Getting Started
Logproof is a tamper-proof audit log SaaS designed for B2B compliance. Store, verify, and export immutable audit events with cryptographic hash chains.
What is Logproof?
Logproof provides a complete audit logging solution for SaaS applications that need to meet compliance requirements like SOC 2, HIPAA, GDPR, and more. Every event is cryptographically linked in a hash chain, making it mathematically impossible to tamper with historical records without detection.
Key features include:
- Immutable audit logs - Every event is cryptographically hashed and chained to previous events
- Hash chain verification - Verify the integrity of your audit trail at any time
- Real-time webhooks - Get notified when critical events occur
- Flexible exports - Export audit logs in CSV, JSON, or PDF for auditors
- Embeddable widget - Show users their own audit trail with a pre-built UI component
Quick Start
Getting started with Logproof is simple - there's nothing to install. Just make HTTP requests to our API to start logging audit events.
All API requests are made to: https://logproof.de/v1
Your First Event
Let's create your first audit event. This minimal example logs a user login event:
curl -X POST https://logproof.de/v1/events \
-H "Authorization: Bearer lp_sk_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"action": "user.login",
"actor": {
"id": "usr_123",
"name": "John Doe",
"email": "john@example.com"
}
}'
$ch = curl_init('https://logproof.de/v1/events');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Authorization: Bearer lp_sk_your_api_key',
'Content-Type: application/json'
]);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([
'action' => 'user.login',
'actor' => [
'id' => 'usr_123',
'name' => 'John Doe',
'email' => 'john@example.com'
]
]));
$response = curl_exec($ch);
$event = json_decode($response);
curl_close($ch);
const response = await fetch('https://logproof.de/v1/events', {
method: 'POST',
headers: {
'Authorization': 'Bearer lp_sk_your_api_key',
'Content-Type': 'application/json'
},
body: JSON.stringify({
action: 'user.login',
actor: {
id: 'usr_123',
name: 'John Doe',
email: 'john@example.com'
}
})
});
const event = await response.json();
import requests
response = requests.post(
'https://logproof.de/v1/events',
headers={
'Authorization': 'Bearer lp_sk_your_api_key',
'Content-Type': 'application/json'
},
json={
'action': 'user.login',
'actor': {
'id': 'usr_123',
'name': 'John Doe',
'email': 'john@example.com'
}
}
)
event = response.json()
Response
Logproof will return the created event with cryptographic metadata:
{
"id": "evt_7KjPm2xQzB9",
"action": "user.login",
"actor": {
"id": "usr_123",
"name": "John Doe",
"email": "john@example.com"
},
"occurred_at": "2026-02-10T14:32:18.123Z",
"hash": "a3f5e9c8b2d4f6e8a1c3b5d7e9f1a3b5c7d9e1f3a5b7c9d1e3f5a7b9c1d3e5f7",
"previous_hash": "b4e6d8c9a3e5f7a9b1c3d5e7f9a1b3c5d7e9f1a3b5c7d9e1f3a5b7c9d1e3e5f7",
"chain_index": 1247,
"created_at": "2026-02-10T14:32:18.156Z"
}
Response Fields
| Field | Description |
|---|---|
id |
Unique identifier for the event |
hash |
SHA-256 hash of this event's data combined with the previous hash |
previous_hash |
Hash of the previous event in the chain, creating the tamper-proof link |
chain_index |
Position of this event in your organization's hash chain |
occurred_at |
When the event occurred (defaults to creation time if not specified) |
created_at |
When Logproof received and processed the event |
The hash and previous_hash fields create a cryptographic chain. If anyone (including Logproof itself) tries to modify a historical event, all subsequent hashes would become invalid, immediately revealing the tampering.
Common Event Patterns
Here are some typical audit events you might want to log:
User Actions
curl -X POST https://logproof.de/v1/events \
-H "Authorization: Bearer lp_sk_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"action": "document.downloaded",
"actor": {
"id": "usr_456",
"name": "Jane Smith"
},
"target": {
"id": "doc_789",
"type": "document",
"name": "Q4_Financial_Report.pdf"
},
"metadata": {
"ip_address": "192.168.1.100",
"user_agent": "Mozilla/5.0..."
}
}'
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([
'action' => 'document.downloaded',
'actor' => [
'id' => 'usr_456',
'name' => 'Jane Smith'
],
'target' => [
'id' => 'doc_789',
'type' => 'document',
'name' => 'Q4_Financial_Report.pdf'
],
'metadata' => [
'ip_address' => '192.168.1.100',
'user_agent' => 'Mozilla/5.0...'
]
]));
await fetch('https://logproof.de/v1/events', {
method: 'POST',
headers: {
'Authorization': 'Bearer lp_sk_your_api_key',
'Content-Type': 'application/json'
},
body: JSON.stringify({
action: 'document.downloaded',
actor: {
id: 'usr_456',
name: 'Jane Smith'
},
target: {
id: 'doc_789',
type: 'document',
name: 'Q4_Financial_Report.pdf'
},
metadata: {
ip_address: '192.168.1.100',
user_agent: 'Mozilla/5.0...'
}
})
});
requests.post(
'https://logproof.de/v1/events',
headers={
'Authorization': 'Bearer lp_sk_your_api_key',
'Content-Type': 'application/json'
},
json={
'action': 'document.downloaded',
'actor': {
'id': 'usr_456',
'name': 'Jane Smith'
},
'target': {
'id': 'doc_789',
'type': 'document',
'name': 'Q4_Financial_Report.pdf'
},
'metadata': {
'ip_address': '192.168.1.100',
'user_agent': 'Mozilla/5.0...'
}
}
)
Feature Overview
Hash Chain Verification
You can verify the integrity of your entire audit log at any time. This proves that no events have been tampered with since they were created.
Webhooks
Configure webhooks to receive real-time notifications when specific events occur. Perfect for triggering alerts or downstream workflows.
Export
Export your audit logs in multiple formats for compliance audits. Supports filtering by date range, actor, action, and more.
Embeddable Widget
Show your users their own audit trail with our pre-built JavaScript widget. Increases transparency and builds trust.
Ready to dive deeper? Check out our Authentication guide to learn about API keys and security best practices.