
>>>> application to use the Fitbit API at https://dev.fitbit.com/
>>>> <http://email.fitbit.com/wf/click?upn=CEJ7E4FIDAL-2F3hYeFWpnqNGGZl0J5mK4F1ghthueOBNlgMZCLB4y8kOJnHyleV1hoqA6IziyFtohd1T5TdMY-2B5GRsmFan2rp5NW08RgebUi8dgEvNAzM-2FHamW1y33TQe_pVf8vffZJ8g8zie-2Fmn-2Boy0A6I-2Bw-2BGn1xp-2Fx-2BMrum3wpr9UhjqPrZ4LDGWoR5w2WIx1dnyXbVVddmUHDwm9zPzFcmlJWjwq0L5wYaaFgHGZQH5BWPSlKW0CnxtsU2OXl3s2EXBMl2Lgc1kms-2BlHnuwQBQw-2Bif2r7Gcn-2BUT7uefpyn3wId4gJQ41-2BOtCC8kXX3V9EtiEBvaPkR6UVYXrct-2BA-3D-3D>.
>>>>
>>>>
>>
>>>>
This is a notice of a potentially breaking change to your integration
>>>> with the Fitbit API./
>>>>
>>>> On Tuesday, October 7, 2014, Fitbit conducted a "blackout
>>>> test" that temporarily disabled non-HTTPS access to the
>>>> Fitbit API. We noticed that your application has not been
>>>> updated to access the Fitbit API via HTTPS.
>>>>
>>>> On Monday, November 3, 2014, connections to api.fitbit.com

>>>> <http://api.fitbit.com> <http://api.fitbit.com> will be

>>>> restricted to HTTPS connections only. TLS ("SSL") will be
>>>> required to use all api.fitbit.com <http://api.fitbit.com>
>>>> <http://api.fitbit.com> endpoints, including all steps of
>>>> OAuth.
>>>>
>>>> TLS creates a secure communication channel between your
>>>> application and Fitbit's API. If your application uses
>>>> plaintext HTTP connections to access the Fitbit API, you need
>>>> to update it to use HTTPS immediately.
>>>>
>>>> For most applications, changing |http://| to |https://| on
>>>> requests to api.fitbit.com <http://api.fitbit.com>
>>>> <http://api.fitbit.com> and redirects to www.fitbit.com

>>>> <http://www.fitbit.com> <http://www.fitbit.com> is all that

>>>> is necessary to comply with this requirement.
>>>>
>>>> The Fitbit API will return a HTTP 403 error to all non-HTTPS
>>>> requests starting on November 3, 2014.
>>>>
>>>> If you have questions about securely connecting to Fitbit's
>>>> API, please post them in our support forum
>>>> <http://email.fitbit.com/wf/click?upn=XuddHarhwqvTXKz0uBI-2BKoY3YwTHepUnMYyUzLiXgmMBnPB86eB2qtySjLEH7fV9xJH94NE8VI-2B6pOzg8FZbQMn7-2F356m6zXXkPEol97s6DdCGxW4I-2BmAJOJSr9bdv9WMmdNtJEDsqzpGlzd6lBFnPVU7l9X1DGFLuO1g8wX62KJNd8ATRqlrYTfDnOECtUopIxNPVQnZaJf4yeZgUKpUQ-3D-3D_pVf8vffZJ8g8zie-2Fmn-2Boy0A6I-2Bw-2BGn1xp-2Fx-2BMrum3wpr9UhjqPrZ4LDGWoR5w2WIx1dnyXbVVddmUHDwm9zPzKIFa-2F-2FSnhgLE2LOoOG5Zc8e7amB3b687wxVv5qa8LSEMAAkACjt3xMzYzmb-2BesjIaNtcnXYAGqPl5x0t18KwoMXv5dd9WUkN2Amcx-2FLvO-2BOivurWR1GlTP8DSV8vPikkA-3D-3D>.
>>>>
>>>>
>>>>
>>
>>>>
--The Fitbit API Team
>>>> <http://email.fitbit.com/wf/click?upn=XuddHarhwqvTXKz0uBI-2BKoY3YwTHepUnMYyUzLiXgmOv6PjjXkghU4NLvIDvQ8Sp7bueGelMV8xKHgemZ2tDYYlwib7ixGVuzSCYhyK4PhU3uEbdWvptE9bNMR3vdzoXv8JTcfB7i9-2FwLJO5MZs48N-2FIfedZWVLCkYfb91IdS61DyMMSEcnBBkWhNzK3ojTFoR1Eio5DLPI-2Bcmu-2B3jM-2Fhw-3D-3D_pVf8vffZJ8g8zie-2Fmn-2Boy0A6I-2Bw-2BGn1xp-2Fx-2BMrum3wpr9UhjqPrZ4LDGWoR5w2WIx1dnyXbVVddmUHDwm9zPzAwb7uWX40SXdwQlBXDK7XoHsQ5hbbgXvNATicaa-2BQtKX0q-2BggZIs6e3bac3wQRpAkN9UMt-2FGlYGR2VhyxMul6b8mARYMkHzCb2xFmiBUP-2B8gQvHdRFhMcJCS3OcAvYCRA-3D-3D>
>>>>
>>>
>>
>>
>>>>
--
>> You received this message because you are subscribed to the
>> Google Groups "SNPr development" group. To unsubscribe from this
>> group and stop receiving emails from it, send an email to
>> snpr-developme...@googlegroups.com

>> <mailto:snpr-developme...@googlegroups.com>. To post

>> to this group, send email to snpr-dev...@googlegroups.com

>> <mailto:snpr-dev...@googlegroups.com>. Visit this group at

[Bastian Greshake]

Thanks, Mike will be happy to hear that. :-)

> To unsubscribe from this group and stop receiving emails from it, send an email to snpr-developme...@googlegroups.com.
> To post to this group, send email to snpr-dev...@googlegroups.com.