API Documentation
The only API connecting German law texts, automated compliance scanning, and AI assistants in a single platform. 6 laws, 400 articles, 19 scanner modules.
1. MCP Server for AI Assistants
Endpoint: https://dsgvo.pro/api/mcp
What is MCP?
The Model Context Protocol (MCP) is an open standard that lets AI assistants (like Claude, Cursor, Windsurf, and others) connect to external tools and data sources. By adding the DSGVO.pro MCP server, your AI assistant gains direct access to 400 German law articles across 6 laws and a 19-module compliance scanner — no manual copy-pasting required. This is the first MCP server for German digital law compliance.
Warum MCP besonders DSGVO-relevant ist
MCP löst ein zentrales DSGVO-Problem: Sensible Unternehmensdaten werden oft unkontrolliert in öffentliche KI-Clouds hochgeladen. MCP verhindert das strukturell:
Local-First / On-Premise
MCP-Server laufen lokal oder in Ihrer privaten Cloud. Daten verlassen nie Ihre Infrastruktur.
Zentrales Permission-System
Eingebaute Berechtigungssteuerung: welche Tools auf welche Daten zugreifen dürfen.
Transparenz & Protokollierung
Alle KI-Aktionen sind nachvollziehbar — entspricht der Rechenschaftspflicht nach DSGVO Art. 5.
Privacy by Design (DSGVO Art. 25)
Datenkontrolle bleibt beim Unternehmen — Risiko von Datenlecks strukturell minimiert.
Der DSGVO.pro MCP-Server gibt Ihrem KI-Assistenten direkten Zugriff auf 400 deutsche Gesetzesartikel und einen 19-Modul-Compliance-Scanner — ohne Datenweitergabe an Dritte.
Available Tools
| Tool | Description |
|---|---|
| search-law | Full-text search across all German laws |
| get-article | Get the full text of a specific article |
| list-laws | List all available laws and their metadata |
| check-compliance | Scan a website with 19 modules — score, violations, financial risk |
| get-scan-result | Retrieve results of a previous compliance scan |
Configuration for Claude Code
Add to ~/.claude.json (not ~/.claude/settings.json — different file):
{
"mcpServers": {
"dsgvo-pro": {
"transport": "http",
"url": "https://dsgvo.pro/api/mcp"
}
}
}Or use the CLI: claude mcp add --transport http dsgvo-pro https://dsgvo.pro/api/mcp
Configuration for Claude Desktop
Add to your Claude Desktop config file:
{
"mcpServers": {
"dsgvo-pro": {
"url": "https://dsgvo.pro/api/mcp"
}
}
}Configuration for Cursor / Windsurf / Cline / Zed
Most MCP-compatible coding tools support adding servers via URL in their settings:
https://dsgvo.pro/api/mcp
Transport type: HTTP(Streamable HTTP). Refer to your tool's documentation for the exact field names.
Integration with Automation Tools
n8n, Make, and similar tools connect via the REST API — no MCP required. Use standard HTTP Request nodes to call our endpoints.
n8n — HTTP Request Node
In your n8n workflow, add an HTTP Request node with these settings:
Method: POST
URL: https://dsgvo.pro/api/scan
Headers: Content-Type: application/json
Body (JSON):
{
"url": "{{ $json.website_url }}"
}
→ Returns: { "id": "scan-uuid", "status": "crawling" }
Then poll GET https://dsgvo.pro/api/scan/{{ $json.id }}
until status === "completed"Method: GET
URL: https://dsgvo.pro/api/laws/dsgvo/{{ $json.article_number }}
→ Returns: full article text + title + cross-referencesMake (formerly Integromat) — HTTP Module
Add a HTTP → Make a request module:
Module: HTTP → Make a request
URL: https://dsgvo.pro/api/scan
Method: POST
Body type: Raw
Content type: application/json
Request content:
{
"url": "{{1.website_url}}"
}
→ Parse response, extract id, use in next HTTP module to poll resultsChatGPT, Perplexity & Other AI Assistants
ChatGPT and Perplexity do not natively support MCP. However, you can integrate DSGVO.pro via their respective plugin / action systems using our REST API.
ChatGPT Custom GPT Actions
In the ChatGPT GPT Builder, add a new Action with this OpenAPI schema:
openapi: 3.1.0
info:
title: DSGVO.pro API
description: German website compliance scanner and law database
version: 1.0.0
servers:
- url: https://dsgvo.pro
paths:
/api/scan:
post:
operationId: startComplianceScan
summary: Scan a website for DSGVO compliance
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
url:
type: string
description: The website URL to scan
required: [url]
responses:
'200':
description: Scan started, returns scan ID
/api/scan/{id}:
get:
operationId: getScanResult
summary: Get compliance scan results
parameters:
- name: id
in: path
required: true
schema:
type: string
responses:
'200':
description: Scan results with score and violations
/api/laws/{law}/{article}:
get:
operationId: getLawArticle
summary: Get full text of a German law article
parameters:
- name: law
in: path
required: true
schema:
type: string
enum: [dsgvo, bdsg, tdddg, ddg, ki-vo, bfsg]
- name: article
in: path
required: true
schema:
type: string
responses:
'200':
description: Full article text and metadataPerplexity, Gemini, and Others
For any AI assistant with web browsing or tool-use capabilities, direct it to use the REST API endpoints above. All endpoints are public, return JSON, and require no authentication. Share this page URL with your AI assistant to let it self-configure.
2. REST API for Law Texts
Base URL: https://dsgvo.pro/api/laws
All responses are JSON. No authentication is required for read access.
Endpoints
List all available laws with metadata (name, abbreviation, article count).
List all articles of a specific law. Use the slug: dsgvo, bdsg, tdddg, ddg, ki-vo, or bfsg.
Get the full text of a specific article, including title, content, and cross-references.
Examples with curl
curl https://dsgvo.pro/api/laws
curl https://dsgvo.pro/api/laws/dsgvo
curl https://dsgvo.pro/api/laws/dsgvo/13
Response Examples
[
{
"slug": "dsgvo",
"name": "Datenschutz-Grundverordnung",
"abbreviation": "DSGVO",
"articleCount": 99
},
{
"slug": "bdsg",
"name": "Bundesdatenschutzgesetz",
"abbreviation": "BDSG",
"articleCount": 86
}
]{
"law": "dsgvo",
"name": "Datenschutz-Grundverordnung",
"articles": [
{ "number": "1", "title": "Gegenstand und Ziele" },
{ "number": "2", "title": "Sachlicher Anwendungsbereich" },
{ "number": "3", "title": "Raeumlicher Anwendungsbereich" }
]
}{
"law": "dsgvo",
"number": "13",
"title": "Informationspflicht bei Erhebung von personenbezogenen Daten bei der betroffenen Person",
"content": "Werden personenbezogene Daten bei der betroffenen Person erhoben, so teilt der Verantwortliche ...",
"url": "https://dsgvo.pro/gesetze/dsgvo/13"
}3. Website Scanner API
Scan any website for compliance with German digital law using 19 automated modules. The scanner uses a headless browser (Playwright) to analyze both static HTML and dynamic JavaScript-rendered content. Each scan produces a compliance score (0-100), per-module results, individual violations with legal references, and financial risk estimates (fines + Abmahnung costs).
Start a new compliance scan. Send a JSON body with the target URL. Returns scan ID for polling.
Retrieve scan results. Poll until status is 'completed'. Returns score, risk level, modules, and violations.
Start a Scan
curl -X POST https://dsgvo.pro/api/scan \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com"}'{
"id": "550e8400-e29b-41d4-a716-446655440000",
"status": "crawling",
"url": "https://example.com",
"createdAt": "2025-01-15T10:30:00Z"
}Get Scan Results
curl https://dsgvo.pro/api/scan/550e8400-e29b-41d4-a716-446655440000
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"status": "completed",
"url": "https://example.com",
"score": 72,
"risk_level": "good",
"risk_amount_min": 1500,
"risk_amount_max": 12000,
"modules": [
{
"module": "cookie_consent",
"score": 6,
"max_score": 10,
"violations_count": 2
},
{
"module": "impressum",
"score": 8,
"max_score": 10,
"violations_count": 1
}
],
"violations": [
{
"module": "cookie_consent",
"check_id": "C03",
"title": "Tracking vor Einwilligung",
"severity": "critical",
"law": "TDDDG",
"law_paragraph": "§ 25 Abs. 1",
"fine_realistic_min": 500,
"fine_realistic_max": 5000,
"fix_summary": "Tracking-Scripts erst nach Cookie-Consent laden"
}
],
"completedAt": "2025-01-15T10:31:15Z"
}Scan Statuses
| Status | Description |
|---|---|
| pending | Scan queued, not started yet |
| crawling | Browser is loading and analyzing the website |
| scanning | Running 19 compliance modules |
| completed | All modules finished, results available |
| failed | Scan failed (unreachable URL, timeout, etc.) |
4. 19 Scanner Modules
Each scan runs all 19 modules automatically. Every module checks specific legal requirements and returns a score, violations with legal references, and financial risk estimates.
| Module ID | Name | Legal Basis |
|---|---|---|
| cookie_consent | Cookie & Einwilligung | TDDDG § 25, DSGVO Art. 6-7 |
| impressum | Impressum | DDG § 5, TMG § 5 |
| privacy_policy | Datenschutzerklärung | DSGVO Art. 13-14 |
| external_resources | Externe Ressourcen | DSGVO Art. 44-49 |
| ssl_security | SSL & Sicherheit | DSGVO Art. 32 |
| accessibility | Barrierefreiheit | BFSG, BITV 2.0 |
| ecommerce | E-Commerce | BGB §§ 312-312k |
| email_marketing | E-Mail-Marketing | UWG § 7, DSGVO Art. 6 |
| tracking_analytics | Tracking & Analytics | TDDDG § 25, DSGVO Art. 6 |
| copyright_images | Urheberrecht & Bilder | UrhG §§ 15-23 |
| social_media | Soziale Medien | TDDDG § 25, DSGVO Art. 26 |
| dispute_resolution | Streitbeilegung (ODR) | ODR-VO, VSBG |
| price_labeling | Preisangaben | PAngV |
| cancellation_button | Kündigungsbutton | BGB § 312k |
| order_button | Buttonlösung | BGB § 312j Abs. 3 |
| packaging_law | Verpackungsgesetz | VerpackG §§ 9, 33 |
| electronics_batteries | Elektro & Batterien | ElektroG, BattG |
| dark_patterns | Dark Patterns | UWG §§ 3, 4a, 5 |
| age_verification | Jugendschutz | JuSchG, JMStV |
Each violation includes: legal reference (law + paragraph), severity level (critical/high/medium/low), maximum statutory fine, realistic fine range, Abmahnung cost range, evidence found on the page, and step-by-step fix instructions.
5. Available Laws
The following German and EU laws are available through both the REST API and the MCP server.
| Slug | Full Name | Articles | Example Query |
|---|---|---|---|
| dsgvo | Datenschutz-Grundverordnung (GDPR) | 99 | /api/laws/dsgvo/13 |
| bdsg | Bundesdatenschutzgesetz | 86 | /api/laws/bdsg/26 |
| tdddg | Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz | 30 | /api/laws/tdddg/25 |
| ddg | Digitale-Dienste-Gesetz | 34 | /api/laws/ddg/5 |
| ki-vo | KI-Verordnung (EU AI Act) | 113 | /api/laws/ki-vo/6 |
| bfsg | Barrierefreiheitsstärkungsgesetz | 38 | /api/laws/bfsg/1 |
Need help?
If you have questions about the API or encounter issues, reach out at info@dsgvo.pro. For the full law texts with commentary, visit the law database.