Docs / Vendor onboarding
Connect GitLab webhooks to Relin
Relin receives GitLab webhooks, verifies signatures, stores payloads, and delivers them to your endpoints with retries, alerts, and replay.
Before you start
- Create a Relin workspace and sign in.
- Have admin access to the GitLab account where you'll configure the webhook.
- Decide which events you want to capture, or start with "all events" if you're exploring.
Setup steps
- In Relin, open your workspace and click New source. Pick the GitLab tile.
- Copy the ingest URL Relin shows. This URL is shown once, so store it.
- Open Project > Settings > Webhooks in GitLab.
- Add a webhook with the Relin source URL and a secret token.
- Paste the same secret token here.
- Save and send a test event from GitLab. Confirm Relin received it in your workspace.
Secret token: Paste the secret token you configured on the GitLab webhook. GitLab compares this value verbatim with the X-Gitlab-Token header.
What Relin does next
- Verifies the signature on every incoming event and records the status (verified, failed, unchecked).
- Stores the payload so you can replay or inspect it later, bounded by your workspace retention window.
- Delivers the event to every destination you've connected to this source, with retries and per-destination rate limits.
- Surfaces lifecycle gaps (for vendors with known lifecycles) as anomalies you can triage from the dashboard.
Test it
The fastest check is the events view in your workspace. After you send a test event from GitLab, it appears within a second or two. Click into the event to see the raw payload, signature status, and the delivery attempts to your destinations.
You can also use the REST API or the MCP tools to inspect the stream programmatically.
GitLab-specific notes
- GitLab authenticates webhooks with a plain secret token rather than an HMAC. Paste the same token you configure in the GitLab webhook settings.
Troubleshooting
- Signature status is failed: the secret token doesn't match. Re-copy it from GitLab and update the Relin source.
- Signature status is unchecked: no signing secret is configured on the source yet. Paste the secret on the source settings page.
- No events arriving: check that the ingest URL in GitLab matches the URL Relin shows, including the token segment at the end.
- Events arrive but destinations fail: open the delivery attempts tab on the event detail page. Each attempt shows the response body, status, and timing.
Next
- Add a destination so Relin can forward events to your app.
- Configure retry policy for resilient delivery.
- Set up alerts on failed deliveries or missing events.