// Fitbit recommendation: "If signature verification fails, you should
// respond with a 404"
if !fitbit.CheckSignature(ctx, data, r.Header.Get("X-Fitbit-Signature")) {
+ log.Warningf(ctx, "signature mismatch")
w.WriteHeader(http.StatusNotFound)
return nil
}