Prodeen exposes a REST and MCP API, plus outbound webhooks, so your developers can pull regulatory content, push it into PLM and QMS systems, distribute reports through SharePoint or Google Drive, and trigger Slack, Teams or email notifications whenever a topic your team subscribes to has a new update. Authentication is API key by default, OAuth 2.0 for enterprise tenants.
What can you integrate with Prodeen?
Prodeen turns the constant flow of food and beverage regulation — EFSA opinions, RASFF alerts, FDA rule changes, Codex revisions, national MRL updates — into a curated stream of Signals: topic-scoped notifications your team subscribes to, much like a tightly edited regulatory newsletter. Four kinds of integration typically follow:
- API access to Signal content. Pull Signals and reports straight into your own tooling — over REST for traditional integrations, or over an MCP server for AI assistants and agentic tools.
- Report distribution. Render assessments as PDF, Markdown or HTML and drop them into the SharePoint, OneDrive or Google Drive folder where your regulatory team archives decisions.
- Notifications. Send the headline and a deep link to Prodeen into a Slack channel, a Teams chat, an email distribution list, or any HTTP endpoint you control.
- Structured exports. Pull a JSON, CSV or Markdown extract of recent Signals for a topic or business unit, ready for loading into a BI tool, compliance dashboard or knowledge base.
Every integration runs against the same versioned API and the same authorisation model — you cannot reach data outside your own organisation, by design. See our security & privacy page for how that boundary is enforced.
How Prodeen connects to existing tools
Most enterprise regulatory teams already run a PLM, a QMS, a document store and a chat platform. Prodeen ships with named connectors for the most common ones; anything else is wired up through the public API or webhooks.
Native connectors
If your stack uses a system not on the list — a proprietary PLM, an internal review tool, a custom BI warehouse — the public API and webhooks are the integration path. Anything Prodeen does inside its own UI can be done over the API.
The Prodeen API
The Prodeen API speaks two protocols against the same data model. A versioned REST API over JSON at https://api.prodeen.com/v1 covers traditional server-to-server integration; an MCP (Model Context Protocol) server at https://mcp.prodeen.com exposes the same capabilities as tools for AI assistants and agentic clients. Both share authentication, scopes and rate limits. All traffic must be over HTTPS; plain HTTP is refused.
Authentication
Prodeen supports two authentication modes:
- API key — recommended for server-to-server integration. Pass the key in the
Authorizationheader asBearer sk_live_…. API keys are issued per organisation, scoped to a subset of endpoints, and revocable at any time from the admin console. - OAuth 2.0 (authorization code) — for integrations that act on behalf of a named user, such as embedded apps inside a PLM or QMS. Available on enterprise plans.
curl https://api.prodeen.com/v1/signals \ -H "Authorization: Bearer sk_live_••••••••••••" \ -H "Accept: application/json"
Key endpoints
| Method & path | What it does |
|---|---|
GET /v1/signals | List Signals your organisation subscribes to, filterable by topic, jurisdiction and date range. |
GET /v1/signals/{id} | Retrieve a single Signal — the topic it belongs to, its headline, summary and the underlying regulatory sources. |
POST /v1/signals/{id}/read | Mark a Signal as read by a named user, mirroring the “mark as read” action in the Prodeen UI. |
GET /v1/reports | List regulatory assessment reports. Each report exposes a stable download_url for PDF, Markdown, CSV and JSON formats. |
POST /v1/webhooks | Register a webhook endpoint. Returns a signing secret used to verify deliveries. |
GET /v1/webhooks/deliveries | Inspect recent webhook deliveries with status, response code and payload digest. |
Rate limits
The default rate limit is 120 requests per minute per API key, with short bursts up to 240. Every response includes X-RateLimit-Remaining and X-RateLimit-Reset headers. Enterprise tenants can request higher quotas.
Versioning
The API is versioned in the URL path. v1 is stable; backwards-incompatible changes ship under a new major version, and the previous version is supported for at least twelve months after the new version is generally available. Additive changes — new fields, new endpoints, new enum values — do not bump the version, so your integration must ignore unknown JSON keys rather than fail on them.
Webhook setup
Webhooks let Prodeen push notifications to any HTTP endpoint the moment a Signal triggers, a report is published, or a regulatory deadline approaches. They are the right choice for integrations that need to react in real time — a Slack channel, a Teams chat, a paging system, or a downstream queue.
Available events
signal.created— a new Signal has landed in one of the topics your organisation subscribes to.signal.updated— an existing Signal has been revised (for example, the underlying regulation moved from draft to adopted).signal.read— a user marked a Signal as read.report.published— a regulatory report has finished rendering and is available to download.
Delivery and verification
Each delivery is a single POST with a JSON body. Prodeen signs every request with an HMAC-SHA256 signature, sent in the X-Prodeen-Signature header. Your endpoint should recompute the signature using the shared signing secret, compare it constant-time to the header, and reject any request whose signature does not match.
Failed deliveries (non-2xx response, timeout, network error) are retried with exponential backoff for up to 24 hours. The full delivery history — including the response code, latency and body — is available in the admin console and via the /v1/webhooks/deliveries endpoint.
Getting started in three steps
- 1
Generate an API key. Open the Prodeen admin console, head to Settings → API keys, name the key after the integration that will use it, and copy the secret. Keys are shown once, then hashed at rest; treat them like a password.
- 2
Make your first call. Hit
GET /v1/signalswith the new key and confirm you see your organisation's Signals. If you get a401, the key is wrong or revoked; if you get a403, the key's scope does not cover that endpoint. - 3
Register a webhook (optional). POST to
/v1/webhookswith the URL of your handler and the events you care about. Prodeen returns a signing secret — store it next to the API key and verify every incoming delivery against it.
Where integrations sit, and how they're protected
Every API call and every outbound webhook runs from Prodeen's EU infrastructure — Google Cloud's Belgium region — and stays in the EU for the life of the request. The same multi-tenant isolation that applies to the Prodeen UI applies to the API: an API key can only ever read data inside its own organisation, enforced at the database layer, not just in application code.
Prodeen is ISO/IEC 27001 certified, with a SOC 2 Type 2 audit in progress, and operates under the GDPR as your data processor. The full security posture and Data Processing Agreement is described on the security & privacy page.
Talk to the Prodeen integrations team
For API access on a trial or production account, sample collections for Postman or Insomnia, help wiring up a PLM or QMS connector, or to request OAuth 2.0 for an enterprise tenant, email support@prodeen.com. We aim to acknowledge integration requests within two business days.
This page describes Prodeen's integration surface as of May 2026. Endpoint paths, payload fields and rate limits are kept in sync with the live API; the date above is refreshed with each revision.