Add an Audit Trail to Your API in Minutes with HazelJS

Who did what, when, and with what outcome? If your API needs to answer that for compliance, security, or debugging, you need a structured audit trail. This post shows how to get one quickly using the HazelJS Audit Starter : a small Orders API that logs every HTTP request and every business event to console, file, and optionally Kafka — with actors, resources, and redaction built in. Why an audit trail? Compliance — Regulators and policies often require a record of who accessed or changed what. Security — After an incident, you need a timeline of actions and actors. Debugging — “Why did this order change?” is easier when every create/update/delete is logged. Doing this from scratch means instrumenting every endpoint, normalizing event shape, and piping events to logs or a SIEM. The HazelJS Audit Starter and @hazeljs/audit give you a ready-made pattern: one interceptor for HTTP, one service for custom events, and pluggable transports (console, file, Kafka). What’s in the starter? The haz