What token scope is required for webhook management?

Required Token Scopes: api. Permissions for actions depend on role; Manage webhooks requires Maintainer+.

How do I test webhook delivery?

Use the test endpoint: glab api projects/:id/hooks/:hook_id/test/:trigger -X POST

Can I manage group webhooks as well as project webhooks?

Yes. Use glab api groups/:id/hooks to list or manage group webhooks (Premium feature in some plans).

gitlab-webhook

npx machina-cli add skill grandcamel/GitLab-Assistant-Skills/gitlab-webhook --openclaw

Files (1)

SKILL.md

9.7 KB

Webhook Skill

Webhook management for GitLab using glab api raw endpoint calls.

Quick Reference

Operation	Command Pattern	Risk
List webhooks	`glab api projects/:id/hooks`	-
Get webhook	`glab api projects/:id/hooks/:hook_id`	-
Create webhook	`glab api projects/:id/hooks -X POST -f ...`	⚠️
Update webhook	`glab api projects/:id/hooks/:hook_id -X PUT -f ...`	⚠️
Delete webhook	`glab api projects/:id/hooks/:hook_id -X DELETE`	⚠️⚠️
Test webhook	`glab api projects/:id/hooks/:hook_id/test/:trigger -X POST`	⚠️
List group hooks	`glab api groups/:id/hooks`	-

Risk Legend: - Safe | ⚠️ Caution | ⚠️⚠️ Warning | ⚠️⚠️⚠️ Danger

When to Use This Skill

ALWAYS use when:

User mentions "webhook", "hook", "web hook"
User wants to integrate GitLab with external services
User mentions "notification", "callback", "trigger URL"
User wants to set up CI/CD integrations or Slack notifications

NEVER use when:

User wants to configure built-in integrations (use project settings)
User wants to manage CI/CD pipelines (use gitlab-ci)
User wants system hooks (requires admin access)

API Prerequisites

Required Token Scopes: api

Permissions:

View webhooks: Maintainer+
Manage webhooks: Maintainer+

Webhook Events

Event	Flag	Description
Push	`push_events`	Code pushed to repository
Tag	`tag_push_events`	Tags created/deleted
Merge Request	`merge_requests_events`	MR created/updated/merged
Issues	`issues_events`	Issue created/updated/closed
Notes	`note_events`	Comments on MRs/issues/commits
Confidential Notes	`confidential_note_events`	Confidential comments
Job	`job_events`	CI job status changes
Pipeline	`pipeline_events`	Pipeline status changes
Deployment	`deployment_events`	Deployment status changes
Wiki	`wiki_page_events`	Wiki pages created/updated
Releases	`releases_events`	Releases created

Available Commands

List Webhooks

# List project webhooks
glab api projects/123/hooks --method GET

# List with pagination
glab api projects/123/hooks --paginate

# List group webhooks (Premium)
glab api groups/456/hooks --method GET

# Using project path
glab api "projects/$(echo 'mygroup/myproject' | jq -Rr @uri)/hooks"

Get Webhook Details

# Get specific webhook
glab api projects/123/hooks/789 --method GET

Create Webhook

# Basic webhook for push events
glab api projects/123/hooks --method POST \
  -f url="https://example.com/webhook" \
  -f push_events=true

# Webhook for MR and pipeline events
glab api projects/123/hooks --method POST \
  -f url="https://example.com/webhook" \
  -f push_events=false \
  -f merge_requests_events=true \
  -f pipeline_events=true

# Webhook with secret token
glab api projects/123/hooks --method POST \
  -f url="https://example.com/webhook" \
  -f push_events=true \
  -f token="my-secret-token" \
  -f enable_ssl_verification=true

# Full-featured webhook
glab api projects/123/hooks --method POST \
  -f url="https://example.com/webhook" \
  -f push_events=true \
  -f tag_push_events=true \
  -f merge_requests_events=true \
  -f issues_events=true \
  -f note_events=true \
  -f pipeline_events=true \
  -f job_events=true \
  -f token="secret" \
  -f enable_ssl_verification=true

# Webhook for specific branches only
glab api projects/123/hooks --method POST \
  -f url="https://example.com/webhook" \
  -f push_events=true \
  -f push_events_branch_filter="main"

Update Webhook

# Update URL
glab api projects/123/hooks/789 --method PUT \
  -f url="https://new-url.com/webhook"

# Enable additional events
glab api projects/123/hooks/789 --method PUT \
  -f pipeline_events=true \
  -f job_events=true

# Disable event
glab api projects/123/hooks/789 --method PUT \
  -f push_events=false

# Update secret token
glab api projects/123/hooks/789 --method PUT \
  -f token="new-secret-token"

# Change SSL verification
glab api projects/123/hooks/789 --method PUT \
  -f enable_ssl_verification=false

Delete Webhook

# Delete webhook
glab api projects/123/hooks/789 --method DELETE

Test Webhook

# Test push event
glab api projects/123/hooks/789/test/push_events --method POST

# Test MR event
glab api projects/123/hooks/789/test/merge_requests_events --method POST

# Test tag push event
glab api projects/123/hooks/789/test/tag_push_events --method POST

# Test note event
glab api projects/123/hooks/789/test/note_events --method POST

# Test issues event
glab api projects/123/hooks/789/test/issues_events --method POST

Webhook Configuration Options

Option	Type	Description
`url`	string	Webhook endpoint URL (required)
`token`	string	Secret token for validation
`push_events`	boolean	Trigger on push
`push_events_branch_filter`	string	Branch filter for push events
`tag_push_events`	boolean	Trigger on tag push
`merge_requests_events`	boolean	Trigger on MR events
`issues_events`	boolean	Trigger on issue events
`confidential_issues_events`	boolean	Trigger on confidential issues
`note_events`	boolean	Trigger on comments
`confidential_note_events`	boolean	Trigger on confidential notes
`pipeline_events`	boolean	Trigger on pipeline events
`job_events`	boolean	Trigger on job events
`deployment_events`	boolean	Trigger on deployments
`wiki_page_events`	boolean	Trigger on wiki changes
`releases_events`	boolean	Trigger on releases
`enable_ssl_verification`	boolean	Verify SSL certificate

Common Workflows

Workflow 1: Set Up Slack Notifications

# Create webhook for Slack
glab api projects/123/hooks --method POST \
  -f url="https://hooks.slack.com/services/T00/B00/XXX" \
  -f push_events=true \
  -f merge_requests_events=true \
  -f pipeline_events=true \
  -f enable_ssl_verification=true

Workflow 2: Set Up CI Trigger

# Webhook to trigger external CI
glab api projects/123/hooks --method POST \
  -f url="https://ci.example.com/trigger" \
  -f push_events=true \
  -f tag_push_events=true \
  -f token="ci-trigger-token" \
  -f push_events_branch_filter="main"

Workflow 3: Audit All Webhooks

# List all webhooks with details
glab api projects/123/hooks --paginate | \
  jq -r '.[] | "ID: \(.id)\n  URL: \(.url)\n  Events: push=\(.push_events), mr=\(.merge_requests_events), pipeline=\(.pipeline_events)\n  SSL: \(.enable_ssl_verification)\n"'

Workflow 4: Migrate Webhook to New URL

# 1. Get current webhook config
glab api projects/123/hooks/789 | jq

# 2. Update URL
glab api projects/123/hooks/789 --method PUT \
  -f url="https://new-service.example.com/webhook"

# 3. Test the webhook
glab api projects/123/hooks/789/test/push_events --method POST

Workflow 5: Set Up Deployment Notifications

# Webhook for deployment events only
glab api projects/123/hooks --method POST \
  -f url="https://deploy-tracker.example.com/webhook" \
  -f push_events=false \
  -f deployment_events=true \
  -f token="deploy-secret"

Workflow 6: Disable All Non-Essential Events

hook_id=789

# Keep only push and MR events
glab api projects/123/hooks/$hook_id --method PUT \
  -f push_events=true \
  -f merge_requests_events=true \
  -f tag_push_events=false \
  -f issues_events=false \
  -f note_events=false \
  -f job_events=false \
  -f pipeline_events=false

Webhook Payload

GitLab sends JSON payloads with event data. Key fields:

Push Event Payload

{
  "object_kind": "push",
  "ref": "refs/heads/main",
  "before": "abc123...",
  "after": "def456...",
  "commits": [...],
  "project": {...}
}

MR Event Payload

{
  "object_kind": "merge_request",
  "event_type": "merge_request",
  "object_attributes": {
    "iid": 1,
    "title": "...",
    "state": "opened",
    "action": "open"
  }
}

Validating Webhooks

Use the secret token to validate webhook authenticity:

# In your webhook handler, verify the X-Gitlab-Token header
# matches the token you configured

Troubleshooting

Issue	Cause	Solution
Webhook not firing	Event not enabled	Check event flags
403 Forbidden	Not maintainer	Need Maintainer+ role
SSL verification failed	Invalid certificate	Use `enable_ssl_verification=false` or fix cert
Webhook URL unreachable	Network/firewall issue	Verify URL is accessible from GitLab
Test returns error	Endpoint error	Check your webhook handler logs
Too many requests	Webhook loop	Verify handler doesn't trigger events

Best Practices

Use HTTPS: Always use secure URLs for webhooks
Set secret token: Validate webhooks with a secret token
Enable only needed events: Reduce noise and processing
Handle failures gracefully: GitLab retries failed deliveries
Monitor webhook health: Check recent deliveries in GitLab UI
Use branch filters: Limit push events to relevant branches

Overview

Manage GitLab project and group webhooks using the glab api and raw endpoint calls. This skill covers listing, viewing, creating, updating, deleting webhooks, configuring events, and testing deliveries to external services.

How This Skill Works

The skill uses glab api endpoints like projects/:id/hooks and groups/:id/hooks to perform CRUD operations and event configuration. You’ll need an API-scoped token (api) and appropriate permissions (Maintainer+ for manage operations) to create, update, or delete webhooks.

When to Use It

User mentions webhook, hook, or web hook and wants to inspect or modify webhooks
User wants to integrate GitLab with external services (Slack, CI systems, issue trackers)
User needs to configure notification triggers (push, MR, issues, etc.) via events
User wants to create, update, or delete webhooks for a project or group
User wants to test webhook delivery to validate configurations

Quick Start

Step 1: Install/configure glab and obtain an API token with the api scope
Step 2: List existing webhooks for your project to understand current settings
Step 3: Create a new webhook by specifying the URL and desired events, e.g., push_events

Best Practices

Use an API-scoped token (api) and ensure you have Maintainer+ permissions for management tasks
Specify only the needed events to minimize payloads (e.g., push_events, merge_requests_events)
Include enable_ssl_verification and a secret token where supported for security
Test delivery after creation and use the test workflow when available
List webhooks with pagination if you expect many hooks to avoid missing items

Example Use Cases

List project webhooks: glab api projects/123/hooks --method GET
List with pagination: glab api projects/123/hooks --paginate
List group webhooks (Premium): glab api groups/456/hooks --method GET
Get specific webhook: glab api projects/123/hooks/789 --method GET
Basic webhook for push events: glab api projects/123/hooks --method POST -f url=https://example.com/webhook -f push_events=true

Frequently Asked Questions

Add this skill to your agents

gitlab-webhook

Webhook Skill

Quick Reference

When to Use This Skill

API Prerequisites

Webhook Events

Available Commands

List Webhooks

Get Webhook Details

Create Webhook

Update Webhook

Delete Webhook

Test Webhook

Webhook Configuration Options

Common Workflows

Workflow 1: Set Up Slack Notifications

Workflow 2: Set Up CI Trigger

Workflow 3: Audit All Webhooks

Workflow 4: Migrate Webhook to New URL

Workflow 5: Set Up Deployment Notifications

Workflow 6: Disable All Non-Essential Events

Webhook Payload

Push Event Payload

MR Event Payload

Validating Webhooks

Troubleshooting

Best Practices

Related Documentation

Source

Overview

How This Skill Works

When to Use It

Quick Start

Best Practices

Example Use Cases

Frequently Asked Questions