Scopes & Access
Overview
This diagram describes the process to become an authorized Dexcom Digital Health Partner:
Registration
The majority of the site—including the Docs, Gallery, and most of Support—are available without registration. Registration is simple and free, however, and provides access to app credentials and Support Requests. It is also the first step towards launching your app commercially. Any developer who registers through developer.dexcom.com is considered a Dexcom Registered Developer. Developer information is collected during the registration process, including name, email, username, password, and acceptance of the Registered Developer Agreement. Upon completing registration, Registered Developers gain:
- The ability to create and manage apps
- Access to app credentials for making API requests
- Access to sandbox data
- The ability to submit feedback and questions through the Support Requests section
Data Environments
Two data environments using the Dexcom API:
- The sandbox environment contains a small set of simulated user accounts that do not correspond to real users. A detailed description of the sandbox environment, including characterization of specific user data, is located in the Sandbox Data section.
- The production environment holds Dexcom user data, which is automatically uploaded from the Dexcom G6 ® , G7 ® , Dexcom ONE and Dexcom ONE+* Mobile Apps or manually uploaded from a receiver using the Dexcom Clarity® uploader.
Sandbox Access
Each app has the ability to make API requests to the sandbox environment. When targeting the sandbox environment, use the base URL and user credentials specified in the Sandbox Data section.
Production Data Access
The Dexcom API enables developers to connect their apps with Dexcom CGM data, but it does not automatically grant these apps access to Dexcom user data in production. Within an app, developers implement a mechanism for users to connect their Dexcom account to the app, which requires user authentication (via OAuth 2.0) and HIPAA authorization for data access to occur. The workflow for this process is detailed in the Authentication section. Data privacy is paramount, and use of third-party applications by Dexcom users is opt-in. Users can revoke their authorization at any time at Dexcom.com by signing into their account and changing their authorizations in Permissions. Dexcom will promptly terminate providing further personal information to the client application, but any information previously provided to the developer's app will not be affected by this revocation.
Scopes
The four scopes of data access are:
- Estimated Blood Glucose Levels
- Calibration Data
- Events Entry Data
- Device Details
These are explicitly listed in the HIPAA statement presented to the user during the OAuth 2.0 process. There is currently no way for developers to request a subset of these scopes, nor may a user choose to authorize access to only a subset of these scopes. All scopes are available in both data environments.
Applying for Limited Access
When your testing with Sandbox data is completed and your app is ready to test with Dexcom users, apply for Limited Access Upgrade within your app’s profile. Navigate to the My Apps section of developer.dexcom and click on the "Apply for Upgrade" link. Alternatively, visit our Partnerships page and complete the Partnership Interest Questionnaire: Partner with Dexcom
- Individual developer — Apply for Limited Access Upgrade within your app’s profile. Navigate to the My Apps section and click on the "Apply for Upgrade" link and select “Individual.”
- Commercial app developer — If you have completed testing with Sandbox data, and would like to access production data, you must submit a request for a commercial partnership. To be considered for a commercial partnership with Dexcom, please visit our Partnerships page and complete the Partnership Interest Questionnaire: Partner with Dexcom
- Research app developer — If you are looking to access the Dexcom Web API for research purposes, clinical studies, etc., please visit our research portal at https://provider.dexcom.com/education-research/research-programs
The process to upgrade to Limited Access:
- Click on the "Apply for Upgrade" link within the app profile.
- Follow the provided instructions to complete and submit a partnership request based on your application’s intended use case.
- Dexcom Strategic Partnerships team will review your application and determine if Dexcom would like to proceed with a Digital Health Partnership.
- If Dexcom declines to authorize your request, you will be notified. If the team decides to authorize your request, you will be sent a standard, non-negotiable Data Licensing Agreement.
- Agree to the Terms & Conditions of the Data Licensing Agreement.
- If your application is authorized, Dexcom will notify you and change the status in the app's profile.
For the production environment, an app with Limited Access can have up to 5 authorized users. This allows developers who are also Dexcom CGM users to connect their data with their prototype app. This also enables developers to test their prototype app with multiple users. As described above, this data access requires user authentication and HIPAA authorization via the OAuth 2.0 process described in the Authentication section.
Applying for Full Access
When you're ready to commercialize your app, you will apply for Full Access within your app’s profile. Navigate to the My Apps section and click on the "Apply for Upgrade" link.
The basic process to upgrade an app's access:
- Click on the "Apply for Upgrade" link within an app's profile.
- Complete and submit the Full Access Questionnaire.
- Dexcom Strategic Partnershiops team will review your application and contact you if further details or clarification are required.
- Once application is complete, Dexcom will setup a technical and commercial review of your app.
- If required, correct any technical implementation errors and/or address any user interface issues identified.
- Once your app passes the Dexcom review process, Dexcom will notify you and change the status in the app's profile.
Note that the review and upgrade apply only to a specific app, not to all apps created by a developer. Each app must undergo its own upgrade application, and each upgrade application is considered independently of any other app owned by that developer.
Developers are responsible for ensuring that their apps comply with all applicable regulations. Some additional information on relevant US regulations can be found at the FDA's Digital Health site.
If you have any questions regarding this process, please submit your inquiries through the Support Requests form.
After the Upgrade
Registered Developers meeting the following criteria are eligible to apply to be Digital Health Partners:
- Adhere to the Data Licensing Agreement
- Publish and support at least one app with Full Access for discovery and download by users
- Have at least one active Dexcom user of that app—a user who has connected their Dexcom account to the app—within 60 days of public availability and at any given time thereafter
Dexcom offers all Authorized Dexcom Digital Health Partners to be represented in the Gallery section with a logo and link to where the apps are available—such as the Apple App Store or Google Play Store. Please note that inclusion in the Gallery should not be considered approval or endorsement of your app by Dexcom.
*Dexcom ONE and ONE+ are only available in select countries.