Add immutable audit logging to your Node.js application with the AuditKit SDK. Capture user actions, API calls, and system events with SHA-256 hash chains and Merkle tree proofs.
Node.js powers the majority of modern B2B SaaS backends. Adding audit logging to a Node.js application is straightforward with the AuditKit SDK, which provides a typed client for capturing events, querying logs, and verifying integrity. The SDK supports both CommonJS and ES modules, works with any Node.js framework, and integrates with popular ORMs like Prisma and Drizzle for automatic database change logging.
Add the AuditKit Node.js SDK to your project.
npm install @auditkit/nodeCreate an AuditKit client instance with your API key and tenant configuration.
import { AuditKit } from '@auditkit/node';
const auditkit = new AuditKit({
apiKey: process.env.AUDITKIT_API_KEY,
tenantId: 'org_123',
});Capture an audit event with actor, action, target, and metadata.
await auditkit.log({
action: 'user.login',
actor: {
id: 'user_456',
email: 'jane@acme.com',
name: 'Jane Smith',
},
target: {
type: 'session',
id: 'sess_789',
},
context: {
ipAddress: req.ip,
userAgent: req.headers['user-agent'],
},
});Retrieve audit logs with filtering and verify their integrity using Merkle proofs.
// Query recent events
const events = await auditkit.query({
actions: ['user.login', 'user.logout'],
actorId: 'user_456',
since: '2024-01-01T00:00:00Z',
limit: 100,
});
// Verify integrity of a specific event
const proof = await auditkit.verify(events[0].id);
console.log(proof.valid); // true
console.log(proof.merkleRoot); // SHA-256 root hashHere is a complete example showing AuditKit integrated into a Node.js application with authentication logging, data access tracking, and explicit event capture.
import { AuditKit } from '@auditkit/node';
import express from 'express';
const app = express();
const auditkit = new AuditKit({
apiKey: process.env.AUDITKIT_API_KEY,
tenantId: 'org_123',
});
// Middleware to log all API requests
app.use(async (req, res, next) => {
const start = Date.now();
res.on('finish', async () => {
await auditkit.log({
action: `api.${req.method.toLowerCase()}`,
actor: {
id: req.user?.id ?? 'anonymous',
email: req.user?.email,
},
target: {
type: 'api_endpoint',
id: req.path,
},
context: {
ipAddress: req.ip,
userAgent: req.headers['user-agent'],
statusCode: res.statusCode,
durationMs: Date.now() - start,
},
});
});
next();
});
// Log sensitive operations explicitly
app.post('/api/users/:id/role', async (req, res) => {
const { role } = req.body;
const user = await db.users.update(req.params.id, { role });
await auditkit.log({
action: 'user.role_changed',
actor: { id: req.user.id, email: req.user.email },
target: { type: 'user', id: req.params.id },
metadata: {
previousRole: user.previousRole,
newRole: role,
},
});
res.json(user);
});Express/Koa middleware for automatic request logging
Prisma middleware for database change capture
Authentication event logging (login, logout, MFA, password reset)
Role and permission change tracking
Data export and deletion request logging for GDPR
Webhook delivery and retry logging
Install the @auditkit/node SDK, initialize it with your API key, and call auditkit.log() at key points in your application. The SDK supports structured events with actor, action, target, and context fields. Events are cryptographically chained using SHA-256 hashes for tamper-proof integrity.
Yes. The @auditkit/node SDK is written in TypeScript and ships with full type definitions. All event types, query parameters, and verification results are fully typed.
Yes. AuditKit provides middleware integrations for Prisma and Drizzle that automatically log database mutations (create, update, delete) as audit events with before/after state captured in the metadata.
Get started with tamper-proof audit trails in minutes. Open source, from $99/mo.