Change Fitbit calls from HTTP to HTTPS

[stefangrund]

They're changing the API:

On Monday, November 3, 2014, connections to api.fitbit.com will be restricted to HTTPS connections only. TLS (“SSL”) will be required to use all api.fitbit.com endpoints, including all steps of OAuth. [...] The Fitbit API will return a HTTP 403 error to all non-HTTPS requests starting on November 3, 2014.

[AndiH]

My guess is, to add a line after line 55 of modules/steps/steps_def.php, stating the following:

$fitbit->setEndpointBase('api.fitbit.com', 'www.fitbit.com', true, true)

The last true will also enable https calls to the API (the first true is https for OAuth negotiation, which is on by default).

As far as I see, 'api.fitbit.com' and 'www.fitbit.com' can't be taken from the class itself, as $authHost and $apiHost are private member variables and there are no getters defined. But maybe that's also my limited PHP knowledge speaking…

[AndiH]

Btw, while browsing, I found this small tutorial by the Fitbit guys to create your own PHP call to their API. Might be an alternative which is not 90 kb in size…

[stefangrund]

A more lightweight solution would be great. While writing my thesis I didn't have the time to create my own methods for calling the different APIs. FitbitPHP is a really nice API wrapper, but also too powerful and heavy for our use case and should definitely be replaced in a future update.

[AndiH]

Alright. Maybe I will have a look :).

I encountered another problem this weekend when trying to get the Fitbit module running: I'm missing the OAuth PHP module on my server… I surely can install it, but when it's not default, it limits the audience of the PAPI. Maybe I will find a bit more direct approach? Although I doubt it…

[AndiH]

Someone changed the fitbitphp.php file with default https support just last week: https://github.com/heyitspavel/fitbitphp/commit/be885b20e473e57dafd3aa4b862dd85e4457db83 :)

[stefangrund]

Thank you for the tip, @AndiH. Just updated fitbitphp to the newest version.