Data4Diabetes Resource Server

A CGM (Continuous Glucose Monitoring) resource server that exposes anonymized/pseudonymized continuous glucose monitoring data collected from diabetic users' glucose sensors. Intended for use by research organisations and pharmaceutical companies.

Features

• Access Token Validation: All API endpoints validate access tokens through an external authorization server
• Data Classification: Supports multiple data classification levels:
  • anonymous: Fully anonymized data (no user identifiers)
  • pii: Data with user IDs but no personal information
• Dynamic Data Anonymization: Handlers automatically anonymize or de-anonymize data based on the validated access token's classification
• Comprehensive CGM Data: Includes device ID, user ID, glucose levels, trends, sensor status, battery level, and temperature readings

Architecture

Middleware

The AccessValidationMiddleware intercepts all requests to protected endpoints and:

1. Extracts the access token from the Authorization header
2. Validates it against the authorization server
3. Stores the validation response in HttpContext.Items for handlers to use
4. Returns appropriate error responses for invalid/expired tokens

Endpoints

1. Retrieve CGM Dataset

GET /datasets/cgm

Returns anonymized/pseudonymized CGM sensor data for multiple diabetic users. Requires valid access token.

Response: Array of CGM records

[
  {
    "deviceId": "CGM-DEV-001",
    "userId": "234324",
    "timestamp": "2025-10-16T10:30:00Z",
    "glucoseLevel": 95.0,
    "trend": "steady",
    "sensorStatus": "active",
    "batteryLevel": 85.5,
    "temperature": 36.2
  },
  {
    "deviceId": "CGM-DEV-002",
    "userId": "567890",
    "timestamp": "2025-10-16T10:30:00Z",
    "glucoseLevel": 88.0,
    "trend": "steady",
    "sensorStatus": "active",
    "batteryLevel": 92.0,
    "temperature": 36.1
  }
]

2. Retrieve Individual CGM Data Stream

GET /datasets/cgm/{userId}

Returns anonymized/pseudonymized continuous glucose monitoring data for a single diabetic user identified by their pseudonymised ID.

Parameters:

• userId (path): Pseudonymised user identifier

Response: Array of CGM records for the specified user

[
  {
    "deviceId": "CGM-DEV-001",
    "userId": "234324",
    "timestamp": "2025-10-16T10:30:00Z",
    "glucoseLevel": 95.0,
    "trend": "steady",
    "sensorStatus": "active",
    "batteryLevel": 85.5,
    "temperature": 36.2
  },
  {
    "deviceId": "CGM-DEV-001",
    "userId": "234324",
    "timestamp": "2025-10-16T11:00:00Z",
    "glucoseLevel": 120.0,
    "trend": "rising",
    "sensorStatus": "active",
    "batteryLevel": 85.0,
    "temperature": 36.3
  }
]

CGM Record Schema:

• deviceId: Unique identifier for the CGM device
• userId: Pseudonymised user identifier linked to CGM data
• timestamp: Timestamp of glucose measurement in ISO 8601 format
• glucoseLevel: Measured interstitial glucose level (mg/dL)
• trend: Trend direction - "rising", "steady", or "falling"
• sensorStatus: Operational status - "active", "inactive", "calibrating", or "error"
• batteryLevel: Battery level percentage of the CGM device
• temperature: Skin temperature near sensor (°C)

Running the Server

dotnet run

The server will start on https://localhost:5001 (or as configured).

Testing the API

1. Get CGM Dataset

curl -X GET 'https://localhost:5001/datasets/cgm' \
  -H 'Authorization: Bearer <your-access-token>'

2. Get User-Specific CGM Data

curl -X GET 'https://localhost:5001/datasets/cgm/234324' \
  -H 'Authorization: Bearer <your-user-specific-access-token>'

3. Health Check (No Authentication)

curl -X GET 'https://localhost:5001/health'

API Responses

Success (200 OK)

Returns an array of CGM records matching the request criteria.

Unauthorized (401)

Invalid or missing access token.

Forbidden (403)

• Token does not have permission to access the requested data
• PII classification tokens cannot access anonymous datasets
• Anonymous classification tokens cannot access user-specific data

Not Found (404)

The requested user ID does not exist in the system.

Access Validation Flow

┌─────────┐      ┌──────────────┐      ┌─────────────────┐      ┌─────────┐
│ Client  │─────>│  Middleware  │─────>│  Auth Server    │─────>│ Handler │
└─────────┘      └──────────────┘      └─────────────────┘      └─────────┘
     │                  │                       │                      │
     │  1. Request      │                       │                      │
     │  + Bearer Token  │                       │                      │
     │                  │  2. Validate          │                      │
     │                  │     Token             │                      │
     │                  │                       │  3. Validation       │
     │                  │                       │     Response         │
     │                  │                       │  (classification,    │
     │                  │  4. Store in          │   authorized users)  │
     │                  │     HttpContext       │                      │
     │                  │                       │                      │
     │                  │                       │  5. Process with     │
     │                  │                       │     Classification   │
     │                  │                       │     & Authorization  │
     │                  │                       │                      │
     │  6. Response     │<──────────────────────│──────────────────────│
     │  (CGM Records)   │                       │                      │

OpenAPI Specification

This API conforms to OpenAPI 3.0.3 specification. When running in development mode, you can access the OpenAPI schema at /openapi/v1.json.

API Information:

• Title: Continuous Glucose Monitoring (CGM) Dataset API
• Version: 1.0.0
• Authentication: Bearer token (JWT)