help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HTTPS required starting Monday, Nov 3, 2014

‎08-04-2014 14:37 - edited ‎11-03-2014 11:20

‎08-04-2014 14:37 - edited ‎11-03-2014 11:20

This is a 90 day notice of a potentially breaking change.

 

On Monday, November 3, 2014, connections to api.fitbit.com will be restricted to HTTPS connections only. TLS ("SSL") will be required to use all api.fitbit.com endpoints, including all steps of OAuth.

 

TLS creates a secure communication channel between your application and Fitbit's API. If your application uses plaintext HTTP connections to access the Fitbit API, you need to update it to use HTTPS immediately.

 

For most applications, changing "http://" to "https://" on requests to api.fitbit.com and redirects to www.fitbit.com is all that is necessary to comply with this requirement.

 

The Fitbit API will return a HTTP 400 or 403 error to all non-HTTPS requests starting on November 3, 2014.

 

A "blackout test" will be performed on Tuesday, October 7, 2014, between 8–9 AM PDT. Non-HTTPS requests will fail for a brief period of time. This time will be announced here and at https://status.fitbit.com/ .

 

If you have questions about securely connecting to https://api.fitbit.com, please post them here.

Best Answer
Labels:
46 REPLIES 46

‎11-06-2014 21:11

In response to SunsetRunner

‎11-06-2014 21:11

Hi,

 

I Changed the new fitbitphp.php but it still not working, and I created a new issue on github as well.

 

Here is issue URL - https://github.com/heyitspavel/fitbitphp/issues/17

 

Kindly look into this.

Best Answer
0 Votes

‎11-11-2014 09:54

‎11-11-2014 09:54

Can you please release the master (1.0.26) version of the Fitbit4J API that has the https updates?  I’d prefer to leverage the released version.

 

Thanks,

Brad

Best Answer
0 Votes

‎11-11-2014 12:15

In response to JeremiahFitbit

‎11-11-2014 12:15

well, partial success anyway.  It is working on my development workstation but not from our test server.   It is not failing for OAuth, It is failing for a web exception...  Has anyone seen the error below ?

 

caught web exception.System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

 


at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.TlsStream.CallProcessAuthentication(Object state)
at System.Threading.ExecutionContext.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetResponse()
at OAuth.Net.Consumer.OAuthRequest.GetResource(NameValueCollection parameters, String contentType, Stream bodyStream)
at OAuth.Net.Consumer.OAuthRequest.GetResource(NameValueCollection parameters)
at OAuth.Net.Consumer.OAuthRequest.GetResource()
at FidbitAPI.DotNETClient.FitbitClient.Page_Load(Object sender, EventArgs e) in C:\inetpub\wwwroot\FitbitAPI-dotNET-Client-3\FitbitClient.aspx.cs:line 145

Best Answer
0 Votes

‎11-11-2014 12:17 - edited ‎11-11-2014 12:21

In response to healthpartners

‎11-11-2014 12:17 - edited ‎11-11-2014 12:21

@healthpartners wrote:

Can you please release the master (1.0.26) version of the Fitbit4J API that has the https updates?  I’d prefer to leverage the released version.

 

Thanks,

Brad

I've attached a copy of it to this post.

https://www.dropbox.com/s/iz06w4tpo9qfql9/fitbit4j-1.0.26.jar?dl=0

 

It would be ideal if you can compile it yourself as the Fitbit4J library is deprecated and if you continue to use it, you may need to make changes/additions yourself.

Best Answer
0 Votes

‎11-15-2014 10:34

‎11-15-2014 10:34

I finally got my Fitbit Data google spreadsheet to work with the help of this:  https://github.com/loghound/Fitbit-for-Google-App-Script/commit/ea9242220489f2f3309d7560d404f281d482...

 

My original spreadsheet was created based on this: http://vimeo.com/26338767, but now updated with the above info to have the https modifications. 

 

Just thought I'd share. . . .

 

 

 

Best Answer
0 Votes

‎01-19-2015 05:41

In response to SunsetRunner

‎01-19-2015 05:41

Hey Dan,

 

I've downloaded your jar, and uploaded it to my remote artifactory server. but when i'm trying to mvn install my project which depeneds on it, i get :

 

"Failed to read artifact descriptor for com.fitbit:fitbit4j:jar:1.0.26: Failure to find com.fitbit:fitbit-parent:pom:1.0.26-SNAPSHOT in <my artifactoty> was cached in the local repository"

 

Any clue how to resolve this issue ?

Best Answer
0 Votes

‎01-22-2015 08:36

In response to David_Ben-Ari

‎01-22-2015 08:36

You should be able to get the parent pom from https://github.com/Fitbit/fitbit4j

Ivan Bahdanau
Senior Software Developer at Fitbit
Best Answer
0 Votes