Platform documentation

How OneTwenty works

OneTwenty is a managed, multi-tenant CGM data platform built for India. This page walks through the full system — from how devices push glucose readings to how the AI layer converts raw data into clinical and patient-facing insights.

Overview

Diabetes management today is fragmented across device manufacturers — Abbott Libre, Dexcom, Medtronic, and Indian-made sensors each export data in proprietary formats. OneTwenty provides a single managed platform that ingests glucose readings from any CGM source, stores them in a normalised format, and exposes them through a unified API consumed by mobile apps, doctor dashboards, ambient displays, and AI-driven health assistants.

The platform is built on a Nightscout-compatible API surface, meaning existing uploaders, widgets, and integrations (xDrip+, Juggluco, Spike App, etc.) work without any modifications. Each customer — an individual patient, a clinic, or a research study — gets a fully isolated tenant environment hosted under their own subdomain.

Design principle

Every part of the system is designed around one constraint: glucose data is personal health information. Isolation is enforced at the infrastructure level before the application layer, not bolted on afterwards.

System architecture

The platform is composed of four logical tiers: device clients that push readings, an edge / routing layer that resolves tenant identity from the incoming hostname, an API tier that validates, normalises and persists data, and an AI layer that runs asynchronously on stored data to produce insights.

CGM uploaders

xDrip+, Juggluco, Spike, custom

Mobile app

Android — patient & caregiver

Doctor portal

Web dashboard — multi-patient

Ambient display

Glucose Clock, widgets

HTTPS / WSS

Edge routing

Wildcard DNS → tenant resolution → TLS termination

▼

API server

FastAPI · Python 3.11 · async

Document store

MongoDB · per-tenant scoped

WebSocket bus

Real-time push to connected clients

▼

AI pipeline

Query synthesis → context assembly → LLM gateway

Request lifecycle

When a client makes any API call, the following sequence runs before any business logic:

DNS resolves the subdomain (patient.onetwenty.dev) to the shared origin via wildcard record.
The Host header is extracted and matched to a tenant record in the routing table.
The API secret or JWT is validated against that tenant's credentials only — cross-tenant auth is architecturally impossible.
A tenant_id claim is attached to the request context and every MongoDB query is scoped to it.

Multi-tenancy & DNS

Every tenant — whether a single patient or a clinic running hundreds of patients — gets a dedicated subdomain. A single wildcard DNS record (*.onetwenty.dev → origin) covers all tenants without any per-customer DNS provisioning.

clinic-apollo.onetwenty.dev→tenant_id: t_apollo_ · isolated data namespace

dr-sharma.onetwenty.dev→tenant_id: t_sharma_ · isolated data namespace

priya.onetwenty.dev→tenant_id: t_priya__ · isolated data namespace

All three resolve to the same origin. Isolation is enforced at the API layer, not network layer.

Why subdomain-per-tenant

Uploader compatibility. Every Nightscout-compatible uploader expects a distinct base URL — subdomains preserve that contract while sharing infrastructure.
Browser cookie isolation. Session cookies and local storage are automatically scoped to the origin. No extra work required.
Operational clarity. Logs, metrics, and alerts can be filtered by hostname without parsing token payloads.

Data plane

The data model centres on two collections: entries (glucose readings, sensor calibration data) and treatments / events (insulin doses, meals, exercise, notes). The API is a strict superset of the Nightscout v1 surface.

Core endpoints

Endpoint	Purpose
GET`/api/v1/entries`	Query glucose entries with date ranges, type filters, and count limits.
GET`/api/v1/entries/current`	Fetch the single most recent reading. Used by widgets and ambient displays.
POST`/api/v1/entries`	Upsert one or more readings. Idempotent — safe to retry on network failure.
GET`/api/v1/treatments`	Retrieve insulin, carb, note and exercise events in a time window.
GET`/api/v1/entries-with-events`	Parallel fetch of entries and treatments in one request — used by reports and AI context assembly.

Normalisation on write

When an entry arrives via POST, the API normalises the timestamp chain before storage: the incoming dateString (ISO-8601 with UTC offset) is parsed, the UTC offset is stored separately as utcOffset, and a canonical UTC sysTime is computed. Upserts are keyed on (sysTime, type, tenant_id) — duplicate uploads from retried connections are silently merged.

# Retrieve the last 24 hours of glucose readings
curl -sS \
  -H "api-secret: <your-secret>" \
  "https://<tenant>.onetwenty.dev/api/v1/entries?hours=24&count=288"

# Combined entries + events for a report window
curl -sS \
  -H "api-secret: <your-secret>" \
  "https://<tenant>.onetwenty.dev/api/v1/entries-with-events\
?start=2025-04-01T00:00:00Z&end=2025-04-08T00:00:00Z"

AI pipeline

The AI layer sits entirely outside the request path. It reads from the same API that clients use, assembles context windows, and produces structured outputs that are stored back as first-class data — not ephemeral chat responses.

Query synthesis

Natural language or UI intent is converted into a structured, tenant-scoped query object before touching the database. The model never has direct database access — it produces a JSON filter that the API validates and executes.

Context assembly

A bounded time window of CGM readings and treatments is fetched via the entries-with-events endpoint. The raw series is compressed into a compact prompt bundle: statistical summaries (TIR, mean, SD), sparse samples at inflection points, and event annotations.

Insight generation

The assembled context is passed to the LLM with a structured output schema. Results include time-in-range commentary, nocturnal trend analysis, correlation between meals/insulin and post-prandial response, and patient-facing action points.

Model gateway

A provider-agnostic gateway handles key rotation, token budgets, retry logic, and PHI redaction. Currently backed by AWS Bedrock — the domain API is fully decoupled from the underlying model vendor.

Agentic flows

The mobile app exposes a conversational interface for logging treatments and querying personal glucose data. The agent follows a propose-confirm-persist pattern — it never writes to the API unilaterally.

Treatment logging

User utterance

"Took 6 units Humalog at 8:30, had 2 rotis and dal for breakfast."

Extraction & structuring

Agent parses intent into two treatment objects: one insulin event and one carb event, with inferred timestamps and amounts.

User confirmation

Structured preview is shown to the user before anything is written. One tap to confirm, one to edit.

API write

Confirmed payload is posted to POST /api/v1/treatments. Auth, validation, and tenancy enforcement happen exactly as for any other write.

Conversational glucose queries

The chat copilot uses the same pipeline: query synthesis (layer 01) determines the time window and filters, context assembly (layer 02) fetches the relevant data, and the LLM answers within that bounded context. A WebSocket subscription optionally keeps the context fresh as new readings arrive during a live session.

Auth & security

Authentication is multi-strategy to support the range of clients — from existing Nightscout uploaders that only support a shared secret to the doctor portal which uses session-based JWT.

Method	Used by
`api-secret` header	CGM uploaders (xDrip+, Juggluco, Spike) — Nightscout-compatible.
Bearer JWT	Mobile app and doctor portal after user authentication.
Subdomain resolution	Combined with either method above to bind requests to a tenant before validation.

Tenant isolation guarantee

The tenant_id is resolved from the incoming hostname before credentials are checked. A valid credential from tenant A cannot access tenant B's data — the query filter is applied unconditionally.

API quick-start — curl examples

Every endpoint accepts an api-secret header for authentication. Your API token and subdomain URL are visible in Settings → API access inside the OneTwenty app. Replace the placeholders below with your values to start integrating immediately.

Finding your credentials

Open the OneTwenty app → tap your profile → Settings → API access. You will see your subdomain URL (e.g. yourname.onetwenty.dev) and a copy button for your API token.