Security and Access Explained Simply
Nightscout contains sensitive health data, so understanding how access works is important. This page explains security and access in plain English.
You do not need technical knowledge to keep your site secure.
Your Nightscout URL
Your Nightscout URL looks like this:
This is the web address people use to view your site.
Sharing your URL is safe.
Sharing your API Secret is not.
What is the API Secret?
The API Secret is effectively the master password for your Nightscout site.
It allows:
- Full access to your data
- Configuration changes
- Administrative actions
Anyone with your API Secret has full control of your site.
You should never share it publicly or casually.
Public vs private sites
Nightscout can operate in two main modes:
Public site
- Anyone with the URL can view your data
- No login is required
- Useful for personal use or trusted environments
Private site
- Viewing requires authentication
- Recommended for most users
- Controlled via the Nightscout Pro settings
You can change this setting at any time.
Giving others access safely
If caregivers, family members, or clinicians need access:
- Share your Nightscout URL
- Use Nightscout’s authentication features
- Do not share your API Secret
This allows others to view your data without giving them control.
Followers and apps
Follower apps and services usually require:
- Your Nightscout URL
- Sometimes a read-only token
They do not need your API Secret unless explicitly required by trusted setup instructions.
Simple security rules to remember
- Share your URL freely if appropriate
- Keep your API Secret private
- Do not post screenshots showing secrets
- Make your site private if unsure
- Change your API Secret if it is ever exposed
Nightscout Pro handles encryption, certificates, and infrastructure security automatically.
English (UK) 
English 
Polski