Use https always

[santervo]

Fitbit api will be restricted to https only from November 3, 2014:

On Monday, November 3, 2014, connections to api.fitbit.com will be restricted to HTTPS connections only. TLS (“SSL”) will be required to use all api.fitbit.com endpoints, including all steps of OAuth.

TLS creates a secure communication channel between your application and Fitbit’s API. If your application uses plaintext HTTP connections to access the Fitbit API, you need to update it to use HTTPS immediately.

For most applications, changing http:// to https:// on requests to api.fitbit.com and redirects to www.fitbit.com is all that is necessary to comply with this requirement.

The Fitbit API will return a HTTP 403 error to all non-HTTPS requests starting on November 3, 2014.

A “blackout test” will be performed on Tuesday, October 7, 2014. Non-HTTPS requests will fail for a brief period of time. This time will be announced in the API support forum and status page.

If you have questions about securely connecting to Fitbit’s API, please post them in our support forum.

[slemiere]

we just received the same email

[whazzmaster]

Fixed by 6596fb5