Add tamper-proof audit logging to your FastAPI application with the AuditKit Python SDK. Middleware-based integration with async support and Pydantic model compatibility.
FastAPI is the fastest-growing Python web framework, favored for its async support, automatic API documentation, and Pydantic integration. The AuditKit Python SDK provides a FastAPI middleware for automatic request logging and a client for explicit event capture. The SDK is fully async-compatible, uses Pydantic models for type safety, and integrates with SQLAlchemy for automatic ORM change tracking.
Add the AuditKit Python SDK.
pip install auditkitConfigure AuditKit and add the FastAPI middleware.
from fastapi import FastAPI
from auditkit import AuditKit
from auditkit.fastapi import AuditKitMiddleware
app = FastAPI()
auditkit = AuditKit(
api_key=os.environ["AUDITKIT_API_KEY"],
tenant_id="org_123",
)
app.add_middleware(AuditKitMiddleware, client=auditkit)Capture specific audit events in your route handlers.
from auditkit import AuditEvent
@app.post("/api/users/{user_id}/role")
async def change_role(user_id: str, role: RoleUpdate, request: Request):
previous_role = await db.get_user_role(user_id)
await db.update_role(user_id, role.new_role)
await auditkit.log(AuditEvent(
action="user.role_changed",
actor={"id": request.state.user.id, "email": request.state.user.email},
target={"type": "user", "id": user_id},
metadata={"previous_role": previous_role, "new_role": role.new_role},
))
return {"status": "updated"}Here is a complete example showing AuditKit integrated into a FastAPI application with authentication logging, data access tracking, and explicit event capture.
import os
from fastapi import FastAPI, Request, Depends
from auditkit import AuditKit, AuditEvent
from auditkit.fastapi import AuditKitMiddleware
app = FastAPI()
auditkit = AuditKit(
api_key=os.environ["AUDITKIT_API_KEY"],
tenant_id="org_123",
)
app.add_middleware(AuditKitMiddleware, client=auditkit)
@app.post("/api/documents")
async def create_document(doc: DocumentCreate, request: Request):
document = await db.documents.create(doc.dict())
await auditkit.log(AuditEvent(
action="document.created",
actor={
"id": request.state.user.id,
"email": request.state.user.email,
},
target={"type": "document", "id": document.id},
metadata={
"title": document.title,
"classification": document.classification,
},
))
return document
@app.delete("/api/documents/{doc_id}")
async def delete_document(doc_id: str, request: Request):
document = await db.documents.get(doc_id)
await db.documents.delete(doc_id)
await auditkit.log(AuditEvent(
action="document.deleted",
actor={"id": request.state.user.id},
target={"type": "document", "id": doc_id},
metadata={"title": document.title},
))
return {"status": "deleted"}
# Verify audit log integrity
@app.get("/api/audit/verify/{event_id}")
async def verify_event(event_id: str):
proof = await auditkit.verify(event_id)
return {
"valid": proof.valid,
"merkle_root": proof.merkle_root,
"hash_chain_position": proof.chain_position,
}FastAPI middleware for automatic HTTP request/response logging
Dependency injection for per-request audit context
SQLAlchemy event hooks for ORM change tracking
Background task integration for non-blocking audit logging
Pydantic model integration for typed audit events
ASGI lifespan hooks for startup/shutdown logging
Install the auditkit package, create an AuditKit client, and add AuditKitMiddleware to your FastAPI app for automatic request logging. Use auditkit.log() with AuditEvent objects for explicit event capture in route handlers.
Yes. The AuditKit Python SDK is fully async-native, designed for FastAPI and other async frameworks. All logging and query operations use async/await and work with asyncio event loops.
Get started with tamper-proof audit trails in minutes. Open source, from $99/mo.