Document that webhook secret token is sent in X-Gitlab-Token HTTP header

author: Steve Halasz <stevehalasz@gmail.com> 2016-08-03 23:11:35 -0400
committer: Steve Halasz <stevehalasz@gmail.com> 2016-08-03 23:22:23 -0400
commit: 7612f1c4c6df200778f32098fbccf654a858894d (patch)
tree: 1da54750b3a1e52e9f122a3d409d2ac63b050218 /doc/web_hooks
parent: 532202a5278a622de874b9dfc1c4f7fe9ddf5ce4 (diff)
download: gitlab-ce-7612f1c4c6df200778f32098fbccf654a858894d.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/web_hooks/web_hooks.md b/doc/web_hooks/web_hooks.md
index 8559b67af04..d4b28d875cd 100644
--- a/doc/web_hooks/web_hooks.md
+++ b/doc/web_hooks/web_hooks.md
@@ -26,6 +26,10 @@ GitLab webhooks keep in mind the following things:
     you are writing a low-level hook this is important to remember.
 -   GitLab ignores the HTTP status code returned by your endpoint.
 
+## Secret Token
+
+If you specify a secret token, it will be sent with the hook request in the `X-Gitlab-Token` HTTP header. Your webhook endpoint can check that to verify that the request is legitimate.
+
 ## SSL Verification
 
 By default, the SSL certificate of the webhook endpoint is verified based on
author	Steve Halasz <stevehalasz@gmail.com>	2016-08-03 23:11:35 -0400
committer	Steve Halasz <stevehalasz@gmail.com>	2016-08-03 23:22:23 -0400
commit	7612f1c4c6df200778f32098fbccf654a858894d (patch)
tree	1da54750b3a1e52e9f122a3d409d2ac63b050218 /doc/web_hooks
parent	532202a5278a622de874b9dfc1c4f7fe9ddf5ce4 (diff)
download	gitlab-ce-7612f1c4c6df200778f32098fbccf654a858894d.tar.gz