Endpoint Overview


The following endpoints are available from the Dexcom API. For more information on how Dexcom devices generate this data, refer to the CGM introduction, Dexcom product page, and Dexcom product guides.


HTTP Method





Calibration Entries



Data Range



Device Information



Estimated Glucose Values



User-Entered Events



Summary Statistics


The base URL of the endpoints depends on whether the request is targeting the production or sandbox environment.

The base URL for requests made to sandbox data is:


The base URL for requests made to production data is:


To learn more about the difference between these environments and how to gain access, see the Scopes & Access section.

All requests require a valid OAuth 2.0 bearer token; this token is obtained through the process detailed in the Authentication section.

Transport Layer Security

The Dexcom API requires the use of Transport Layer Security (TLS) version 1.2. You will need to verify that your environment supports TLS 1.2 and, if necessary, make appropriate updates.

Request Rate Limits

Request frequency is limited to 60,000 calls per app per hour. If the limit is exceeded, an HTTP 429 response will be returned. If you believe that your application requires additional capacity, send us a note using the Support Requests form.


There are several notions of time to understand when handling and processing CGM data.

Dates and times are formatted according to the ISO 8601 standard.

For the /egvs, /calibrations, /events, and /dataRange endpoints, two separate fields describing time are provided: systemTime and displayTime. systemTime is the UTC time according to the device, whereas displayTime is the time being shown on the device to the user. Depending on the device, this time may be user-configurable, and can therefore change its offset relative to systemTime. Note that systemTime is not "true" UTC time because of drift and/or user manipulation of the devices' clock.

All requests, except those made to the /dataRange endpoint, require two query parameters—startDate and endDate—that specify a time window. This window can be a maximum of 90 days, and any request with a time window greater than 90 days will return a 400 (Bad Request) error. These are ISO 8601-formatted UTC timestamps, and therefore queries are executed against the systemTime field in the corresponding endpoint. The time component may be specified down to milliseconds. Queries are inclusive of startDate and exclusive of endDate.


Where applicable, units are specified within the responses. At the moment, all glucose values are reported in units of mg/dL and trend rates in units of mg/dL/min. Conversion of these values into user-preferred units, such as mmol/L, is the responsibility of the client application.

Data Availability

Data uploaded from the G5® and G6® Mobile applications is available from the Dexcom API with a three-hour delay. Data uploaded directly from a receiver over USB via the Dexcom CLARITY® uploader is available immediately. For more information on this delay, please see the FAQ.


The Dexcom API uses a RESTful architecture to provide programmatic access to authorized user data. This data is available as resources—such as /devices and /egvs—that are accessed using the standard HTTP methods GET and POST. Like most APIs, this one isn't fully RESTful by the strictest definition, but it does follow the common best practices and should be familiar to those who have developed against other web APIs.


The Dexcom API supports JSON. Responses are returned in JSON format, and POST requests require a valid JSON object for the body. Note that, for response fields that do not have a value, the field still appears in the response and null is returned as the value. Nullable fields are identified in the response field tables.

HTTP Response Status Codes

Responses are returned with a corresponding HTTP response status code. Some will be accompanied by additional explanations of the error type or cause.







The request was successful



The requested resource resides under a different URL (used in redirect for authentication purposes)


Bad Request

The request could not be understood by the server



The request requires user authentication


Not Found

The server cannot find anything matching the request URL


Too Many Requests

The request rate limit has been exceeded

500 Internal Server Error The server encountered an unexpected condition which prevented it from fulfilling the request