access_code.* events
Access-code batch generation, redemption, and expiry.
Emitted at the batch level for generation (never per-code, to prevent fan-out) and per-code for redemption and expiry.
Events
access_code.generated
Bulk-generate job completes.
access_code.redeemed
Code successfully redeemed by a subscriber.
access_code.expired
Code passes expiry without redemption.
| Event | Fires when |
|---|---|
access_code.generated | A bulk-generate job completes. Carries the batch size, not individual codes. |
access_code.redeemed | A code is successfully redeemed by a subscriber. |
access_code.expired | A code passes its expiry window without being redeemed. |
See the dedicated pages above for full payload, field reference, and caveats per event.
Example payload — access_code.generated
{
"id": "evt_01HX...",
"type": "access_code.generated",
"created_at": "2026-05-18T10:05:00Z",
"api_version": "2026-05-01",
"project_id": "prj_01HX...",
"data": {
"batch_id": "btc_01HX...",
"plan_id": "pln_01HX...",
"count": 250,
"expires_at": "2026-08-18T00:00:00Z"
}
}Example payload — access_code.redeemed
{
"id": "evt_01HX...",
"type": "access_code.redeemed",
"created_at": "2026-05-18T10:05:00Z",
"api_version": "2026-05-01",
"project_id": "prj_01HX...",
"data": {
"subscription_id": "sub_01HX...",
"plan_id": "pln_01HX...",
"subscriber_id": "usr_01HX...",
"access_code": "masked_xxxxx"
}
}The access_code string is masked except for the last 5 characters. Use it for reconciling back to a CSV export, not for redemption.
Why batch, not per-code
A 10,000-code bulk generation would produce 10,000 webhook deliveries per subscribed endpoint otherwise. The generated event fires once per batch with the count, and the per-code events fire later as codes are actually used.
Required abilities
Tokens subscribing to access_code.* events must carry project-access-code:view-any.
How is this guide?