DEV Community

WisBro for AuditLedge

Posted on

How to add an audit log to your SaaS in 5 minutes

You're building a SaaS product. You know you need audit logs—for compliance, debugging, customer trust. But the thought of building them yourself is exhausting. Database schema design, event serialization, storage queries, retention policies... it's a rabbit hole.

What if you could add audit logging to your app in less time than it takes to grab coffee?

The problem we're solving

Last week, I helped a developer integrate audit logging into a Python app running inside Docker. They had a few options:

  • Build it yourself — 2-3 weeks of development, testing, and maintenance
  • Use a half-baked solution — ends up unreliable when you need it
  • Use a hosted API — audit logs in minutes

They went with option 3. Here's how.

Before: What they were stuck with

# This is what logging looked like before
print(f"User {user_id} ran stats")

# That's it. Not structured. No query API. No compliance trail.
Enter fullscreen mode Exit fullscreen mode

After: AuditLedge in your app

Step 1: Install the SDK (30 seconds)

Depending on your tech stack, install once and you're done:

Node.js:

npm install auditledge
Enter fullscreen mode Exit fullscreen mode

Python:

pip install auditledge
Enter fullscreen mode Exit fullscreen mode

Or use REST API directly (any language):

curl -X POST https://api.auditledge.com/v1/events \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"user_id": "user@example.com", "action": "view_report", "metadata": {...}}'
Enter fullscreen mode Exit fullscreen mode

Step 2: Initialize the client (1 minute)

Node.js:

import AuditLedge from 'auditledge';

const audit = new AuditLedge({
  apiKey: process.env.AUDITLEDGE_API_KEY
});
Enter fullscreen mode Exit fullscreen mode

Python:

from auditledge import AuditLedge

audit = AuditLedge(api_key=os.getenv('AUDITLEDGE_API_KEY'))
Enter fullscreen mode Exit fullscreen mode

Python in Docker (real example):

# In your Docker container, install auditledge in requirements.txt
# requirements.txt:
# auditledge==0.1.1
# flask==2.0.0
# ...

from auditledge import AuditLedge
import os

audit = AuditLedge(api_key=os.getenv('AUDITLEDGE_API_KEY'))

@app.route('/api/run-stats', methods=['POST'])
def run_stats():
    user_id = request.json.get('user_id')

    # Your business logic here
    stats = calculate_stats()

    # Log it (2 lines)
    audit.log(
        user_id=user_id,
        action='run_stats',
        metadata={'stats': stats, 'timestamp': datetime.now().isoformat()}
    )

    return {'success': True, 'stats': stats}
Enter fullscreen mode Exit fullscreen mode

Step 3: Log events everywhere (3 minutes)

Replace your print statements and basic logging with structured audit events:

# Before
print(f"User {user_id} exported data")

# After (1 line)
audit.log(user_id=user_id, action='export_data', metadata={'format': 'csv'})
Enter fullscreen mode Exit fullscreen mode

Add it to critical user actions:

  • User login / logout
  • Data exports
  • Permission changes
  • Billing events
  • API key generation
  • Admin actions

Why this matters

For compliance

GDPR auditors ask: "Show me every access to user data for the past 12 months." With audit logs, you have the answer. Without them? You're exposed.

For debugging

A customer says "I never got that email." You check your logs... nothing. With audit logs:

audit.query(user_id='john@example.com', action='email_sent', days=30)
Enter fullscreen mode Exit fullscreen mode

You instantly see what happened.

For security

A contractor's API key was compromised. How many records did they access?

audit.query(api_key='key_xyz...', days=7)
Enter fullscreen mode Exit fullscreen mode

You have the full trail in seconds.

The 5-minute setup in action

Let's say you're using the Python SDK in a Flask app running on Docker:

# 1. Add to requirements.txt (5 seconds)
# auditledge==0.1.1

# 2. Initialize in your app (30 seconds)
from auditledge import AuditLedge
audit = AuditLedge(api_key=os.getenv('AUDITLEDGE_API_KEY'))

# 3. Log your first event (1 minute)
@app.route('/api/action', methods=['POST'])
def my_action():
    user_id = request.json.get('user_id')

    # Do your thing
    result = do_something(user_id)

    # Log it
    audit.log(
        user_id=user_id,
        action='my_action',
        metadata={'result': result}
    )

    return {'status': 'success', 'result': result}

# 4. Query logs whenever you need (2 minutes setup)
# In a separate script or admin panel:
events = audit.query(user_id='john@example.com', days=30)
for event in events:
    print(f"{event['timestamp']}: {event['action']}")
Enter fullscreen mode Exit fullscreen mode

Set your AUDITLEDGE_API_KEY in your Docker environment variables:

# docker-compose.yml
services:
  app:
    build: .
    environment:
      AUDITLEDGE_API_KEY: ${AUDITLEDGE_API_KEY}
Enter fullscreen mode Exit fullscreen mode

Done. Your audit logs are now live.

Pricing that makes sense

  • Free: 10K events/month, 14-day retention (forever, no credit card)
  • Starter: $19/month — 500K events/month, 1-year retention, API key management
  • Growth: $49/month — 5M events/month, 2-year retention, compliance-ready (SOC 2 / HIPAA)

Most early-stage SaaS use 50K-500K events/month, so you're in the Starter plan ($19/month). Enterprise? Growth plan gets you compliance certifications included.

For comparison, building this yourself costs:

  • 2-3 weeks of senior engineer time (conservatively $10-15K)
  • Ongoing maintenance (5+ hours/month)
  • Compliance risk (if something breaks)

$19/month suddenly looks very smart.

Next steps

  1. Sign up at auditledge.com (free tier, no credit card)
  2. Get your API key from the dashboard
  3. Install the SDK for your language (npm/pip/REST)
  4. Add 3-5 audit logs to your most critical user actions
  5. Test it out — make sure events show up in the dashboard
  6. Sleep better knowing you have a compliance trail

The whole process takes 5 minutes. The peace of mind lasts forever.

Questions?

  • Can I delete audit logs? Only in development/test — production logs are immutable
  • What if I need custom fields? Pass anything in metadata — it's flexible
  • Does it work with [my framework]? If it has HTTP support, yes

Start your free trial now: auditledge.com


Audit logs aren't a nice-to-have anymore. They're table stakes. Make them boring—let AuditLedge handle it.

Top comments (0)