Skip to main content

What is Immutable?

Immutable is an API for B2B SaaS companies to record, query, and display user actions with built-in tamper evidence. Every event is cryptographically chained so you can prove your audit trail has never been altered.

Tamper-Evident

Every event is SHA-256 hashed and chained to the previous event. Detect any modification or deletion instantly.

Real-Time API

Ingest events asynchronously and query them in real time with cursor-based pagination.

Multi-Tenant

Isolate audit logs per workspace with tenant-scoped API keys, hash chains, and retention policies.

Developer-First

First-class TypeScript and Laravel SDKs, comprehensive REST API, and embeddable viewer tokens.

Key Features

  • Append-only events — Events cannot be updated or deleted through the API.
  • Hash chain verification — SHA-256 chain per workspace with a single-endpoint integrity check.
  • Cursor pagination — Efficient, URL-safe base64 cursors with microsecond precision.
  • Background processing — Event ingestion returns 202 Accepted with a pre-generated UUID.
  • Batch ingestion — Send up to 100 events in a single request.
  • CSV exports — Generate filtered exports with signed download URLs.
  • Log streaming — Fan out events to HTTPS webhooks and S3 destinations in real time.
  • Schema enforcement — Define allowed action patterns with strict or permissive modes.
  • Alert rules — Get notified via email or webhook when specific conditions are met.
  • Embeddable viewer — Generate short-lived JWT tokens to embed an audit log viewer in your app.

Quickstart

Send your first event in under 5 minutes.

API Reference

Explore every endpoint with examples.

JavaScript SDK

Install the zero-dependency TypeScript SDK.