Security and Access Explained Simply

Nightscout contains sensitive health data, so understanding how access works is important. This page explains security and access in plain English.

You do not need technical knowledge to keep your site secure.

Your Nightscout URL

Your Nightscout URL looks like this:

This is the web address people use to view your site.

Sharing your URL is safe.
Sharing your API Secret is not.

What is the API Secret?

The API Secret is effectively the master password for your Nightscout site.

It allows:

• Full access to your data
• Configuration changes
• Administrative actions

Anyone with your API Secret has full control of your site.

You should never share it publicly or casually.

Public vs private sites

Nightscout can operate in two main modes:

Public site

• Anyone with the URL can view your data
• No login is required
• Useful for personal use or trusted environments

Private site

• Viewing requires authentication
• Recommended for most users
• Controlled via the Nightscout Pro settings

You can change this setting at any time.

Giving others access safely

If caregivers, family members, or clinicians need access:

• Share your Nightscout URL
• Use Nightscout’s authentication features
• Do not share your API Secret

This allows others to view your data without giving them control.

Followers and apps

Follower apps and services usually require:

• Your Nightscout URL
• Sometimes a read-only token

They do not need your API Secret unless explicitly required by trusted setup instructions.

Simple security rules to remember

• Share your URL freely if appropriate
• Keep your API Secret private
• Do not post screenshots showing secrets
• Make your site private if unsure
• Change your API Secret if it is ever exposed

Nightscout Pro handles encryption, certificates, and infrastructure security automatically.