diff --git a/config.sample.yml b/config.sample.yml
index a7b68e3bf72b0cfb33c3be6b80e9e903cf7335f5..14ee27cdc2d669b2a325ba211fbad95ff7d4a3cc 100644
--- a/config.sample.yml
+++ b/config.sample.yml
@@ -1,5 +1,6 @@
 ---
 issue_tag: RT
+token:
 rt:
   server: https://rt.example.org/
   user: gl-bridge
diff --git a/gl-rt-bridge.rb b/gl-rt-bridge.rb
index 3141a4081e7e49f2a0f64dc0644eb90cee55bfd0..a999e97070a27c8f544e43800d75f3abefe9aff1 100755
--- a/gl-rt-bridge.rb
+++ b/gl-rt-bridge.rb
@@ -16,6 +16,9 @@ rt = RT_Client.new(server: settings.rt[:server],
                    cookies: settings.rt[:cookies])
 
 post '/' do # rubocop:disable Metrics/BlockLength
+  if not settings.token.nil?
+    halt 403 unless request.env['HTTP_X_GITLAB_TOKEN'] == settings.token
+  end
   gitlab_event = request.env['HTTP_X_GITLAB_EVENT']
   case gitlab_event
   when 'Push Hook'