Every B2B SaaS hits the same wall on the way to its first enterprise contract: the procurement team asks for audit logs, and your team realizes that "we have a events table" isn't going to cut it. Tamper-proof storage, configurable retention, schema consistency, an end-user-facing activity view, SIEM export — that's two to four weeks of engineering work between you and the signature.
Everscribe collapses that work into an afternoon. This post walks through getting from signup to your first event.
1. Create a project
Sign up, then create a project. You'll get an API key that's scoped to that project — events you record with it land in that project's stream and nowhere else. Most teams start with two projects: one for staging, one for production. Each project has its own retention policy and its own SIEM destinations.
2. Install the SDK
go get github.com/everscribe/sdk-go
One runtime dependency (github.com/google/uuid). Requires Go 1.25+.
The SDK has a root package that binds your credentials once and hands out per-surface clients (recorder for ingest, minter for embed-token mints), plus subpackages with the underlying types and constructors.
import (
"github.com/everscribe/sdk-go" // Client, New, NewFromEnv, NewRecorder, NewMinter
"github.com/everscribe/sdk-go/pkg/recorder" // BufferedRecorder, HTTPRecorder, options
"github.com/everscribe/sdk-go/pkg/event" // Event, Actor, Target, Result, NewMiddleware
)
3. Initialize a recorder
es, err := everscribe.New(projectID, apiKey)
if err != nil {
log.Fatal(err)
}
rec := es.NewRecorder()
defer rec.Close()
The recorder buffers events in memory and flushes them in batches — your handlers don't block on Everscribe's network. Close drains pending events on shutdown so you don't lose anything between SIGTERM and exit.
4. Record your first event
For HTTP handlers, the middleware pattern is the cleanest:
auditMw := event.NewMiddleware(actorResolver)
http.Handle("POST /api-keys", auditMw(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
e := event.FromContext(r.Context())
defer rec.Record(r.Context(), e)
e.Action = "api_key.create"
key, err := createAPIKey(r.Context(), r)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return // Result auto-captures as {error, 500}.
}
e.Target = event.Target{Type: "api_key", ID: key.ID}
w.WriteHeader(http.StatusCreated)
})))
The middleware attaches a fresh Event to the request context and the actor resolver fills in who's making the call from your session. Your handler sets the action and the target. The recorder handles everything else: timestamp, request ID, IP, user-agent, success/failure inferred from the HTTP status.
For non-HTTP code paths — background jobs, webhook handlers, scheduled tasks — build the event directly:
e := event.New("subscription.trial_expired")
e.Actor = event.Actor{Type: "system", ID: "trial_expirer"}
e.Target = event.Target{Type: "subscription", ID: subID}
rec.Record(ctx, e)
5. See it in the dashboard
Open the project in Everscribe and your event is there — searchable by actor, action, target, time range, and any custom metadata you attached. Filter to a specific user. Tail the live stream while you reproduce a bug. Export the slice that matters to CSV.
6. Embed an activity log in your product (optional)
Drop our React component into the page where your end-users want to see their own activity. It's themable via CSS variables, so it picks up your brand without touching the markup:
<EverscribeActivityLog projectId={projectId} userId={user.id} />
A vanilla JS widget exists for non-React frontends.
What's next
- Set a retention policy per environment (30 days, 90 days, 1 year, unlimited)
- Configure a SIEM destination — Datadog, Splunk, S3, or any webhook endpoint
- For mutation events, attach the before/after with
e.Diff(before, after)to capture exactly what changed
The sdk-go README on GitHub has the full reference, including the buffered recorder's overflow policies, idempotency semantics for retries, and the minter's MintToken surface for the embeddable activity log.