Add audit logging to your Express.js application with the AuditKit Node.js SDK. Simple middleware integration for automatic request logging and explicit event capture.
Express.js is the most widely used Node.js web framework with over 30 million weekly npm downloads. The AuditKit Node.js SDK provides Express middleware for automatic request logging and a straightforward API for capturing explicit audit events. The middleware captures request details, response status, timing, and user context with zero configuration. Works with Express 4.x and 5.x.
Add the AuditKit Node.js SDK.
npm install @auditkit/nodeRegister the AuditKit Express middleware.
import { AuditKit } from '@auditkit/node';
import { auditMiddleware } from '@auditkit/node/express';
const auditkit = new AuditKit({
apiKey: process.env.AUDITKIT_API_KEY,
tenantResolver: (req) => req.user?.organizationId,
});
app.use(auditMiddleware(auditkit));Capture specific audit events in route handlers.
app.post('/api/settings', async (req, res) => {
const previous = await db.settings.get(req.user.orgId);
await db.settings.update(req.user.orgId, req.body);
await auditkit.log({
action: 'settings.updated',
actor: { id: req.user.id, email: req.user.email },
target: { type: 'settings', id: req.user.orgId },
metadata: {
changed_fields: Object.keys(req.body),
},
});
res.json({ status: 'updated' });
});Here is a complete example showing AuditKit integrated into a Express.js application with authentication logging, data access tracking, and explicit event capture.
import express from 'express';
import { AuditKit } from '@auditkit/node';
import { auditMiddleware } from '@auditkit/node/express';
const app = express();
const auditkit = new AuditKit({
apiKey: process.env.AUDITKIT_API_KEY,
tenantResolver: (req) => req.user?.organizationId,
});
// Automatic request logging
app.use(auditMiddleware(auditkit));
// Authentication events
app.post('/auth/login', async (req, res) => {
try {
const user = await authenticate(req.body.email, req.body.password);
await auditkit.log({
action: 'user.login',
actor: { id: user.id, email: user.email },
target: { type: 'session', id: user.sessionId },
context: { ipAddress: req.ip },
});
res.json({ token: user.token });
} catch (err) {
await auditkit.log({
action: 'user.login_failed',
actor: { id: 'unknown', email: req.body.email },
target: { type: 'session', id: 'none' },
context: { ipAddress: req.ip, reason: err.message },
});
res.status(401).json({ error: 'Invalid credentials' });
}
});
// Data access logging
app.get('/api/customers/:id', async (req, res) => {
const customer = await db.customers.findById(req.params.id);
await auditkit.log({
action: 'customer.viewed',
actor: { id: req.user.id },
target: { type: 'customer', id: req.params.id },
});
res.json(customer);
});
app.listen(3000);Express middleware for automatic request/response logging
Passport.js integration for authentication event capture
Error handler middleware for failure logging
Router-level middleware for endpoint-specific logging
Mongoose/Sequelize hooks for ORM change tracking
Rate limiting event logging
Install @auditkit/node, create an AuditKit client, and register auditMiddleware() for automatic request logging. Call auditkit.log() in route handlers for explicit event capture. The middleware automatically captures request method, path, status, timing, and user context.
The middleware is designed for minimal overhead. Events are batched and sent asynchronously, so request handling is not blocked. The middleware adds less than 1ms of overhead per request.
Get started with tamper-proof audit trails in minutes. Open source, from $99/mo.