06-05-2014 21:36
06-05-2014 21:36
Fitbit does not support “whitelisting” of its IP addresses. Fitbit reserves the ability to scale its application dynamically to meet demand. Any attempt to whitelist Fitbit's IP addresses will result in your application breaking. Do not do this.
The authenticity of Fitbit's servers can be verified by connecting using HTTPS and validating the TLS certificate. For push requests from the Fitbit Subscriptions API, validate the X-Fitbit-Signature header and utilize forward-confirmed reverse DNS.
05-30-2017 13:34
05-30-2017 13:34
Hi, @JeremiahFitbit. As of 2017-05-30, the links to the Fitbit Wiki require authentication that is not compatible with the rest of the Fitbit Community site. Is there a different way to get this information -- or a way to register for the Fitbit Wiki?
Thanks!
05-30-2017 13:51
05-30-2017 13:51
@mfisher https://dev.fitbit.com/docs/ is where the documentation lives now.
05-31-2017 06:56
05-31-2017 06:56
Thanks for the reply, @AndrewFitbit, but I looked at that site and couldn't find the areas about "validate the X-Fitbit-Signature header" or "utilize forward-confirmed reverse DNS". Is there a way that you could please point me to more specific links or documentation?
05-31-2017 08:08
05-31-2017 08:08
@mfisher Sure, it's under the "Subscriptions" section in the docs.