Documentation
  1. Webhooks
  • Visitor Management API
    • Getting Started
      • Overview
    • API Reference
      • Logs
        • Get filtered Events logs
      • Accesses
        • Create new QR Access
      • Users
        • Create new Property Manager
        • Update existing Property Manager
    • External Visits
      • External NFC Visit
  • Visitor Management Webhooks
    • Getting started with webhooks
    • Security & Signature Verification
  • Work Permit DAMAC integration
    • API
      • Create contractor
      • Revoke contractor
      • Create NOC / fit-out permit
      • Get permit (reconciliation)
      • Update permit — dates / NOC
      • Revoke or reissue a permit pass
    • Webhooks
      • passes.permits.issued
        POST
      • passes.permits.updated
        POST
      • passes.permits.expiring
        POST
      • passes.permits.expired
        POST
      • passes.permits.scanned
        POST
      • passes.permits.firstScanned
        POST
      • passes.permits.lastScanned
        POST
      • communityContractors.approved
        POST
      • communityContractors.removed
        POST
  1. Webhooks

passes.permits.issued

POST
/passes.permits.issued
[Q-01 / Q-02] QR generated & issued
Emitted when a permit becomes ACCEPTED (and on reissue). [Q-01] Buzz-In generates one opaque QR token per permit — it is the permit's accessCode; no contractor/permit PII is embedded. The same code is shared by all employees on the permit and is valid for the permit's full validity window, scoped to the bound property/unit. Carries the QR payload: token (qrToken), base64 PNG (qrImageBase64), public image URL (qrImageUrl), validity window and the bound location.
[Q-05] Gate access: the QR encodes { visitType: "communityPass", accessCode }. On scan, Buzz-In validates the permit status, property/unit match, validity window (validFrom/validTill + timeIn/timeOut + optional grace period), restricted days and vehicle trip limits. A valid entry/exit produces the scan events below; rejected scans return reasons such as expired/inactive, revoked, archived (already used), or wrong location.
Delivered as an HTTP POST to every destination URL configured for passes.permits.issued (Dashboard → Settings → API → Webhooks). Headers: X-Buzzin-Event: passes.permits.issued, X-Buzzin-Delivery: <id>, and X-Buzzin-Token: <secret> when the endpoint has a secret. Respond 2xx to acknowledge.

Request

Body Params application/jsonRequired

Examples

Responses

🟢200OK
Your endpoint acknowledges receipt (any 2xx).
This response does not have a body.
Request Request Example
Shell
JavaScript
Java
Swift
curl --location '/passes.permits.issued' \
--header 'Content-Type: application/json' \
--data '{
    "id": "66ffaa00bb11cc22dd33ee44",
    "event": "passes.permits.issued",
    "communityId": "6840270a99ca91002185fcd6",
    "createdAt": "2026-06-29T10:15:00.000Z",
    "data": {
        "permitId": "66f0a1b2c3d4e5f600000abc",
        "passNumber": "WP-002391",
        "status": 1,
        "statusName": "ACCEPTED",
        "type": "permits",
        "permitType": "buildUp",
        "communityId": "6840270a99ca91002185fcd6",
        "propertyId": "66e0000000000000000000a1",
        "flatId": "66e0000000000000000000b2",
        "communityContractorId": "66f0a1b2c3d4e5f600000001",
        "salesforceId": "a1B5g000000XYZWEAW",
        "validFrom": "2026-07-01T06:00:00.000Z",
        "validTill": "2026-07-31T18:00:00.000Z",
        "accessCode": "7H2KQ9ZTM4XB1RPA8VC0DLEN",
        "permitDocumentationUrl": "string",
        "qrToken": "7H2KQ9ZTM4XB1RPA8VC0DLEN",
        "qrImageBase64": "string",
        "qrImageUrl": "https://cdn.buzz-in.co/public/permits/permit-WP-002391-qr.png"
    }
}'
Previous
Revoke or reissue a permit pass
Next
passes.permits.updated
Built with