Invoice History Joins the Cryptographic Audit Trail
SpeyBooks keeps a cryptographically chained audit trail: every record is hash-linked to the one before it, and the chain head is anchored publicly each day, so history cannot be silently rewritten. Until now, that guarantee covered the quote domain; invoice activity was recorded in an older audit table without chaining.
-
Invoice actions now write the chained trail Creating, updating, changing the status of, paying, deleting, and emailing an invoice each produce a chained audit record, written in the same database transaction as the change itself — the change and its record succeed or fail together. Records carry the acting user for session requests and are correctly attributed to the API key for programmatic requests. The previous recording path wrote after the fact and could drop records silently on error; that path is now retired for invoice events.
-
Invoice details now show the creator The createdBy field on invoice reads was always null regardless of who created the invoice. It now returns the stored creator, and remains null for invoices created via API key, where no user session exists.
-
Emailed invoices now record their sent date Sending an invoice by email moved it to “sent” status but never set the sent timestamp, so emailed invoices showed no sent date. The send path now records it.
Historical invoice records in the older audit table remain readable where they are; the chain begins at this release. Append-only chains do not accept backfill, and we prefer an honest start date to fabricated history.
Versioning
No request or response shapes changed. The createdBy and sentAt fields now carry the values they were always documented to carry.