Instruments. LIMS. ELN. Identity providers. Pharmacopoeia feeds. MolTrace connects to all of them with typed mappings, signed webhooks, and a single audit ledger that resolves cross-system in one click.
Why this exists
The dominant analytical software stacks — proprietary processing apps, vendor LIMS, hardware-tied data formats — raise switching costs and silo the data. An R&D group running Bruker NMR and Agilent LC-MS operates two essentially disjoint analytical universes, each with its own audit conventions.
Closing this gap by hand means analysts maintain a parallel spreadsheet of which Bruker acquisition matches which LIMS sample matches which ELN experiment. Every reconciliation step is a place a regulator can find a discrepancy.
MolTrace Integrations replaces that reconciliation with typed mappings, signed events, and a single connector ledger. The two universes become one, queryable surface — without forcing you to abandon the vendor stack you already paid for.
Connector lifecycle
Every stage emits a typed record. Every record is queryable. The same connector_event ledger covers instrument ingest, LIMS sync, ELN handoff, and regulatory feed updates — one schema, one inspection-ready surface.
Auto-detect instrument watch-folders, LIMS endpoints, ELN APIs, and SSO discovery URLs. Catalog the system's data model — what objects it has, what we can read, what we can write.
Emits
connector_registry · external_system · model_card
OAuth 2.0, SAML 2.0, OIDC, mTLS, API keys, or signed JWTs — whichever the source supports. Credentials live in a vault reference (never in plaintext); rotations propagate via the credential-reference table.
Emits
connector_credential_reference · scopes · rotation
Typed mapping templates define how the source system's fields become MolTrace projects, samples, sessions, dossiers, experiments, files, or action items. Versioned + signed by an admin reviewer.
Emits
mapping_template · field_map · transformations
Vendor formats become canonical: Bruker FID through nmrglue, Agilent through proprietary parsers, mzML / mzXML kept as-is, JCAMP-DX normalized in-flight. Every conversion recipe-hash-linked.
Emits
normalization_run · canonical_form · recipe_hash
Schema + integrity checks before commit. SHA-256 of every binary, structural validation against the typed contract, regulatory-flag review for inbound submissions.
Emits
integrity_check · schema_verdict · audit_event
Real-time via signed webhooks (subscription-based) or batch via outbound sync jobs (back-pressure aware). Outbound pushes carry the audit-event ID so downstream systems can cite back.
Emits
webhook_subscription · outbound_sync_job · checkpoint
Every byte that crossed the connector boundary is logged with attribution. Inspectors query connector_events the same way they query audit_events — one ledger, end-to-end provenance.
Emits
connector_event · external_object_link · provenance_uri
Connectors shipped
If a vendor isn't on the list, ask. Generic OAuth / SAML / OIDC + a typed mapping template covers most LIMS and ELN systems with a one-day integration. New instrument vendors integrate via nmrglue or vendor-supplied exporters.
NMR · LC-MS · HRMS · MS/MS
Sample + experiment lineage
Zero-trust authentication
Versioned standards + change feeds
Use cases shipped
Each pattern maps to typed entities in the backend interoperability_store. Inputs + outputs are real Pydantic shapes — not roadmap items.
Drop a Bruker / Agilent / Thermo acquisition into the watched folder; SpectraCheck picks it up, hashes it into the vault, runs the pipeline, files the result.
Inputs
Folder path · vendor · acquisition policy
Outputs
Vault record · SpectraCheck session · audit_event
Experiment metadata from the ELN auto-binds to incoming spectra. Reverse: result + interpretation push back into the ELN as a structured attachment.
Inputs
ELN experiment ID · field mapping template
Outputs
Bound MolTrace session · ELN attachment + link
Sample registry, batch IDs, project lineage stay synchronized. Inbound: sample → MolTrace context. Outbound: result + audit event → LIMS attachment.
Inputs
LIMS endpoint · sample object map · webhook hooks
Outputs
Synced project · result push · provenance link
Okta / Azure AD / Google SAML — same identity, same group membership, same audit attribution. SCIM provisioning keeps role grants in sync.
Inputs
IdP metadata · group → role map
Outputs
Provisioned users · scoped tenant access
Bundle dossier sections + audit ledger + raw-data hashes into an eCTD-conformant package. Hand off to the regulatory-affairs team or submission-management system.
Inputs
Dossier ID · package profile (FDA / EMA / PMDA)
Outputs
Submission package · checksum manifest · audit trail
Signed webhook subscriptions push events as they happen: new acquisition processed, dossier section signed, reaction round complete. HMAC-verified per delivery.
Inputs
Webhook URL · event topics · signing secret
Outputs
Signed payload · retry queue · delivery audit
Topology at a glance
Inbound edges carry vendor data into the canonical model. Outbound edges push results, dossier sections, and webhook events back to the systems that need them. One ledger covers both directions.
Integration topology · simplified
┌──────────────────────┐ ┌──────────────────────┐
│ Instruments │ ──── ingest (watch-folder) ──►│ │
│ Bruker · Agilent │ │ │
│ Thermo · Waters │ │ │
└──────────────────────┘ │ │
│ │
┌──────────────────────┐ │ │ ──── webhook ───► Customer apps
│ LIMS · ELN │ ◄──── bidirectional sync ────►│ MolTrace │
│ LabWare · Benchling │ │ ──────────────── │ ──── eCTD ───────► Regulatory submission
│ Mnova · IDBS │ │ · connector ledger │
└──────────────────────┘ │ · audit ledger │ ──── push ───────► Downstream LIMS
│ · raw vault │
┌──────────────────────┐ │ · interoperability │
│ Identity · SSO │ ──── SAML / OIDC / SCIM ─────►│ store │
│ Okta · Azure AD │ │ │
│ Google · Ping │ │ │
└──────────────────────┘ │ │
│ │
┌──────────────────────┐ │ │
│ Regulatory feeds │ ──── versioned diffs ────────►│ │
│ USP-NF · EP · JP │ │ │
│ ICH · FDA · EMA │ │ │
└──────────────────────┘ └──────────────────────┘The honest comparison
Most R&D groups have all the tools. They just don't share a vocabulary. Here's what flips when MolTrace becomes the connective tissue.
| Dimension | Siloed toolchain | Unified via MolTrace |
|---|---|---|
| Where instrument data lives | today On the vendor PC next to the spectrometer · vendor file-format · only the operator can find it | unified SHA-256-hashed in the central immutable vault · vendor-vendor canonical access · auditable per tenant |
| ELN ↔ result handoff | today Manual copy of the spectrum image into the experiment + a PDF of the interpretation | unified Structured spectrum reference + interpretation + audit ID attached to the ELN experiment automatically |
| Sample / batch IDs | today Different IDs in LIMS, ELN, lab notebook, and analyst's spreadsheet · reconciliation by hand | unified Single canonical lineage · external_object_link table maps every system's ID to the same MolTrace context |
| Identity + access | today Local accounts per tool · shared logins · audit attribution to 'admin' | unified SSO via Okta / Azure AD / Google · SCIM-synced groups · every audit event carries a real human identity |
| Regulatory data freshness | today Whoever last subscribed to USP-NF emails the office when monographs change | unified Versioned diff feed · affected dossiers + samples auto-routed when standards change |
| Inspection-readiness across systems | today Two-week reconciliation project per inspection · multiple tools, multiple owners, multiple ledgers | unified Single connector_event ledger · provenance links resolve cross-system in one click |
What integrations make possible
Integrations is what connects the dots. Spectroscopy, Regulatory Hub, and ReactionIQ deliver value individually — together, through connectors, they're a closed evidence loop that survives inspection and outlasts personnel.
Bruker TopSpin drops an acquisition into the watched folder. nmrglue normalizes the FID; SHA-256 lands in the immutable vault; SpectraCheck session starts.
Benchling experiment ID matches the acquisition's sample registry tag. Experiment metadata auto-binds. Result: spectrum + protocol + sample are one row.
USP-NF monograph for this drug substance is v2024.2 (pinned to today). Q3C residual-solvent thresholds applied automatically.
Signed webhook fires to the LIMS with sample ID, verdict, audit-event link. eCTD submission package re-bundled on next dossier export.
Security & data integrity
Every connector is zero-trust by default. Credentials are vault-referenced, webhooks are HMAC-signed, mapping templates are versioned, and silent failures are impossible.
Credentials never plaintext
Every secret lives in a vault reference. connector_credential_reference rows carry the rotation date, the scope, the next-rotation deadline — never the secret itself.
Signed webhooks · HMAC verified
Outbound webhooks are HMAC-SHA-256 signed with per-subscription secrets. Receivers reject unsigned payloads. Replay attacks blocked by timestamp + nonce.
mTLS + IP allowlists where it matters
Instrument vendors that support it get mutual-TLS. LIMS / ELN endpoints get IP allowlists. PrivateLink / VPC peering available for AWS / Azure / GCP tenants.
Schema versioning on every mapping
MappingTemplate rows are versioned. Activating a new version requires an admin signoff + audit-event entry. Old versions stay queryable for inspection.
Failure modes are observable, not invisible
Connector health checks run continuously. Errors surface in the live roster with the exact next action. Silent failure is impossible — we don't ship that.
Tenant isolation extends to integrations
Every connector_event is tenant-scoped. Cross-tenant data exchange requires explicit per-event provisioning. SOC 2 Type II controls apply end-to-end.
Bruker + LabWare + Benchling + Okta? Done. Something more exotic? Generic OAuth + a typed mapping template usually gets us to a one-day integration. Send us your inventory and we'll come back with the plan.