Scopes & Access
Overview
The diagram below shows an overview of the process to becoming an authorized Dexcom Digital Health Partner:
A detailed explanation of the data environments, scopes, and access levels available follows.
Registration
The majority of the site—including the Docs, Gallery, and most of Support—are available without registration. Registration is simple and free, however, and provides access to app credentials and Support Requests. It is also the first step towards launching your app commercially. Any developer who registers through developer.dexcom is considered a Registered Developer. Developer information is collected during the registration process, including name, email, username, password, and acceptance of the Registered Developer Agreement. Upon completing registration, Registered Developers gain:
- The ability to create and manage apps
- Access to app credentials for making API requests
- Access to sandbox data
- The ability to submit feedback and questions through the Support Requests section
Data Environments
There are two data environments that can be accessed using the Dexcom API—the sandbox and production environments. The sandbox environment contains a small set of simulated user accounts that do not correspond to real users. A detailed description of the sandbox environment, including characterization of specific user data, is located in the Sandbox Data section. The production environment holds Dexcom user data, which is automatically uploaded from the Dexcom G6®, G7®, Dexcom ONE and Dexcom ONE+* Mobile Apps or manually uploaded from a receiver using the Dexcom CLARITY® uploader.
Please note that the Dexcom Web API enables developers to connect their apps with Dexcom CGM data, but it does not automatically grant these apps access to Dexcom user data. Within an app, developers implement a mechanism for users to connect their Dexcom account to the app, which requires user authentication and HIPAA authorization (via OAuth 2.0) for data access to occur. The workflow for this process is detailed in the Authentication section. Data privacy is paramount, and use of third-party applications by Dexcom users is opt-in. Users can revoke their authorization at any time at Dexcom.com by signing into their account and changing their authorizations in Permissions. Dexcom will promptly terminate providing further personal information to the client application, but any information previously provided to the developer's app will not be affected by this revocation.
Scopes
The four scopes of data access are:
- Estimated Blood Glucose Levels
- Calibration Data
- Events Entry Data
- Device Details
These are explicitly listed in the HIPAA statement presented to the user during the OAuth 2.0 process. There is currently no way for developers to request a subset of these scopes, nor may a user choose to authorize access to only a subset of these scopes. All scopes are available in both data environments.
Sandbox Access
Each app has the ability to make API requests to the sandbox environment. When targeting the sandbox environment, the base URL and user credentials specified in the Sandbox Data section should be used.
Applying for Limited Access
When you're testing with Sandbox data is completed and you believe your app is ready to test with Dexcom users, apply for Limited Access Upgrade within your app’s profile. Navigate to the My Apps section of developer.dexcom and click on the "Apply for Upgrade" link.
The process to upgrade to Limited Access:
- Click on the "Apply for Limited Access Upgrade" link within an app's profile
- Complete and submit the Limited Access Request form
- After you submit your application, the Dexcom Strategic Partnerships team will review your application and determine if Dexcom would like to proceed with a Digital Health Partnership.
- If Dexcom declines to authorize your request, you will be notified. If the team decides to authorize your request, you will be sent a standard, non-negotiable Data Licensing Agreement
- Agree to the Terms & Conditions of the Data Licensing Agreement
- After Data Licensing Agreement acceptance, Dexcom will notify you and change the status in the app's profile
For the production environment, the app can have up to 20 authorized users. This allows developers who are also Dexcom CGM users to connect their data with their prototype app. This also enables Registered Developers to test their prototype app with multiple users. As described above, this data access requires user authentication and HIPAA authorization via the OAuth 2.0 process described in the Authentication section.
Here are some best practices for completing the Limited Access Request form:
- A clear description of what the app does, including
- Description of the envisioned product/service
- Targeted end users
- Why CGM data are needed to enable this product/service
- How the data will be used in the product/service and how it will be displayed to the end user
- How you plan to use the Dexcom branding in your app
- A text box is available, but consider attaching a PDF instead
- Demo videos, images, and UI mock-ups are preferred over text descriptions
- Your privacy policy must be publicly-posted; see here for Dexcom's privacy policy as an example
- Make sure that the contact information is up-to-date
Note that the review and upgrade only applies to a specific app, not for all apps owned by a developer. Each app must undergo its own upgrade application, and each upgrade application is considered independently of any other app owned by that developer. Marketing or promotion of your app with Dexcom CGM is not permitted during Limited Access.
Applying for Full Access
When you're ready to commercialize your app, you will apply for Full Access within your app’s profile. Navigate to the My Apps section of developer.dexcom and click on the "Apply for Upgrade" link. Apps with Full Access privileges are not subject to the 20 authorized user limitation.
The basic process to upgrade an app's access:
- Click on the "Apply for Full Access Upgrade" link within an app's profile
- Complete and submit the Full Access Request form
- Dexcom will review your application and contact you if further details or clarification are required
- Once application is complete, Dexcom will setup a technical and commercial review of your app.
- If required, correct any technical implementation errors and/or address any user interface issues identified.
- After Data Licensing Agreement acceptance, Dexcom will notify you and change the status in the app's profile
- Once your app passes the Dexcom review process, Dexcom will notify you and change the status in the app's profile
Note that the review and upgrade only applies to a specific app, not for all apps owned by a developer. Each app must undergo its own upgrade application, and each upgrade application is considered independently of any other app owned by that developer.
Developers are responsible for ensuring that their apps comply with all applicable regulations. Some additional information on relevant US regulations can be found at the FDA's Digital Health site.
If you have any questions regarding this process, please submit your inquiries through the Support Requests form.
After the Upgrade
We offer all Authorized Dexcom Digital Health Partners to be represented in the Gallery section of developer.dexcom with a logo and link to where they are available—Apple App Store, Google Play Store, etc. Please note that inclusion in the Gallery should not be considered approval or endorsement of your app by Dexcom.
Additionally, Registered Developers meeting the following criteria are eligible to apply to be Digital Health Partners:
- Adhere to the Data Licensing Agreement
- Publish and support at least one app with Full Access for discovery and download by users
- Have at least one active Dexcom user of that app—a user who has connected their Dexcom account to the app—within 60 days of public availability and at any given time thereafter
*Dexcom ONE and ONE+ are only available in select countries.