Platform · Developers

Build on ProductLog — API, AI agents, and webhooks.

Drive every module programmatically over a documented REST API, point Claude Desktop or your IDE agent straight at your data over the Model Context Protocol, and stream HMAC-signed events to your own pipeline. No glue code.

Start free — 14-day Pro trial See plans & pricing

REST API & MCP on Pro and up Webhooks on Business

tools/call · create_feedback MCP

# Point your AI agent at ProductLog
POST /api/v1/mcp
Authorization: Bearer plk_••••••••

{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "params": {
    "name": "create_feedback",
    "arguments": {
      "projectSlug": "acme",
      "title": "Dark mode"
    }
  }
}

Programmatic access

A REST API, with keys you can trust.

Read and write changelog, feedback, roadmap, and survey data over a documented HTTP API — authenticated with org-scoped keys.

REST API & API keys

Org-scoped API keys Pro

Generate a key in the dashboard and call ProductLog over HTTPS. Keys are tied to your organization, so a token only ever sees your own projects.

Keys carry a plk_ prefix and authenticate with a standard Bearer token
Shown once, hashed at rest — we store only a peppered hash, never the raw key
Optional expiry and one-click revoke — kill a key the moment it leaks
See each key's prefix and a last-used timestamp at a glance

A note on scopes. Today a key inherits the role of the teammate who created it. Fine-grained per-key scopes are on the roadmap — we'd rather ship honest limits than imply ones we don't enforce.

curl · list feedback REST

# Authenticate with your org-scoped key
curl https://api.productlog.dev/api/v1/projects/acme/feedback \
  -H "Authorization: Bearer plk_••••••••"

# → { "data": [ … ], "meta": { "total": 128 } }

key · created once plk_

# Copy it now — it is never shown again
plk_8f2a91d4e7c3b6a0f1e5d2c8b4a6f3e9
# expires 2026-12-31 · scope: organization

Model Context Protocol

Point Claude Desktop or your IDE agent at ProductLog Pro

ProductLog ships a Model Context Protocol server at POST /api/v1/mcp that speaks JSON-RPC 2.0. Connect any MCP client — Claude Desktop, an IDE agent — with the same plk_ Bearer key, and your agent can read and create across your boards. No glue code, no SDK.

7 tools for feedback, changelog, roadmap, and surveys — list, read, and create
Org-scoped by construction — every tool resolves against your organization, so an agent can never reach another tenant
Changelog creates are drafts — an agent can seed an entry, but a human always reviews and publishes it
Standard JSON-RPC: initialize, tools/list, tools/call

MCP rides on the same API-access feature as REST keys — available on Pro and up.

tools/list JSON-RPC

{ "method": "tools/list" }
# → 7 tools, scoped to your org

list_feedbackRead · most-voted first

get_feedbackRead · single post

create_feedbackCreate · new post

list_changelog_entriesRead · newest first

create_changelog_entryCreate · draft only

list_roadmap_itemsRead · by column

list_surveysRead · status & counts

org-scopedEvery call, every tool

Outbound events

HMAC-signed webhooks Business

Subscribe a URL to the events you care about and ProductLog POSTs a signed payload the moment they fire. Verify the X-ProductLog-Signature-256 header against your shared secret, inspect every attempt in the delivery log, and fire a test ping whenever you wire up a new endpoint.

HMAC-SHA256 signatures — each delivery carries an X-ProductLog-Signature-256 header so you can verify it's really us
8 events across changelog, feedback, surveys, and roadmap — subscribe to all, or just the ones you need
Delivery log — every attempt with its HTTP status and duration, so failures are never a mystery
Test ping — send a sample delivery to confirm your endpoint before you ship

On the security backlog. Signing secrets are stored to sign your payloads; encrypting them at rest is a tracked follow-up we're shipping next.

POST · your endpoint Webhook

X-ProductLog-Event: feedback.created
X-ProductLog-Delivery: 018f-…-c3b6
X-ProductLog-Signature-256: sha256=3a9f…

{ "event": "feedback.created",
  "data": { … } }

changelog.published
feedback.created
feedback.status_changed
feedback.comment_created
feedback.post_voted
survey.response_received
roadmap.item_status_changed
roadmap.item_shipped

Delivery log Send test ping

feedback.created 200 · 142 ms

roadmap.item_shipped 200 · 98 ms

ping 200 · 61 ms

Built to be trusted

Secure by construction.

Keys hashed at rest

We store only a peppered hash of every API key. The raw value is shown once at creation and never again.

Integration secrets encrypted

Stored integration credentials are encrypted at rest with libsodium, and every outbound call is SSRF-guarded.

Org-scoped, always

API keys and MCP tools resolve only within your organization — a token can never reach another tenant's data.

Wire ProductLog into the tools you already build with.

Spin up a workspace, generate a key, and you're calling the API in minutes. Free forever. API, MCP, and integrations start on Pro at $39/month; webhooks on Business.

Create free workspace See plans & pricing