09-21-2017 05:41
09-21-2017 05:41
We have a user who is using Fitbit's API to connect to our app. It appears someone changed their email address at Fitbit in, as Fitbit Security said, "the hopes of committing Warranty Fraud".
When our user contacted Fitbit Security Department they said "this sometimes happens when a 3rd party is added access, so maybe your tech guy can do something to better secure the accounts?."
What is this? How does our app's reading of steps (which are sent from Fitbit to our app) cause Fraud and/or the changing of a user's account?
Is there documentation of best practices for preventing this?
Thanks
09-21-2017 09:30
09-21-2017 09:30
This might get better replies from the API board. If I had to guess maybe you're client secret token is exposed?
Honestly I'm just guessing, I'm waiting for my Ionic to come in before I actually try my hand at FB development.