Solved: Notifications sending a bad signature?

etheriau · ‎01-31-2018

Hi--

Starting about 2 hours ago, most requests we are receiving for notifications are containing an invalid signature. This also happened twice earlier this month, but the problem subsided within a half hour, but this time its ongoing. There have been no changes on on end regarding this in any of these cases, so I must assume a rogue notification sender or updated algorithm? Please advise. Thanks.

Eric

IoanbsuFitbit · ‎02-13-2018

Yes, the push notification signature issue has been fixed.

Please feel free to turn signature verification back on.

View best answer in original post

FedericoArg · ‎01-31-2018

We are also experiencing the same issue. We have been receiving random or sporadically Invalid Signatures since January 23.

Periods where we received Invalid Signatures:

- January 23 from 10:00AM to 11:00AM (Pacific Time)

- January 24 from 10:00AM to 10:43AM (Pacific Time)

- January 31 from 10:20AM to 12:15PM ongoing (Pacific Time)

The last occurrence is an ongoing issue which ended disabling our Subscriber.

Please review this issue and provide any feedback ASAP.

RoxanaF · ‎01-31-2018

We are also encountering the same issue. We are getting these 'invalid' requests as of 13:22 EST today and no Fitbit data gets processed (since we reject the 'invalid' request)

Kiriya · ‎01-31-2018

We are expriencing the same issue, it has only started happening today for us at 2018-01-31 18:50:09:050 +0000

IoanbsuFitbit · ‎01-31-2018

Can you please make sure that the client secret for your app that is specified at dev.fitbit.com is still up to date?

RoxanaF · ‎01-31-2018

@IoanbsuFitbit - what do you mean by "is still up to date"? we made no changes to the application. Why would the secret change?

EricTheriault · ‎01-31-2018

Hi--

There have been 0 changes in our account OR our code in when these issues have occurred. The only changed that has occurred is that because of this issue, we were disabled twice -- I've re-enabled now twice. Our outages map exactly to the first poster's dates and times, so it seems like the likely issue is something on Fitbit's end. Can you confirm and resolve? Thanks!

Eric

IoanbsuFitbit · ‎01-31-2018

We are working on fixing the issue. We will notify when it is resolved. The quick fix on your end you can do for now is disable signature validation.

Apologies for any inconvenience.

RoxanaF · ‎01-31-2018

thank you! Please let us know when it's safe to enable signature validation once again

devomate · ‎01-31-2018

Yes please do let us know when we can re-enable signature checking. Disabling for now. Appreciate prompt responses in this thread 👍👍👍

devomate · ‎02-13-2018

Hi hi hi,

Can we turn verification of signatures back on yet?

Thanks 😄

James

RoxanaF · ‎02-13-2018

Fitbit fixed the issue and we have re-enabled signature verification already. I can confirm it's been working as expected for the past week for us. Had no issues since we re-enabled it.

IoanbsuFitbit · ‎02-13-2018

Yes, the push notification signature issue has been fixed.

Please feel free to turn signature verification back on.

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

Notifications sending a bad signature?

etheriau

IoanbsuFitbit

FedericoArg

RoxanaF

Kiriya

IoanbsuFitbit

RoxanaF

EricTheriault

IoanbsuFitbit

RoxanaF

devomate

devomate

RoxanaF

IoanbsuFitbit