01-31-2018 11:53
01-31-2018 11:53
Hi--
Starting about 2 hours ago, most requests we are receiving for notifications are containing an invalid signature. This also happened twice earlier this month, but the problem subsided within a half hour, but this time its ongoing. There have been no changes on on end regarding this in any of these cases, so I must assume a rogue notification sender or updated algorithm? Please advise. Thanks.
Eric
Answered! Go to the Best Answer.
02-13-2018 20:46
02-13-2018 20:46
Yes, the push notification signature issue has been fixed.
Please feel free to turn signature verification back on.
01-31-2018 12:27
01-31-2018 12:27
We are also experiencing the same issue. We have been receiving random or sporadically Invalid Signatures since January 23.
Periods where we received Invalid Signatures:
- January 23 from 10:00AM to 11:00AM (Pacific Time)
- January 24 from 10:00AM to 10:43AM (Pacific Time)
- January 31 from 10:20AM to 12:15PM ongoing (Pacific Time)
The last occurrence is an ongoing issue which ended disabling our Subscriber.
Please review this issue and provide any feedback ASAP.
01-31-2018 12:54
01-31-2018 12:54
We are also encountering the same issue. We are getting these 'invalid' requests as of 13:22 EST today and no Fitbit data gets processed (since we reject the 'invalid' request)
01-31-2018 13:12
01-31-2018 13:12
We are expriencing the same issue, it has only started happening today for us at 2018-01-31 18:50:09:050 +0000
01-31-2018 13:14
01-31-2018 13:14
Can you please make sure that the client secret for your app that is specified at dev.fitbit.com is still up to date?
01-31-2018 13:17
01-31-2018 13:17
@IoanbsuFitbit - what do you mean by "is still up to date"? we made no changes to the application. Why would the secret change?
01-31-2018 13:23
01-31-2018 13:23
Hi--
There have been 0 changes in our account OR our code in when these issues have occurred. The only changed that has occurred is that because of this issue, we were disabled twice -- I've re-enabled now twice. Our outages map exactly to the first poster's dates and times, so it seems like the likely issue is something on Fitbit's end. Can you confirm and resolve? Thanks!
Eric
01-31-2018 13:30
01-31-2018 13:30
We are working on fixing the issue. We will notify when it is resolved. The quick fix on your end you can do for now is disable signature validation.
Apologies for any inconvenience.
01-31-2018 13:32
01-31-2018 13:32
thank you! Please let us know when it's safe to enable signature validation once again
01-31-2018 13:51
01-31-2018 13:51
Yes please do let us know when we can re-enable signature checking. Disabling for now. Appreciate prompt responses in this thread 👍👍👍
02-13-2018 14:45
02-13-2018 14:45
Hi hi hi,
Can we turn verification of signatures back on yet?
Thanks 😄
James
02-13-2018 14:48
02-13-2018 14:48
Fitbit fixed the issue and we have re-enabled signature verification already. I can confirm it's been working as expected for the past week for us. Had no issues since we re-enabled it.
02-13-2018 20:46
02-13-2018 20:46
Yes, the push notification signature issue has been fixed.
Please feel free to turn signature verification back on.