Skip to main content

The event stream

The event stream API is a read-only API that allows you to fetch the events that have been generated by your application. It's useful for debugging purposes, but also for building your own analytics tools. The access to this API is disabled by default, but you can enable it by configuring the authorizeReadEvents policy in your entities. You can also use the authorizeReadEvents policy to restrict access to the events of certain entities.

Accessing the event streams API

The authorizeReadEvents policy can be configured with any of the supported authorization mechanisms:

  • 'all' to make them public.
  • an array of roles.
  • An authorizer function that matches the EventStreamAuthorizer type signature. For example
authorizeReadEvents: 'all', // Anyone can read any Cart's event
export class Cart {
public constructor(
readonly id: UUID,
readonly cartItems: Array<CartItem>,
public shippingAddress?: Address,
public checks = 0
) {}
// <reducers...>

Be careful when exposing events data, as this data is likely to hold internal system state. Pay special attention when authorizing public access with the 'all' option, it's always recommended to look for alternate solutions that limit access.

To read more about how to restrict the access to the event stream API, check out the authorization guide.