Change Fitbit calls from HTTP to HTTPS
Closed this issue · 6 comments
They're changing the API:
On Monday, November 3, 2014, connections to api.fitbit.com will be restricted to HTTPS connections only. TLS (“SSL”) will be required to use all api.fitbit.com endpoints, including all steps of OAuth. [...] The Fitbit API will return a HTTP 403 error to all non-HTTPS requests starting on November 3, 2014.
My guess is, to add a line after line 55 of modules/steps/steps_def.php, stating the following:
$fitbit->setEndpointBase('api.fitbit.com', 'www.fitbit.com', true, true)The last true will also enable https calls to the API (the first true is https for OAuth negotiation, which is on by default).
As far as I see, 'api.fitbit.com' and 'www.fitbit.com' can't be taken from the class itself, as $authHost and $apiHost are private member variables and there are no getters defined. But maybe that's also my limited PHP knowledge speaking…
Btw, while browsing, I found this small tutorial by the Fitbit guys to create your own PHP call to their API. Might be an alternative which is not 90 kb in size…
A more lightweight solution would be great. While writing my thesis I didn't have the time to create my own methods for calling the different APIs. FitbitPHP is a really nice API wrapper, but also too powerful and heavy for our use case and should definitely be replaced in a future update.
Alright. Maybe I will have a look :).
I encountered another problem this weekend when trying to get the Fitbit module running: I'm missing the OAuth PHP module on my server… I surely can install it, but when it's not default, it limits the audience of the PAPI. Maybe I will find a bit more direct approach? Although I doubt it…
Someone changed the fitbitphp.php file with default https support just last week: pavelrisenberg/fitbitphp@be885b2 :)
Thank you for the tip, @AndiH. Just updated fitbitphp to the newest version.