Scopes & Access
developer.dexcom is designed to get developers up and running with as little friction as possible. The diagram below shows an overview of the process:
A detailed explanation of the data environments, scopes, and access levels available follows.
The majority of the site—including the Docs, News, Gallery, and most of Support—are available without registration. Registration is simple and free, however, and provides access to app credentials and Support Requests. It is also the first step towards launching your app in primetime. Any developer who registers through developer.dexcom is considered a Registered Developer. A minimal amount of information is collected during the registration process, including name, email, username, password, and acceptance of the Registered Developer Agreement. There is no review process or delay for becoming a Registered Developer. Upon completing registration, Registered Developers gain:
- The ability to create and manage apps
- Access to app credentials for making API requests
- The ability to submit feedback and question through the Support Requests section
There are two data environments that can be accessed using the Dexcom API—the sandbox and production environments. The sandbox environment contains a small set of simulated user accounts that do not correspond to real users. A detailed description of the sandbox environment, including characterization of specific user data, is located in the Sandbox Data section. The production environment holds Dexcom user data, which is automatically uploaded from the Dexcom G5® and G6® Mobile Apps or manually uploaded from a receiver using the Dexcom CLARITY® uploader.
Please note that the Dexcom API enables developers to connect their apps with Dexcom CGM data, but it does not automatically grant these apps access to Dexcom user data. Within an app, developers implement a mechanism for users to connect their Dexcom account to the app, which requires user authentication and HIPAA authorization (via OAuth 2.0) for data access to occur. The workflow for this process is detailed in the Authentication section. Data privacy is paramount, and use of third-party applications by Dexcom users is opt-in. Users can revoke their authorization at any time at Dexcom.com by signing in to their account and changing their authorizations in Permissions. Dexcom will promptly terminate providing further personal information to the client application, but any information previously provided to the developer's app will not be affected by this revocation.
Currently, only US Dexcom users are able to connect apps with their data through the Dexcom API.
The five scopes of data access are:
- Estimated Blood Glucose Levels
- Calibration Data
- Events Entry Data
- Device Details
- CGM Statistics
These are explicitly listed in the HIPAA statement presented to the user during the OAuth 2.0 process. There is currently no way for developers to request a subset of these scopes, nor may a user choose to authorize access to only a subset of these scopes. All scopes are available in both data environments.
Each app has the ability to make API requests to both the sandbox and production data environments. When targeting the sandbox environment, the base URL and user credentials specified in the Sandbox Data section should be used. For the production environment, apps are initially granted limited access, allowing them to have up to 20 authorized users. This allows developers who are also Dexcom CGM users to connect their data with their prototype apps immediately. This also enables Registered Developers to test their prototype apps with multiple users. As described above, this data access still requires user authentication and HIPAA authorization via the OAuth 2.0 process described in the Authentication section.
Applying for Full Access
When you're ready to distribute your app publicly via an app marketplace (e.g. Apple App Store, Google Play Store, etc) or other venue for app discovery and download by users, it's time to apply for Full Access. This is accomplished in the My Apps section of developer.dexcom by clicking on the "Apply for Upgrade" link within an app's profile. Apps with Full Access privileges are not subject to the authorized user limitation.
The basic process to upgrade an app's access:
- Click on the "Apply for Upgrade" link within an app's profile
- Complete and submit the Full Access Request form; be sure to carefully review the Data Partner Agreement as it differs from and expands on the Registered Developer Agreement
- Dexcom will review your application and contact you if further details or clarification are required
- After completing the review process, Dexcom will notify you and change the status in the app's profile
Here are some best practices for completing the Full Access Request form:
- We're looking for a clear description of what the app does, including
- description of the envisioned product/service
- who are the targeted end users
- why CGM data are needed to enable this product/service
- how the data will be used in the product/service and how it will be displayed to the end user
- how you plan to use the Dexcom branding in your app
- A text box is available, but consider attaching a PDF instead
- Demo videos, images, and UI mock-ups are preferred over text descriptions
- Make sure that the contact information is up-to-date
Note that the review and upgrade only applies to a specific app, not for all apps owned by a developer. Each app must undergo its own upgrade application, and each upgrade application is considered independently of any other app owned by that developer.
Developers are responsible for ensuring that their apps comply with all applicable regulations. Some additional information on relevant US regulations can be found at the FDA's Digital Health site.
If you have any questions regarding this process, please submit your inquiries through the Support Requests form.
After the Upgrade
We'd like to show off what you've created for discovery by Dexcom users and other developers. Apps with Full Access will be represented in the Gallery section of developer.dexcom with a logo and link to where they are available—Apple App Store, Google Play Store, etc. Please note that inclusion in the Gallery should not be considered approval or endorsement of your app by Dexcom.
Additionally, Registered Developers meeting the following criteria are eligible to be Data Partners:
- Adhere to the Data Partner Agreement
- Publish and support at least one app with Full Access for discovery and download by users
- Have at least one active Dexcom user of that app—a user who has connected their Dexcom account to the app—within 60 days of public availability and at any given time thereafter
Why be a Data Partner? Well, you’ve already done most of the work by making a great app and getting it upgraded to Full Access. As a Data Partner, you're eligible for additional potential partnership opportunities, from co-marketing to strategic collaboration, and you can market your company as a Dexcom Data Partner.