CASE STUDY — PATTERN

Payment-Driven Access Control

Entitlements are the bridge between subscription state and product access — downstream services check them at runtime to decide what a customer can use. Today, entitlements follow subscription state. They should follow payment outcomes instead.

This page covers one of three workstreams in the billing transformation. Payment-driven entitlements owns the grant/revoke decision — when a customer gets access, and when they lose it.

HOW IT WORKS TODAY
Subscription Event

Subscription creates, changes, and cancellations emit events. The system doesn't know or care whether payment succeeded.

Entitlement Grant

Access is granted the moment the subscription changes, not when payment confirms. Provisioned asynchronously.

Runtime Check

Downstream services query entitlements at runtime. Binary — access granted or not. No visibility into payment status.

WHY THAT'S A PROBLEM
The timing gap: access is granted before payment resolves, creating a revocation dilemma when payment eventually fails.
The timing gap: access is granted before payment resolves, creating a revocation dilemma when payment eventually fails.
The Timing Gap

If payment fails, gets stuck, or requires interactive authentication, the customer already has access. The entitlement was granted when the subscription changed — not when money moved.

The Revocation Dilemma

When recovery eventually flags the account, the system revokes something the customer may believe they legitimately have. Indistinguishable from a bait-and-switch.

WHAT CHANGES
New flow: Sub Created → Payment Attempted → Outcome Resolved → Entitlements Granted
New flow: Sub Created → Payment Attempted → Outcome Resolved → Entitlements Granted
Payment Succeeds

Entitlements granted. The customer paid, the payment resolved, access is provisioned. This is the only path to feature access.

Payment Fails

No entitlements. The subscription records intent, but access is not provisioned. The customer sees a clear state — pay to activate.

Payment Pending

Entitlements held. Interactive authentication challenges, async resolution — no access until the outcome resolves. The customer knows they're waiting.

WORKSTREAM DEPENDENCIES
Payment Collection
on-session

Users subscribe and pay interactively. Authentication works because the user is present. Payment collection decoupled from subscription changes.

Entitlement Provisioning
the decision point

Consumes payment outcomes from both on-session and off-session flows. Grants or revokes based on whether money moved.

Recovery
off-session

Manages payment recovery when renewal charges fail. Produces payment outcomes that feed into this system.

The state machine and pipeline diagrams on this page were authored as YAML specs and rendered by the platform's SVG engine. The timing gap visualization made the problem self-evident — the diagram didn't illustrate the argument, it was the argument.

The subscription records what the customer wants. The payment proves they can have it. Entitlements should follow the proof, not the intent.