mmconnect and 770g in US

[gotpancreas]

Not sure whether this is the right place to post (I’m new to GitHub), but I’ve been trying to set up a new NS instance to connect with my 770g via CareLink and the MiniMed Mobile app. I’ve got NS working fine, but there mmconnect portion seems to be returning a 404 error and I’m not able to see any SGV or pump data in NS. I’ve confirmed that the data appears in CareLink as expected and that my CareLink credentials are correct in mmconnect as well. The login page for CareLink US has recently changed, so I’m wondering if it uses a different server than before (or a problem similar to this)? I’ve read discussion about issues with CareLink EU as well, but not so much about US. I’m happy to provide logs, do testing, or whatever I’m capable of to help this project and make it work!

Thanks for all this community has done so far, and thanks in advance for your help!

[benceszasz]

@gotpancreas a new login method was introduced in the EU during the summer and it was solved very soon, the mmconnect was modified. However there was a small bug in the code, which caused an error in NS if there was a temporary error in CareLink EU. It seems to me, that the same new authentication method was also introduced in the US and thus the mmconnect is not working anymore for US.

@bewest based on this issue and other FB posts in CGM in the Cloud it seems to me that the authentication for CareLink was changed in the US to the same as in the EU. Could you please modify the carelink.js for the US to use the same authentication logic and URLs as EU, but with country code us? As I see it the country code is defined at more places in the code: default value 'gb' for DEFAULT_COUNTRYCODE and also hardcoded in the CARELINKEU_LOGIN_URL url end: country=gb&lang=en. Maybe the country and language parameters in the CARELINKEU_LOGIN_URL should be generated using the CARELINKEU_LOGIN_LOCALE?

[bewest]

Interesting. Fantastic, that actually might make things a bit simpler. Regarding parameters, we/I really need them to be able to be passed in. If you audit the code you'll see that I added some code to inspect and reconstruct URLs based on parameters that are either dynamically generated or passed in at use/run-time. One of the reasons this is important is testing, but another is to safely enable "multitenant" use, where one long lived process might be responsible for validating credentials for many users across the world, and similar use cases where a single process wants to call these functions with slightly different parameters.
Thanks for the notes!

[bewest]

Please see for patches to help fix this issue.

[bewest]

Howdy all, we've had some success with updates on this. The most recent version released contains updates to better handle the undocumented changes from Medtronic. There are some lingering issues having to do with whether or not IP addresses from shared cloud environments, such as Heroku remain blocked due to past activity. The resolution in these circumstances is to obtain a new IP address.

[ondrej1024]

I tried running mmconnect on a Linux PC. I am accessing a Carelink EU account tied to my daughters 780G pump.
It starts and puts out one line:

[MMConnect] Wait 0 seconds before start

After that it just sits there and no data is displayed in NS.
Is there any way I can check what it is doing?

[bewest]

Yes, if you are familiar with environment variables, you can set CARELINK_QUIET=false which should print additional logging messages.

[ondrej1024]

OK, thanks. I must have missed this.
Anyway I get the following message:

2021-01-25T20:51:36.591Z [Arguments] {
  '0':
   'GET data https://carelink.minimed.eu/patient/connect/data?cpSerialNumber=NONE&msgType=last24hours&requestTime=1611607896591' }
2021-01-25T20:51:37.389Z [Arguments] { '0': 'Stale CareLink data: 26860131.62 minutes old' }

But the official Carelink Connect App shows correct data. Any idea?

[ondrej1024]

26860131 minutes are 51 years, so it looks like CareLink reports timestamp of 1970 (unix epoch time 0).

[ondrej1024]

Maybe this is related to this comment and the data from the 780G uploaded with the Minimed Mobile app can actually not be retrieved with the mmconnect plugin.

[gotpancreas]

Hi there. I'm just confirming the same thing that @ondrej1024 reported. I'm on a 770g in the US and I'm also seeing the "Stale CareLink data..." message as well:

2021-01-25T23:20:13.474Z [Arguments] {
  '0': 'GET data https://carelink.minimed.com/patient/connect/data?cpSerialNumber=NONE&msgType=last24hours&requestTime=1611616813474'
}
2021-01-25T23:20:13.939Z [Arguments] { '0': 'Stale CareLink data: 26860280.21 minutes old' }

Also similar to ondrej1024, I'm seeing accurate and up-to-date data in the Minimed Mobile app (iOS) and on CareLink Connect via web:

In case it's helpful, I also get the following result if I change the value of "STALE_DATA_THRESHOLD_MINUTES" in transform.js to something greater than the value shown in the "Stale CareLink data..." error above (in this example, I used "STALE_DATA_THRESHOLD_MINUTES = 27860280"):

2021-01-25T23:28:58.163Z [Arguments] {
  '0': 'Guessed pump timezone +44767100 (pump time: "Feb 20, 2072 22:53:56"; server time: Mon Jan 25 2021 17:28:56 GMT-0600 (Central Standard Time))'

It looks to me like the pump time is being reported differently than we're interpreting it? Please excuse me if this isn't a useful contribution - I'm still quite new to all of this and am simply trying to help get to the bottom of this. If there's anything further that I can do to help the cause, please advise.

[bewest]

So just to be clear, I'm still a little confused.

• Does 770g upload data to Carelink web portal
• Does 780g upload data to Carelink web portal?
• Is recent data from 770g visible in the web portal?
• Is recent data from 780g visible in the web portal?
  What would be helpful is to capture the HTTP traffic used by the web portal.
  Eg, going into the browser developer tab, enabling recording all Network traffic, use the Carelink web portal to view data, then export all Network traffic as HAR. We should be able to use this to see how Carelink web portal fetches and presents the data to their web based display.

If the data is not visible in Medtronic's own web based display, we might have to pursue options other than this bridge.

[gotpancreas]

Does 770g upload data to Carelink web portal

Yes, in my case the 770g connects via BLE to Minimed Mobile app (for me, this is on an iPhone) which then uploads the data to CareLink in real-time (or near real-time).

Is recent data from 770g visible in the web portal?

Yes, the web portal reflects the same real-time data that the app shows (which is also the same as my pump shows).

I can't personally speak for the 780g, but Medtronic has implied that the 770g and 780g use the same hardware (MMT-1880) and that the only difference is software. That is to say, that I should (in the future) be able to update my pump with new software in order to upgrade it to 780g. This hardware commonality leads me to believe that they are quite likely to behave similarly.

@bewest - I will email the HAR file to you since I think it likely contains personally identifiable information.

[ondrej1024]

The way I understand it, this is how the data flows via the Medtronic infrastructure:

The Minimed Mobile app sends new sensor and pump data every 5 mins to the Cloud which can be downloaded and displayed by the Carelink app. However I am not able to see any data on the web portal. I tried this with a web browser both from a PC and Android phone. When going to the "Connect" tab, this message is displayed:

[gotpancreas]

Interesting... this is different than what I'm experiencing. @ondrej1024, it looks like you might be logging in to CareLink Web with a Care Partner account and not the main patient account? The reason I think this is because the icon in the upper right of your screenshot appears different than in my screenshot - and I've seen the same icon as you have whenever I log in using a Care Partner account. I don't know for certain that this would make a difference, but I'm curious to see if using the main patient account would at least let you see Connect data on the web.

To help with clarity, here's what I'm experiencing:

Model: 770g
Location: US (carelink.minimed.com)
Logged in as main patient account: Connect tab shows all data in real time
Logged in as Care Partner account: Connect tab shows all data in real time

I have never seen the message in CareLink web that says "Please download the mobile application...". In a previous post, you mentioned that you're using a 780g and in the EU, and I'm trying to understand whether we're seeing differences because 1) the type of account you're using, 2) location/server (EU), or 3) you're using a 780g.

I wonder if this is simply a privacy/GDPR thing? That is to say that it's working for me in the US, but Medtronic doesn't allow this function for EU users because of privacy laws in the EU?

[ondrej1024]

You are right, when I took the screenshot I was using a Care Partner account. But I have also tried with the patient account and it does not make any difference.

I suspect it could also be a question of the combination of browser and operating system and only a few combinations are allowed. I have tried both Firefox and Chromium on Ubuntu and I get a warning that this is not supported but it let's me log in anyway.

There is a report here that it was seen working only from a mobile phone browser and not from desktop PC. Really confusing 😕

What OS and browser are you using?

[gotpancreas]

I'm having success using Chrome v87.0.4280.141 on Windows 7 and Windows 10, and also using MS Internet Explorer v11.0.9600 on Windows 7.

[ondrej1024]

Now I tried using a user agent switcher with Firefox, posing as a Chrome browser on Windows 10. But that doesn't change the fact that there is no real time data shown on the Carelink site for my account. So there must be some other criteria as you wrote earlier.

I guess it would be really helpful to find out what interface the Carelink Connect app is using to retrieve the data from the Cloud. Probably a proper REST API, unfortunately not documented anywhere.

[mohammed-nep-group]

No indeed wouldn't be documented but if you inspect and follow that page you should see the GET calls and maybe some POSts. because we need only what we see in the website for US. So in fact they could find the corresponding rest calls that are happening from the site --> Carelink Cloud.

[paul1956]

Two different things happen with the 7X0G, every 5 minutes a subset of data is uploaded to the cloud, in the US it can be viewed with mobile browser (Safari...) by logging into patient or caregiver account and it looks (almost) identical to what you see in the app. Every 24 hours all of the data that was uploaded from the 670G is uploaded, it can only be viewed by a computer (not mobile browser) by logging into the same portal as above. After login there are 2 different redirects /home for desktop and something different for Mobile which is also different in EU vs. US. My guess is in EU you would have to mimic whatever Browser ID the App is sending.

[theNateAllen]

Perhaps related to the original problem posted in this thread, I'm having trouble logging in to Carelink. Turning off quiet mode, it looks like we're using the EU URL but I'm based in the US. I've tried with the environment variable MMCONNECT_SERVER absent and set to "US", with no visible difference. Log showing failed logins:
graceallen-carelink-to-ns-logs-1612205335876.txt.

I am able to log in to the Carelink website myself using Chrome and can see current data as I would expect.

Any ideas what I could be doing wrong? Thanks!

[bewest]

@theNateAllen yes. This probably needs better documentation, but please use MMCONNECT_COUNTRYCODE=us as well.

[bewest]

I've noticed that MMCONNECT_COUNTRYCODE needs to be set to an ISO3166 country code that matches the regulatory domain that MMCONNECT_SERVER will use. I have found it's best to set MMCONNECT_SERVER explicitly to the server to be used:

• For United States:

MMCONNECT_SERVER=carelink.minimed.com
MMCONNECT_COUNTRYCODE=us

• Rest of world:

MMCONNECT_SERVER=EU
MMCONNECT_COUNTRYCODE=uk

Hope this helps.
You may be observing bugs in the environment handling logic, apologies.

[theNateAllen]

Thanks @bewest, that got me going. I'm now stopped by the stale data error reported above. Let me know if capturing my network traffic while viewing the Carelink site would be useful.

[bewest]

Is 770g working in other countries or just broken in US? Are other pumps working or broken? It looks like there is an issue with at least getting US data, although looking to confirm what is working vs not.

As I'm digging through the HTTP traces, I'm pretty impressed with Medtronic's system here.

1. https://carelink.minimed.com/patient/users/me/profile provides profile information, critically a field called username (presumably the same as what was used to log in?)
2. https://carelink.minimed.com/patient/countries/settings?countryCode=us&language=en fetching this url provides an object with property blePereodicDataEndpoint, in this case: blePereodicDataEndpoint: "https://clcloud.minimed.com/connect/v2/display/message"
3. https://carelink.minimed.com/patient/users/me fetching this URL after authorized provides a role == CARE_PARTNER in the case I'm looking at.
4. POST to https://clcloud.minimed.com/connect/v2/display/message with a payload of eg { username: "loginuser", role: "carepartner" } finally gives us all the data we expect

[bewest]

In the US, role can be PATIENT, and in EU, it may be PATIENT_OUS when fetching from /me.

[bewest]

I see: there are patient roles and then "Care Partner" roles. Care partner roles must post their authorized role and username to the blePereodicDataEndpoint to get data, otherwise patients can poll their own /patient/connect/data?cpSerialNumber=NONE&msgType=last24hours&requestTime=? That's my current theory, anyway. I still don't quite understand the Careportal Partner vs Connect Patient concepts fully. https://www.youtube.com/watch?v=whTzTItL_i0

[paul1956]

The patient is the person with the pump and running the MiniMed App what uploads some data every 5 minutes and complete data every 24 hours, they authorize Caregivers ("Care Partner") who run a different App each with their own users ID and Password.

[bewest]

@paul1956 yes, in addition there seem to be a whole host of rules attached to these roles. I can see at least PATIENT, PATIENT_OUS, and CARE_PARTNER and that the behavior is different. It looks like patients cannot access real-time web carelink display unless the mobile app is enabled and installed and linked to the account.
However, the carelink patient credentials cannot be used in the app. Rather, in order to activate the mobile app, you must sign up for a new carepartner credentials in the mobile app, and only in the mobile app. From what I can see, it's not possible to create a carepartner in carelink web portal?

This is part of what confuses me, there is a way to link different accounts together for the purposes of sharing. It looks like the minimum path in order to "share with yourself" is to create both carepartner credentials as well as patient carelink credentials. It's important to note that these credentials require different behaviors. mmconnnect only works with "patient carelink credentials", and doesn't yet know how to use carepartner credentials. It looks like the self-patient carelink credential access is mediated by installation of the mobile and linking the new carepartner account to an existing careportal patient account. According to the youtube video, a similar flow is required for each carepartner.

There are other rules as well, it looks like the countrycode matters quite a bit: the patient careportal and carepartner accounts must share the same countrycode. Medtronic only supports Followers inside the same country.

Finally, the new Carelink interfaces include mock or stub responses on some endpoints, it looks like specifically aimed at preventing things depending on the results from crashing while yielding no data. We'll need continued analysis to really gather the full requirements.

Right now it looks like the most reliable mechanism is going to be:

• use credentials in 5 step process to establish initial cookie/token
• lookup /patient/users/me to find the role is set to CARE_PARTNER.
  • if role == 'CARE_PARTNER then GET /patient/countries/settings?countryCode=us&language=en with correct parameters and set the json url to the result of the property blePereodicDataEndpoint in the response.
  • else set the json url to /patient/connect/data ( role should be PATIENT or PATIENT_OUS)
  • fetch data using json url
  • refresh token using token url

It looks like an approach like this should work more consistently without worrying as much about which credentials are used, so long as the countrycode matches. Unfortunately, attempting all country codes could result in locking accounts or worse, so users will need to know and correctly indicate the countrycode of the original patient account at multiple points in the workflow.

[ClifClimber]

@bewest : I'm triying from UE (ES - Sapin) and cannot get data . The login seems correcta, but the minimed-connect-to-NS can't fetch data from Carelink Server .

How can I help you with this issue?

Regards ! !

[amspoke]

HI,

I am not extremely experienced publishing things in GitHub but I have uploaded here my small personal project, to sync carelink connect with your nightscout site. It's a SAM app you can deploy using SAM from AWS. The project should be covered with the AWS free tier. So you will need an AWS account to deploy the sync app. Just give a try and give me feedback please. https://github.com/amspoke/java-carelink-lambda

[ondrej1024]

As of today (after months trouble free of exercise) my carelink-python-client does not connect to the Carelink server anymore. I get the following error message:

Client login error! Response code: 504 Error message: 'sessionID'

Anyone here noticing similar issues ? Medtronic might have done some changes 😟

[mattster98]

Yes - same here. Started a couple hours ago it seems.

Getting an error trying carelink on the web, so I'm hoping it's temporary.

[bewest]

FWIW, I am looking for help moving the logic for plugins like this to https://github.com/nightscout/nightscout-connect. The benefit of nightscout-connect is that features added there will not require changes in Nightscout core.

[lmbigdata]

I'm having the same issue but I can access to carelink.minimed.eu

when it's not working usually this site it's not working also

[ondrej1024]

Carelink Web site and the Carelink connect app are working fine for me. That's what's worrying me.

[mattster98]

They are working for me too now. It's still just nightscout that is having the issue. :(

[bewest]

Is xdrip carelink follower also having issues?

[lmbigdata]

@bewest Yes, xdrip is not working for me

[ondrej1024]

Trying to get the login session I get this "400" error response:

This happens when no headers are sent in the request. If I add any headers, the request times out.

It really looks like (at least) the login procedure has changed.

[benceszasz]

Update HTTP headers used in the request, it seems that Medtronic has put the old ones on banned requests list ? :)
For example (the important is the User-Agent):
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en-US,en;q=0.9
sec-ch-ua: "Chromium";v="112", "Google Chrome";v="112", "Not:A-Brand";v="99"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36

[ondrej1024]

Now I have defined the commonHeaders as empty. This gets carelink-python-client back online. 😃 Will update the repo tomorrow.

I guess the other programs have to be updated accordingly.

[benceszasz]

@ondrej1024 I am not sure about removing all browser headers is a good idea. In both xDripCareLinkFollower and CareLinkJavaClient the client behaves during login as a browser. Since Medtronic must keep CareLink accessible via browser, this method should work even if it needs to be changed or updated over time. But if you use pure HTTP client it can be easily detected and blocked.
But this is just my opinion :)

[ondrej1024]

@benceszasz Yes, I agree with that. Remains to find out what are the headers that are accepted at the moment.

[benceszasz]

@ondrej1024 the ones in my previous comment are working fine with my xdrip and in java client.

[ondrej1024]

@benceszasz OK, great. Although, at the moment, even with the old headers things are working again. 🙄

[stijnbrouwers]

@ondrej1024 and @benceszasz I can confirm it's also working again for me...

[lmbigdata]

Thanks guys for your great job!!

[mattster98]

Is the ability to view multiple patients a factor here? Not sure if this is in all regions, but on the Carelink Connect app and on the carelink website (US) I'm now noticing where you have to choose a patient, and also seeing patientId in the message request:

For me, nightscout logging in seems to work. It's the call to get the message that is failing with error 400.

[benceszasz]

@mattster98 you are able to select from multiple patients in CareLink?
What is on the request Headers (called api url) tab and what is in the Response?
Also please check the request/response before this one. There must be an API which provides the list of the managed patients.

[mattster98]

Yes - after I log in, I get a new page (/app/linking) with the option to select the patient at the top. I only have one patient, but I have to select it to proceed. The username of that patient is what is in the patientId field in the message calls.

That new page makes a call to https://carelink.minimed.com/patient/m2m/links/patients
It responds with (user info replaced for privacy):
[ {
"firstName" : "First",
"lastName" : "Last",
"status" : "ACTIVE",
"username" : "patient_username",
"notificationsAllowed" : false,
"nickname" : "JS",
"lastDeviceFamily" : "BLE",
"patientUsesConnect" : true
} ]

I think this is what you are asking for - let me know if you need more. :)

[mattster98]

I hard coded the patient ID into the message request and have data again, so that seems to be the main issue. I tried to add a parameter for it as a config/env var but I don't know what I'm doing so I haven't managed to get that to work yet.

[benceszasz]

@mattster98 are you using 770G? What is the URL that you have used successfully to retrieve data from CareLink with patient ID hardcoded (you can replace the actual patient ID for privacy, I am just curious about the url structure)?

[mattster98]

Yes.

I didn't change the URL anywhere in the code, just added that new parameter.

From the logging I have, it's hitting:
https://clcloud.minimed.com/connect/carepartner/v6/display/message

Honestly after you select the patient on the new screen, the carelink interface looks exactly the way it did before. I think that new /app/linking page that makes the call to patients is the only new stuff.

[benceszasz]

Which parameter have you added and to what?
Are you using Care Partner account or Patient account?
For me Connect web (CareLink Personal > Connect page) doesn't show the CGM/pump data of 7XXG pumps, but shows a message to use the Connect mobile app. In the EU the Connect web app never worked for 7xxG pumps only for the standalone CGM. 7xxG pumps could only be used with the Connect mobile app.

[mattster98]

Not sure if you can see this: 0700ef4

That was my attempt to add the parameter. The username is still the carepartner account, but I added the patient ID which is the patient account username. Edit to be clear: this change doesn't work because I couldn't figure out how to plumb a new env variable from my docker config into this code.. this was just my initial plan. I ended up replacing the new parameter with just "mypatientusername" just like the role parameter looks.

Here's a screenshot of the change in case that link doesn't work.

[paul1956]

There is not a list of patients from the server, the Carelink Connect client requires you know it and it saves it locally to present the list. If you think about it you are logging in with one ID and could be following 5 people that may not know each other (think about a school nurse).

[mattster98]

@paul1956 , I provided the call and response [above] (#11 (comment)) from the server that provides what looks like a json formatted patient list. I only have one patient but I'm sure after you connect with multiple it lists them and you can choose from there.

This information is on my carelink account and is provided by the server, not on any client since I'm just using the web interface there.

[GauriSpears]

Hi, guys! As far as I see there's a lot of investigation about how to get info from 7xxG pump. But what about sending commands to it? AccuChek Guide Link glucose meter as well as transmitters can at least send glucose level to a pump. Does this protocol allow full control? The reason is that sometimes it may be difficult to get the pump when it's under several layers of clothes.