Security and Privacy

🔒 Security and Privacy Nightscout can be secured so that access to data requires authorization. Public vs private site By default, Nightscout is publicly accessible – anyone who knows your URL can view your CGM data without any authorization. This is convenient for sharing with family and caregivers, but not always desirable. How to make Nightscout completely private? You can require authorization for all operations (including simply viewing data) by setting it in the User Panel under Basic Settings The user can set here: Site privacy – the site can be publicly accessible or private After enabling this option: ✅ The Nightscout site will require an API_SECRET or token to view data ✅ No one without authorization will see your CGM data ✅ Family and caregivers can receive access tokens with selected permissions ⚠️ Make sure that the applications you use (xDrip+, Spike, etc.) support secured Nightscout How to enable private mode on diab.ninja? Log in to the diab.ninja panel Go to the "My instances" tab Click "Settings" next to your instance In the "Security" section, check the option "Private site (require API_SECRET)" Click "Save" Note: After enabling private mode, all applications and people who want access to your data will need to use the API_SECRET or an authorization token. Make sure your applications (xDrip+, smartwatch, etc.) are configured with the correct API_SECRET before enabling this option. Creating tokens for family If you want to share access with family without providing the main API_SECRET, you can create authorization tokens with selected permissions (read-only, adding treatments, etc.). More information in the official Nightscout documentation.