HTTP dump of Libre Link Up used in combination with FreeStyle Libre 3

libre-link-up-http-dump.md

LibreLinkUp HTTP-Dump

This document describes the HTTP communication of LibreLinkUp which functions as follower app to receive cgm data. Some data in the responses were masked.

Context

This dump was created on an android device with LibreLinkUp app. Capturing was done with HttpToolkit over adb.

API Url

The global api url is https://api.libreview.io. If you are placed in europe you can use https://api-eu.libreview.io instead.

Headers

The following list includes general purpose headers but also specific ones which are required to get correct responses:

General purpose

'accept-encoding': 'gzip'
'cache-control': 'no-cache'
'connection': 'Keep-Alive'
'content-type': 'application/json'

Specific

The following headers are required and needs to be setted to get correct responses. There might be alternative values which are not known.

'product': 'llu.android'
'version': '4.2.1',

Request Flow

To get cgm data from the api it is required to fire at least three requests:

1. Login and retrieve JWT Token
2. Get connections of patients to get patientId
3. Retrieve cgm data of specific patient

Login

This request expects credentials and will return a JWT Token which is required to call auth-needed endpoints.

Endpoint POST /llu/auth/login

Request Body

{
  "email": "your-libre-email@provider.com",
  "password": "$yOurVerySecretPasSw0rd!"
}

Response

{
  "status": 0,
  "data": {
    "user": {
      "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
      "firstName": "John",
      "lastName": "Doe",
      "email": "your-libre-email@provider.com",
      "country": "DE",
      "uiLanguage": "de-DE",
      "communicationLanguage": "de-DE",
      "accountType": "pat",
      "uom": "1",
      "dateFormat": "2",
      "timeFormat": "2",
      "emailDay": [
        1
      ],
      "system": {
        "messages": {
          "firstUsePhoenix": 1652399492,
          "firstUsePhoenixReportsDataMerged": 1652399492,
          "lluGettingStartedBanner": 1652399555,
          "lluNewFeatureModal": 1652399526,
          "lluOnboarding": 1652399536,
          "lvWebPostRelease": "3.9.47"
        }
      },
      "details": {},
      "created": 1652399492,
      "lastLogin": 1653140180,
      "programs": {},
      "dateOfBirth": 627609600,
      "practices": {},
      "devices": {},
      "consents": {
        "llu": {
          "policyAccept": 1652399485,
          "touAccept": 1652399485
        }
      }
    },
    "messages": {
      "unread": 0
    },
    "notifications": {
      "unresolved": 0
    },
    "authTicket": {
      "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjZlZGFjNDk2LWQyNGUtMTFlYy04ZTVkLTAyNDJhYzExMDAwMiIsImZpcnN0TmFtZSI6IkhhbGltZSBTZWxjdWsiLCJsYXN0TmFtZSI6Iktla2VjIiwiY291bnRyeSI6IkRFIiwicmVnaW9uIjoiZXUiLCJyb2xlIjoicGF0aWVudCIsInVuaXRzIjoxLCJwcmFjdGljZXMiOltdLCJjIjoxLCJzIjoibGx1LmFuZHJvaWQiLCJleHAiOjE2Njg2OTIzNTh9.MdEzdJ3NrpYS4WVAcuy87Gxzk7EJFHzCtei-y7_XXXX",
      "expires": 1668692358,
      "duration": 15552000000
    },
    "invitations": [
      "xxxxxxxxx"
    ]
  }
}

The JWT Token is present in data.authTicket.token and is valid for nearly 6 month which is quite long. This is extremly long and actually you cannot invalidate this token why you should not share it with anyone.

For the next requests you have to set this token in the headers:

'authorization': Bearer [YOUR_JWT_TOKEN]

Get connections

To be able to retrieve cgm data you have to determine the patientId of the person who is sharing his data with you.

Endpoint GET /llu/connections

Response

{
  "status": 0,
  "data": [
    {
      "id": "xxxxx",
      "patientId": "xxxxxxx",
      "country": "DE",
      "status": 2,
      "firstName": "John",
      "lastName": "Doe",
      "targetLow": 70,
      "targetHigh": 130,
      "uom": 1,
      "sensor": {
        "deviceId": "",
        "sn": "xxxxx",
        "a": 1652400270,
        "w": 60,
        "pt": 4
      },
      "alarmRules": {
        "c": true,
        "h": {
          "on": true,
          "th": 130,
          "thmm": 7.2,
          "d": 1440,
          "f": 0.1
        },
        "f": {
          "th": 55,
          "thmm": 3,
          "d": 30,
          "tl": 10,
          "tlmm": 0.6
        },
        "l": {
          "on": true,
          "th": 70,
          "thmm": 3.9,
          "d": 1440,
          "tl": 10,
          "tlmm": 0.6
        },
        "nd": {
          "i": 20,
          "r": 5,
          "l": 6
        },
        "p": 5,
        "r": 5,
        "std": {}
      },
      "glucoseMeasurement": {
        "FactoryTimestamp": "5/21/2022 1:38:50 PM",
        "Timestamp": "5/21/2022 3:38:50 PM",
        "type": 1,
        "ValueInMgPerDl": 91,
        "TrendArrow": 3,
        "TrendMessage": null,
        "MeasurementColor": 1,
        "GlucoseUnits": 1,
        "Value": 91,
        "isHigh": false,
        "isLow": false
      },
      "glucoseItem": {
        "FactoryTimestamp": "5/21/2022 1:38:50 PM",
        "Timestamp": "5/21/2022 3:38:50 PM",
        "type": 1,
        "ValueInMgPerDl": 91,
        "TrendArrow": 3,
        "TrendMessage": null,
        "MeasurementColor": 1,
        "GlucoseUnits": 1,
        "Value": 91,
        "isHigh": false,
        "isLow": false
      },
      "glucoseAlarm": null,
      "patientDevice": {
        "did": "2d97357e-d250-11ec-b409-0242ac110004",
        "dtid": 40068,
        "v": "3.3.1",
        "ll": 65,
        "hl": 130,
        "u": 1653016896,
        "fixedLowAlarmValues": {
          "mgdl": 60,
          "mmoll": 3.3
        },
        "alarms": false
      },
      "created": 1652399545
    }
  ],
  "ticket": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjZlZGFjNDk2LWQyNGUtMTFlYy04ZTVkLTAyNDJhYzExMDAwMiIsImZpcnN0TmFtZSI6IkhhbGltZSBTZWxjdWsiLCJsYXN0TmFtZSI6Iktla2VjIiwiY291bnRyeSI6IkRFIiwicmVnaW9uIjoiZXUiLCJyb2xlIjoicGF0aWVudCIsInVuaXRzIjoxLCJwcmFjdGljZXMiOltdLCJjIjoxLCJzIjoibGx1LmFuZHJvaWQiLCJleHAiOjE2Njg2OTIzNTh9.MdEzdJ3NrpYS4WVAcuy87Gxzk7EJFHzCtei-y7_XXXX",
    "expires": 1668692358,
    "duration": 15552000000
  }
}

The datapart includes all persons who are sharing their data with you. To retrieve cgm data you need data[0].patientId.

Get cgm data

Now both prerequirements (JWT Token and Patient ID) are met and you can retrieve the cgm data.

Endpoint GET /llu/connections/{patientId}/graph

Response

{
  "status": 0,
  "data": {
    "connection": {
      "id": "xxxxxxx",
      "patientId": "xxxxxxx",
      "country": "DE",
      "status": 2,
      "firstName": "John",
      "lastName": "Doe",
      "targetLow": 70,
      "targetHigh": 130,
      "uom": 1,
      "sensor": {
        "deviceId": "",
        "sn": "XXXXXXXXXX",
        "a": 1652400270,
        "w": 60,
        "pt": 4
      },
      "alarmRules": {
        "c": true,
        "h": {
          "on": true,
          "th": 130,
          "thmm": 7.2,
          "d": 1440,
          "f": 0.1
        },
        "f": {
          "th": 55,
          "thmm": 3,
          "d": 30,
          "tl": 10,
          "tlmm": 0.6
        },
        "l": {
          "on": true,
          "th": 70,
          "thmm": 3.9,
          "d": 1440,
          "tl": 10,
          "tlmm": 0.6
        },
        "nd": {
          "i": 20,
          "r": 5,
          "l": 6
        },
        "p": 5,
        "r": 5,
        "std": {}
      },
      "glucoseMeasurement": {
        "FactoryTimestamp": "5/21/2022 1:38:50 PM",
        "Timestamp": "5/21/2022 3:38:50 PM",
        "type": 1,
        "ValueInMgPerDl": 91,
        "TrendArrow": 3,
        "TrendMessage": null,
        "MeasurementColor": 1,
        "GlucoseUnits": 1,
        "Value": 91,
        "isHigh": false,
        "isLow": false
      },
      "glucoseItem": {
        "FactoryTimestamp": "5/21/2022 1:38:50 PM",
        "Timestamp": "5/21/2022 3:38:50 PM",
        "type": 1,
        "ValueInMgPerDl": 91,
        "TrendArrow": 3,
        "TrendMessage": null,
        "MeasurementColor": 1,
        "GlucoseUnits": 1,
        "Value": 91,
        "isHigh": false,
        "isLow": false
      },
      "glucoseAlarm": null,
      "patientDevice": {
        "did": "xxxxxxx",
        "dtid": 40068,
        "v": "3.3.1",
        "ll": 65,
        "hl": 130,
        "u": 1653016896,
        "fixedLowAlarmValues": {
          "mgdl": 60,
          "mmoll": 3.3
        },
        "alarms": false
      },
      "created": 1652399545
    },
    "activeSensors": [
      {
        "sensor": {
          "deviceId": "xxxxxx",
          "sn": "xxxxx",
          "a": 1652400270,
          "w": 60,
          "pt": 4
        },
        "device": {
          "did": "xxxxxx",
          "dtid": 40068,
          "v": "3.3.1",
          "ll": 65,
          "hl": 130,
          "u": 1653016896,
          "fixedLowAlarmValues": {
            "mgdl": 60,
            "mmoll": 3.3
          },
          "alarms": false
        }
      },
      {
        "sensor": {
          "deviceId": "xxxxx",
          "sn": "xxxxxx",
          "a": 1652399154,
          "w": 60,
          "pt": 4
        },
        "device": {
          "did": "xxxxxxxxx",
          "dtid": 40068,
          "v": "3.3.1",
          "ll": 70,
          "hl": 250,
          "u": 1652399060,
          "fixedLowAlarmValues": {
            "mgdl": 60,
            "mmoll": 3.3
          },
          "alarms": false
        }
      },
      {
        "sensor": {
          "deviceId": "xxxxx",
          "sn": "xxxxx",
          "a": 1652391830,
          "w": 60,
          "pt": 4
        },
        "device": {
          "did": "xxxxx",
          "dtid": 40068,
          "v": "3.3.1",
          "ll": 70,
          "hl": 250,
          "u": 1652396851,
          "fixedLowAlarmValues": {
            "mgdl": 60,
            "mmoll": 3.3
          },
          "alarms": false
        }
      }
    ],
    "graphData": [
      {
        "FactoryTimestamp": "5/21/2022 1:39:50 AM",
        "Timestamp": "5/21/2022 3:39:50 AM",
        "type": 0,
        "ValueInMgPerDl": 117,
        "MeasurementColor": 1,
        "GlucoseUnits": 1,
        "Value": 117,
        "isHigh": false,
        "isLow": false
      },
      {
        "FactoryTimestamp": "5/21/2022 1:44:51 AM",
        "Timestamp": "5/21/2022 3:44:51 AM",
        "type": 0,
        "ValueInMgPerDl": 115,
        "MeasurementColor": 1,
        "GlucoseUnits": 1,
        "Value": 115,
        "isHigh": false,
        "isLow": false
      },
      {
        "FactoryTimestamp": "5/21/2022 1:49:50 AM",
        "Timestamp": "5/21/2022 3:49:50 AM",
        "type": 0,
        "ValueInMgPerDl": 115,
        "MeasurementColor": 1,
        "GlucoseUnits": 1,
        "Value": 115,
        "isHigh": false,
        "isLow": false
      },
      {
        "FactoryTimestamp": "5/21/2022 1:54:51 AM",
        "Timestamp": "5/21/2022 3:54:51 AM",
        "type": 0,
        "ValueInMgPerDl": 116,
        "MeasurementColor": 1,
        "GlucoseUnits": 1,
        "Value": 116,
        "isHigh": false,
        "isLow": false
      },
      {
        "FactoryTimestamp": "5/21/2022 1:59:50 AM",
        "Timestamp": "5/21/2022 3:59:50 AM",
        "type": 0,
        "ValueInMgPerDl": 116,
        "MeasurementColor": 1,
        "GlucoseUnits": 1,
        "Value": 116,
        "isHigh": false,
        "isLow": false
      },
      {
        "FactoryTimestamp": "5/21/2022 2:04:50 AM",
        "Timestamp": "5/21/2022 4:04:50 AM",
        "type": 0,
        "ValueInMgPerDl": 118,
        "MeasurementColor": 1,
        "GlucoseUnits": 1,
        "Value": 118,
        "isHigh": false,
        "isLow": false
      },
      {
        "FactoryTimestamp": "5/21/2022 2:09:50 AM",
        "Timestamp": "5/21/2022 4:09:50 AM",
        "type": 0,
        "ValueInMgPerDl": 118,
        "MeasurementColor": 1,
        "GlucoseUnits": 1,
        "Value": 118,
        "isHigh": false,
        "isLow": false
      },
      {
        "FactoryTimestamp": "5/21/2022 2:14:51 AM",
        "Timestamp": "5/21/2022 4:14:51 AM",
        "type": 0,
        "ValueInMgPerDl": 115,
        "MeasurementColor": 1,
        "GlucoseUnits": 1,
        "Value": 115,
        "isHigh": false,
        "isLow": false
      }
    ]
  },
  "ticket": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjZlZGFjNDk2LWQyNGUtMTFlYy04ZTVkLTAyNDJhYzExMDAwMiIsImZpcnN0TmFtZSI6IkhhbGltZSBTZWxjdWsiLCJsYXN0TmFtZSI6Iktla2VjIiwiY291bnRyeSI6IkRFIiwicmVnaW9uIjoiZXUiLCJyb2xlIjoicGF0aWVudCIsInVuaXRzIjoxLCJwcmFjdGljZXMiOltdLCJjIjoxLCJzIjoibGx1LmFuZHJvaWQiLCJleHAiOjE2Njg2OTIzNTl9.LK8Ejr2IDKGM7oiObVYMHC8HV2bPcv6obt7UiEFXXXX",
    "expires": 1668692359,
    "duration": 15552000000
  }
}

The last measurement is present in glucoseMeasurement:

{
  "FactoryTimestamp": "5/21/2022 1:38:50 PM",
  "Timestamp": "5/21/2022 3:38:50 PM",
  "type": 1,
  "ValueInMgPerDl": 91,
  "TrendArrow": 3,
  "TrendMessage": null,
  "MeasurementColor": 1,
  "GlucoseUnits": 1,
  "Value": 91,
  "isHigh": false,
  "isLow": false
}

Instead you can find historical measurements in graphData. The data has the same shape as above.

Contact

Selcuk Kekec

E-mail: khskekec@gmail.com

Hello everyone! I’m developing an application to present at a national competition here in Brazil on January 31st, but I’m running into an issue when trying to connect to the API. For some reason, I’m unable to authenticate and retrieve data. I always receive the error "No token returned", because the API never seems to return the authentication token from the server. Could someone please help me understand what might be wrong and how I can fix my code?

Thanks a lot!

@liubquanti @Mynuggets-dev @sgmoore @MrAda @gjkoolen @xfoguet @SteveCEvans @adamlounds

`const corsHeaders = {
  'Access-Control-Allow-Origin': '*',
  'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
}

async function sha256(message: string) {
    const msgBuffer = new TextEncoder().encode(message);
    const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer);
    const hashArray = Array.from(new Uint8Array(hashBuffer));
    return hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
}

Deno.serve(async (req) => {
  if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })

  try {
    const { email, password, region = "ae" } = await req.json()

    if (!email || !password) throw new Error("Email e senha obrigatórios")

    const baseUrl = `https://api-${region}.libreview.io`

    const commonHeaders = {
      "product": "llu.android",
      "version": "4.16.0", 
      "accept-encoding": "gzip, deflate, br",
      "cache-control": "no-cache",
      "connection": "keep-alive",
      "content-type": "application/json",
      "pragma": "no-cache",
    }

    console.log(`[LibreFix] 1. Login em ${baseUrl}...`)

    const loginResp = await fetch(`${baseUrl}/llu/auth/login`, {
      method: "POST",
      headers: commonHeaders,
      body: JSON.stringify({ email, password })
    })

    if (!loginResp.ok) {
        throw new Error(`Erro Login: ${loginResp.status} - Verifique credenciais`)
    }

    const loginData = await loginResp.json()
    
    const token = loginData.data?.authTicket?.token
    const userId = loginData.data?.user?.id 

    if (!token || !userId) {
        throw new Error("Login falhou: Token ou User ID não retornados.")
    }

    const accountIdHash = await sha256(userId);
    
    console.log(`[LibreFix] Hash gerado: ${accountIdHash.substring(0, 10)}...`)

    const authHeaders = {
        ...commonHeaders,
        "Authorization": `Bearer ${token}`,
        "Account-Id": accountIdHash 
    }

    console.log("[LibreFix] 2. Buscando conexões...")
    const connResp = await fetch(`${baseUrl}/llu/connections`, {
      headers: authHeaders 
    })
    
    const connData = await connResp.json()
    
    if (!connData.data || connData.data.length === 0) {
        throw new Error("Nenhum sensor vinculado. Use uma conta de SEGUIDOR (LibreLinkUp).")
    }
    
    const patientId = connData.data[0].patientId

    console.log(`[LibreFix] 3. Buscando dados...`)
    const graphResp = await fetch(`${baseUrl}/llu/connections/${patientId}/graph`, {
      headers: authHeaders
    })
    
    const graphData = await graphResp.json()
    const measurements = graphData.data?.connection?.glucoseMeasurement?.measurementData

    if (!measurements || measurements.length === 0) {
        throw new Error("Conexão feita, mas sem dados recentes.")
    }

    const latest = measurements[measurements.length - 1]

    console.log("[LibreFix] SUCESSO!", latest.Value)

    return new Response(
      JSON.stringify({ 
        value: latest.Value, 
        trend: latest.TrendArrow, 
        date: latest.FactoryTimestamp,
        isHigh: latest.isHigh,
        isLow: latest.isLow
      }),
      { headers: { ...corsHeaders, 'Content-Type': 'application/json' }, status: 200 }
    )

  } catch (error) {
    const msg = error instanceof Error ? error.message : String(error)
    console.error("ERRO FATAL:", msg)
    return new Response(
      JSON.stringify({ error: msg }),
      { status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
    )
  }
})` 

Could someone please help me understand what might be wrong and how I can fix my code?

The response to the .../llu/auth/login request does not always return a token. You need to check the value for data\status and if this is 4, look to see if you need to perform an extra step (or several extra steps) until you get a status 0 and a token.

These steps are usually to read and accept new terms and conditions and there appear to be lots of third-party apps that do not handle them correctly and rely on the user logging into the official LibreLinkUp app and performing the necessary steps there and that clears the account so that the next logon goes straight to providing a token.

See https://gist.github.com/khskekec/6c13ba01b10d3018d816706a32ae8ab2?permalink_comment_id=5749295#gistcomment-5749295

I think my C# code at https://dotnetfiddle.net/OWr8wO should handle this, but is not recommended as it does not do it the proper way. (It is the equivalent of saying that I have read and agree with the new terms and conditions without actually reading them.)

I think my C# code at https://dotnetfiddle.net/OWr8wO should handle this, but is not recommended as it does not do it the proper way. (It is the equivalent of saying that I have read and agree with the new terms and conditions without actually reading them.)

This helped me a lot. I wouldn’t have realized it on my own. Thank you very much for the explanation and guidance.
At the moment, the person whose data I’m collecting is not entering glucose values in LibreLinkUp, but I was able to successfully complete the login, retrieve the connections, and fetch the graph data.

I sincerely appreciate your time, attention, and the help you provided!

Hello everyone! I’m developing an application to present at a national competition here in Brazil on January 31st, but I’m running into an issue when trying to connect to the API. For some reason, I’m unable to authenticate and retrieve data. I always receive the error "No token returned", because the API never seems to return the authentication token from the server. Could someone please help me understand what might be wrong and how I can fix my code?

Thanks a lot!

@liubquanti @Mynuggets-dev @sgmoore @MrAda @gjkoolen @xfoguet @SteveCEvans @adamlounds

`const corsHeaders = {
  'Access-Control-Allow-Origin': '*',
  'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
}

async function sha256(message: string) {
    const msgBuffer = new TextEncoder().encode(message);
    const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer);
    const hashArray = Array.from(new Uint8Array(hashBuffer));
    return hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
}

Deno.serve(async (req) => {
  if (req.method === 'OPTIONS') return new Response('ok', { headers: corsHeaders })

  try {
    const { email, password, region = "ae" } = await req.json()

    if (!email || !password) throw new Error("Email e senha obrigatórios")

    const baseUrl = `https://api-${region}.libreview.io`

    const commonHeaders = {
      "product": "llu.android",
      "version": "4.16.0", 
      "accept-encoding": "gzip, deflate, br",
      "cache-control": "no-cache",
      "connection": "keep-alive",
      "content-type": "application/json",
      "pragma": "no-cache",
    }

    console.log(`[LibreFix] 1. Login em ${baseUrl}...`)

    const loginResp = await fetch(`${baseUrl}/llu/auth/login`, {
      method: "POST",
      headers: commonHeaders,
      body: JSON.stringify({ email, password })
    })

    if (!loginResp.ok) {
        throw new Error(`Erro Login: ${loginResp.status} - Verifique credenciais`)
    }

    const loginData = await loginResp.json()
    
    const token = loginData.data?.authTicket?.token
    const userId = loginData.data?.user?.id 

    if (!token || !userId) {
        throw new Error("Login falhou: Token ou User ID não retornados.")
    }

    const accountIdHash = await sha256(userId);
    
    console.log(`[LibreFix] Hash gerado: ${accountIdHash.substring(0, 10)}...`)

    const authHeaders = {
        ...commonHeaders,
        "Authorization": `Bearer ${token}`,
        "Account-Id": accountIdHash 
    }

    console.log("[LibreFix] 2. Buscando conexões...")
    const connResp = await fetch(`${baseUrl}/llu/connections`, {
      headers: authHeaders 
    })
    
    const connData = await connResp.json()
    
    if (!connData.data || connData.data.length === 0) {
        throw new Error("Nenhum sensor vinculado. Use uma conta de SEGUIDOR (LibreLinkUp).")
    }
    
    const patientId = connData.data[0].patientId

    console.log(`[LibreFix] 3. Buscando dados...`)
    const graphResp = await fetch(`${baseUrl}/llu/connections/${patientId}/graph`, {
      headers: authHeaders
    })
    
    const graphData = await graphResp.json()
    const measurements = graphData.data?.connection?.glucoseMeasurement?.measurementData

    if (!measurements || measurements.length === 0) {
        throw new Error("Conexão feita, mas sem dados recentes.")
    }

    const latest = measurements[measurements.length - 1]

    console.log("[LibreFix] SUCESSO!", latest.Value)

    return new Response(
      JSON.stringify({ 
        value: latest.Value, 
        trend: latest.TrendArrow, 
        date: latest.FactoryTimestamp,
        isHigh: latest.isHigh,
        isLow: latest.isLow
      }),
      { headers: { ...corsHeaders, 'Content-Type': 'application/json' }, status: 200 }
    )

  } catch (error) {
    const msg = error instanceof Error ? error.message : String(error)
    console.error("ERRO FATAL:", msg)
    return new Response(
      JSON.stringify({ error: msg }),
      { status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
    )
  }
})` 

try something like this

  "Access-Control-Allow-Origin": "*",
  "Access-Control-Allow-Headers":
    "authorization, x-client-info, apikey, content-type",
  "Access-Control-Allow-Methods": "POST, OPTIONS",
};

async function sha256Hex(message: string) {
  const msgBuffer = new TextEncoder().encode(message);
  const hashBuffer = await crypto.subtle.digest("SHA-256", msgBuffer);
  const hashArray = Array.from(new Uint8Array(hashBuffer));
  return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
}

// Simple in-memory token cache (keyed by email+region)
// If you deploy on serverless with cold starts, use Deno KV or your DB.
type Session = {
  token: string;
  accountIdHash: string;
  userId: string;
  region: string;
  baseUrl: string;
  updatedAt: number;
};

const sessionCache = new Map<string, Session>();

function cacheKey(email: string, region: string) {
  return `${region}::${email.toLowerCase().trim()}`;
}

function commonHeaders() {
  return {
    product: "llu.android",
    version: "4.16.0",
    "accept-encoding": "gzip, deflate, br",
    "cache-control": "no-cache",
    connection: "keep-alive",
    "content-type": "application/json",
    pragma: "no-cache",
  } as Record<string, string>;
}

async function login(email: string, password: string, region: string): Promise<Session> {
  const baseUrl = `https://api-${region}.libreview.io`;

  const resp = await fetch(`${baseUrl}/llu/auth/login`, {
    method: "POST",
    headers: commonHeaders(),
    body: JSON.stringify({ email, password }),
  });

  if (!resp.ok) {
    // Avoid leaking details; keep it useful.
    throw new Error(`Erro Login: ${resp.status} - Verifique credenciais/região`);
  }

  const loginData = await resp.json();

  const token = loginData?.data?.authTicket?.token as string | undefined;
  const userId = loginData?.data?.user?.id as string | undefined;

  if (!token || !userId) {
    throw new Error("Login falhou: Token ou User ID não retornados.");
  }

  const accountIdHash = await sha256Hex(userId);

  return {
    token,
    userId,
    accountIdHash,
    region,
    baseUrl,
    updatedAt: Date.now(),
  };
}

async function authedFetch(
  session: Session,
  input: string,
  init: RequestInit,
  relogin: () => Promise<Session>,
): Promise<{ resp: Response; session: Session }> {
  const makeHeaders = (s: Session) => ({
    ...commonHeaders(),
    Authorization: `Bearer ${s.token}`,
    "Account-Id": s.accountIdHash,
    ...(init.headers ?? {}),
  });

  // First try
  let resp = await fetch(input, { ...init, headers: makeHeaders(session) });

  // Token invalid/expired: refresh once and retry
  if (resp.status === 401 || resp.status === 403) {
    const fresh = await relogin();
    resp = await fetch(input, { ...init, headers: makeHeaders(fresh) });
    return { resp, session: fresh };
  }

  return { resp, session };
}

Deno.serve(async (req) => {
  if (req.method === "OPTIONS") return new Response("ok", { headers: corsHeaders });

  try {
    const { email, password, region = "ae" } = await req.json();

    if (!email || !password) throw new Error("Email e senha obrigatórios");

    const key = cacheKey(email, region);

    // Get cached session or login
    let session = sessionCache.get(key);
    if (!session) {
      session = await login(email, password, region);
      sessionCache.set(key, session);
    }

    // Helper to re-login and update cache
    const relogin = async () => {
      const fresh = await login(email, password, region);
      sessionCache.set(key, fresh);
      return fresh;
    };

    // 1) Connections
    const connUrl = `${session.baseUrl}/llu/connections`;

    const connResult = await authedFetch(session, connUrl, { method: "GET" }, relogin);
    session = connResult.session;

    if (!connResult.resp.ok) {
      throw new Error(`Erro conexões: ${connResult.resp.status}`);
    }

    const connData = await connResult.resp.json();

    if (!Array.isArray(connData?.data) || connData.data.length === 0) {
      throw new Error("Nenhum sensor vinculado. Use conta SEGUIDOR (LibreLinkUp).");
    }

    const patientId = connData.data[0]?.patientId;
    if (!patientId) throw new Error("Conexão inválida: patientId ausente.");

    // 2) Graph
    const graphUrl = `${session.baseUrl}/llu/connections/${patientId}/graph`;

    const graphResult = await authedFetch(session, graphUrl, { method: "GET" }, relogin);
    session = graphResult.session;

    if (!graphResult.resp.ok) {
      throw new Error(`Erro dados: ${graphResult.resp.status}`);
    }

    const graphData = await graphResult.resp.json();

    const measurements =
      graphData?.data?.connection?.glucoseMeasurement?.measurementData;

    if (!Array.isArray(measurements) || measurements.length === 0) {
      throw new Error("Conexão feita, mas sem dados recentes.");
    }

    const latest = measurements[measurements.length - 1];

    return new Response(
      JSON.stringify({
        value: latest.Value,
        trend: latest.TrendArrow,
        date: latest.FactoryTimestamp,
        isHigh: latest.isHigh,
        isLow: latest.isLow,
      }),
      { headers: { ...corsHeaders, "Content-Type": "application/json" }, status: 200 },
    );
  } catch (error) {
    const msg = error instanceof Error ? error.message : String(error);
    return new Response(JSON.stringify({ error: msg }), {
      status: 400,
      headers: { ...corsHeaders, "Content-Type": "application/json" },
    });
  }
});

this is one i have been making and use to watch a friend i care for, i just compile the data from the raw ' current reading ' and log them every 1min 24/7