Hello,
I am writing to report an issue I’m facing while setting up a webhook automation to trigger a GitLab CI pipeline. I have followed the documentation to create a secret named GITLAB_TRIGGER_TOKEN in my team’s secrets, and I’ve configured an automation to use a webhook that points to my GitLab project’s pipeline trigger URL.
The problem arises when I attempt to use the ${ACCESS_TOKEN} variable in the webhook’s payload.
Failing Scenario When I use the in-app test feature with the following payload and the GITLAB_TRIGGER_TOKEN selected from the “Access Token” dropdown, the test fails.
Payload:
{
"token": "${ACCESS_TOKEN}",
"ref": "wandb-webhook-trigger",
"variables": {
"EVENT_TYPE": "${event_type}",
"ALIAS_BEING_UPDATED": "${alias}",
"ARTIFACT_VERSION": "${artifact_version}",
"EVENT_AUTHOR": "${event_author}",
"WANDB_PROJECT_NAME": "${project_name}",
"WANDB_ENTITY": "${entity_name}"
}
}
Error Response:
FailureThe test request resulted in an invalid status code
{
"response": {
"error": "ref is missing, ref is empty, token is missing"
},
"error": "generic webhook: status code 400"
}
Succeeding Scenario However, when I replace the ${ACCESS_TOKEN} variable with the hardcoded value of my token in the payload and run the test, it succeeds and the GitLab CI pipeline is triggered as expected.
Successful Payload:
{
"token": "glptt-4b0a8903307fd4c565dasdafafasf",
"ref": "wandb-webhook-trigger",
"variables": {
"EVENT_TYPE": "${event_type}",
"ALIAS_BEING_UPDATED": "${alias}",
"ARTIFACT_VERSION": "${artifact_version}",
"EVENT_AUTHOR": "${event_author}",
"WANDB_PROJECT_NAME": "${project_name}",
"WANDB_ENTITY": "${entity_name}"
}
}
Successful Response:
SuccessThe test request was successfully processed by the server
{
"response": {
"id": 2032357154,
"iid": 9,
"project_id": 74202939,
"sha": "6d28393b314bb30db6b2b7f5dd6c05008ff1b6ce",
"ref": "wandb-webhook-trigger",
"status": "created",
"source": "trigger",
"created_at": "2025-09-10T14:55:43.355Z",
"updated_at": "2025-09-10T14:55:43.355Z",
"web_url": "[https://gitlab.com/skanelo.ai/mmdet_wandb/-/pipelines/2032357154](https://gitlab.com/skanelo.ai/mmdet_wandb/-/pipelines/2032357154)",
"before_sha": "0000000000000000000000000000000000000000",
"tag": false,
"yaml_errors": null,
"user": {
"id": 9223033,
"username": "skanelo.ai",
"public_email": "",
"name": "Stefanos Kanellopoulos",
"state": "active",
"locked": false,
"avatar_url": "[https://gitlab.com/uploads/-/system/user/avatar/9223033/avatar.png](https://gitlab.com/uploads/-/system/user/avatar/9223033/avatar.png)",
"web_url": "[https://gitlab.com/skanelo.ai](https://gitlab.com/skanelo.ai)"
},
"started_at": null,
"finished_at": null,
"committed_at": null,
"duration": null,
"queued_duration": null,
"coverage": null,
"detailed_status": {
"icon": "status_created",
"text": "Created",
"label": "created",
"group": "created",
"tooltip": "created",
"has_details": false,
"details_path": "/skanelo.ai/mmdet_wandb/-/pipelines/2032357154",
"illustration": null,
"favicon": "/assets/ci_favicons/favicon_status_created-4b975aa976d24e5a3ea7cd9a5713e6ce2cd9afd08b910415e96675de35f64955.png"
}
},
"error": ""
}
This behavior indicates that the variable substitution for ${ACCESS_TOKEN} is not occurring correctly when used within the payload’s JSON body.
Could you please provide guidance on the correct way to configure this setup? Is there a different variable or method I should be using to pass the token from the secret into the payload’s JSON body?
Thank you for your assistance.
Best regards,
Stefanos