Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.getimmutable.dev/llms.txt

Use this file to discover all available pages before exploring further.

What is Immutable?

Immutable is an API for SaaS companies to record, query, and display user actions with built-in tamper evidence. Every event is cryptographically chained, blockchain-anchored, and stored in an append-only database. You don’t have to trust us — verify it yourself.

Who is Immutable for?

B2B SaaS (Compliance)

Meet SOC 2, HIPAA, and regulatory audit trail requirements. Immutable provides append-only storage, hash chain verification, configurable retention (up to unlimited), and exportable CSV reports for auditors.

B2C & Internal Tools (Debugging)

Reconstruct exact user sessions with session tracking and geolocation enrichment. Set up alert rules for anomalous behavior. Stream events to your SIEM for real-time monitoring.

Platform Features

Tamper-Evident Chain

Every event is SHA-256 hashed and chained to the previous event. Detect any modification or deletion instantly.

Blockchain Anchoring

Daily Merkle roots published to Base blockchain. Verify on-chain — no trust in us required.

Async Ingestion

Events return 202 Accepted with a pre-generated UUID. Processing happens asynchronously via background queues.

Batch API

Send up to 100 events in a single request with automatic microsecond ordering for hash chain consistency.

Alert Rules

Five built-in rule types: new country, high volume destructive, ingestion spike, repeated action, and off-hours activity.

Log Streams

Fan out events to HTTPS webhooks and S3-compatible storage in real time with HMAC signature verification.

CSV Exports

Generate filtered exports processed in the background with signed download URLs that expire after 7 days.

Session Tracking

Group events by session to reconstruct exactly what a user did and in what order.

Geo Enrichment

Automatic IP-based country and city enrichment on every event. Powers new-country alert detection.

Embeddable Viewer

Generate scoped JWT tokens to embed a read-only audit log viewer directly in your application.

SDKs

JavaScript / TypeScript

Zero-dependency SDK using native fetch. Fluent builder pattern. Node 18+.

Laravel / PHP

First-party Laravel package with Facade, auto-session tracking, and Eloquent observer support.

Python

Lightweight SDK using httpx. Fluent builder, typed responses. Python 3.10+.

Get Started

Quickstart

Send your first event in under 5 minutes.

API Reference

Explore every endpoint with request/response examples.

Authentication

API key management, IP allowlisting, and security.