- Token ID expiration webhooks are only sent when Token Expiration settings are enabled in your project.
- Token expiration can be configured as count-based or time-based.
Token ID types and expiration concepts
Pre-registered token
A method where your system generates Token IDs in advance.- Tokens expire immediately after a single submission.
- An explicit expiration concept exists.
Non-registered token
A method that uses tokens without pre-generation.- Tokens do not have an explicit expiration.
- Validity is verified based on previous usage at the time of use.
Token expiration settings
Webhook delivery depends on whether Token Expiration settings are enabled in your project.- Count-based
- Time-based
Manages token expiration based on usage count.Example: Expires after 1 use
Webhook examples
Response fields
Webhook trigger type -
token_expired indicates that the Token ID has expiredThe expired Token ID
The configured expiration validation condition
count: Count-based expirationtime: Time-based expiration
Target service -
idCheck (ID check main pipeline)Expiration timestamp (ISO 8601 format)
Only included when
expired_condition is count. Indicates the exact time when the token expired.Expected expiration timestamp (ISO 8601 format)
Only included when
expired_condition is time. Indicates when the token was scheduled to expire.Use cases
Token ID expiration webhooks are useful in the following scenarios:Prevent token reuse
Prevent token reuse
Detect expired tokens to block reuse attempts and log security events.
Track service logic
Track service logic
Track token lifecycle to analyze user flows and improve service quality.
Automated token management
Automated token management
Automatically generate new tokens or send notifications to users based on expiration events.