GitLab Tutorial
- 1. Introduction to GitLab
- 2. Architecture & Self-Hosting
- 3. Groups, Projects & Namespaces
- 4. Issue Tracking & Agile
- 5. GitLab CI/CD Basics
- 6. GitLab Runners & Executors
- 7. Environments & Deployments
- 8. Merge Requests & Code Review
- 9. GitLab Container Registry
- 10. Package & Infra Registry
- 11. Security & Compliance
- 12. Monitoring & Analytics (DORA)
- 13. GitLab Pages Hosting
- 14. APIs, Webhooks & Integrations
- 15. GitLab Workflow & Best Practices
14. APIs, Webhooks, & Integrations
No system operates in isolation. To drive automation across your enterprise, GitLab provides rich, programmable endpoints: REST APIs, GraphQL APIs, incoming Webhooks, and off-the-shelf integrations for enterprise tools like Slack, Jira, and Kubernetes.
GitLab REST API v4
Everything you can click inside the GitLab web dashboard can be executed programmatically via the REST API v4. To authenticate your REST requests, you generate a Personal Access Token (PAT) or use the built-in pipeline `CI_JOB_TOKEN`.
Example: Fetching Project Details via cURL
curl --header "PRIVATE-TOKEN: glpat-your_personal_access_token" \
"https://gitlab.com/api/v4/projects/12345"Example: Programmatic Trigger of a Pipeline
You can trigger a build from external applications (like an API gateway or cron-job server) by sending an authenticated POST request:
curl --request POST \
--form token="glptt-your_trigger_token" \
--form ref="main" \
"https://gitlab.com/api/v4/projects/12345/trigger/pipeline"GitLab GraphQL API
If you are making complex calls involving nested data (such as fetching a project's issues, their epics, their weights, and comments in one request), you can utilize GitLab's GraphQL API at `https://gitlab.com/api/graphql`. GraphQL prevents over-fetching and reduces client networking round-trips.
Webhooks: Real-time Event Broadcasters
While APIs allow you to *pull* data, Webhooks allow GitLab to *push* real-time alerts to your external systems when events occur.
You can configure Webhooks to trigger on:
- Push events: A developer pushes commits.
- Merge Request events: An MR is opened, closed, or merged.
- Pipeline events: A pipeline succeeds, fails, or is cancelled.
- Job events: A runner completes a build.
When these events occur, GitLab sends a JSON payload to your custom server endpoint:
{
"object_kind": "pipeline",
"object_attributes": {
"id": 98765,
"ref": "main",
"status": "failed",
"duration": 240
},
"project": {
"name": "api-service",
"web_url": "https://gitlab.com/acme/api-service"
}
}Native Enterprise Integrations
Under Settings > Integrations in your project sidebar, GitLab provides pre-built, code-free connectors:
- Jira Integration: Automatically link GitLab commits and MRs to Jira issue IDs. You can transition Jira tickets (e.g. from "In Progress" to "Done") right from a GitLab commit message!
- Slack / MS Teams: Post real-time notifications to dedicated developer channels when pipelines fail or merge requests are created.
- HashiCorp Vault: Read dynamic, high-security secrets directly inside your pipelines without storing files in GitLab's variables.
