Endpoint Overview

Endpoints

The following endpoints are available from the Dexcom API. For more information on how Dexcom devices generate this data, refer to the CGM introduction, Dexcom product page, and Dexcom product guides.

 

HTTP Method

Endpoint

Description

GET

/v2/users/self/calibrations

Calibration Entries

GET

/v2/users/self/dataRange

Data Range

GET

/v2/users/self/devices

Device Information

GET

/v2/users/self/egvs

Estimated Glucose Values

GET

/v2/users/self/events

User-Entered Events

POST

/v2/users/self/statistics

Summary Statistics

 

The base URL of the endpoints depends on whether the request is targeting the production or sandbox environment.

The base URL for requests made to sandbox data is:

https://sandbox-api.dexcom.com

The base URL for requests made to production data is:

https://api.dexcom.com

To learn more about the difference between these environments and how to gain access, see the Scopes & Access section.

All requests require a valid OAuth 2.0 bearer token; this token is obtained through the process detailed in the Authentication section.

Transport Layer Security

The Dexcom API requires the use of Transport Layer Security (TLS) version 1.2. You will need to verify that your environment supports TLS 1.2 and, if necessary, make appropriate updates.

Request Rate Limits

Request frequency is limited to 60,000 calls per app per hour. If you believe that your application requires additional capacity, send us a note using the Support Requests form.

Time

There are several notions of time to understand when handling and processing CGM data.

Dates and times are formatted according to the ISO 8601 standard.

For the /egvs, /calibrations, /events, and /dataRange endpoints, two separate fields describing time are provided: systemTime and displayTime. systemTime is the UTC time according to the device, whereas displayTime is the time being shown on the device to the user. Depending on the device, this time may be user-configurable, and can therefore change its offset relative to systemTime. Note that systemTime is not "true" UTC time because of drift and/or user manipulation of the devices' clock.

All requests, except those made to the /dataRange endpoint, require two query parameters—startDate and endDate—that specify a time window. This window can be a maximum of 90 days, and any request with a time window greater than 90 days will return a 400 (Bad Request) error. These are ISO 8601-formatted UTC timestamps, and therefore queries are executed against the systemTime field in the corresponding endpoint. The time component may be specified down to milliseconds. Queries are inclusive of startDate and exclusive of endDate.

Units

Where applicable, units are specified within the responses. At the moment, all glucose values are reported in units of mg/dL and trend rates in units of mg/dL/min. Conversion of these values into user-preferred units, such as mmol/L, is the responsibility of the client application.

Data Availability

Data from the Dexcom API is available with a three-hour delay. This delay is enforced on the data upload time, not on the timestamps of individual data points. The G5® and G6® Mobile applications upload once per hour, so the data will (on average) be 3.5 hours delayed. On the other hand, data uploaded directly from a receiver over USB (via the Dexcom CLARITY® uploader) is available immediately because it is viewed as an active, rather than passive, upload. For more information on this delay, please see the FAQ.

REST

The Dexcom API uses a RESTful architecture to provide programmatic access to authorized user data. This data is available as resources—such as /devices and /egvs—that are accessed using the standard HTTP methods GET and POST. Like most APIs, this one isn't fully RESTful by the strictest definition, but it does follow the common best practices and should be familiar to those who have developed against other web APIs.

JSON

The Dexcom API supports JSON. Responses are returned in JSON format, and POST requests require a valid JSON object for the body. Note that, for response fields that do not have a value, the field still appears in the response and null is returned as the value. Nullable fields are identified in the response field tables.

HTTP Response Status Codes

Responses are returned with a corresponding HTTP response status code. Some will be accompanied by additional explanations of the error type or cause.

 

Code

Text

Description

200

OK

The request was successful

302

Found

The requested resource resides under a different URL (used in redirect for authentication purposes)

400

Bad Request

The request could not be understood by the server

401

Unauthorized

The request requires user authentication

404

Not Found

The server cannot find anything matching the request URL

500 Internal Server Error The server encountered an unexpected condition which prevented it from fulfilling the request