diff --git a/middlewares/auth.js b/middlewares/auth.js
index f51bb73..c715b68 100644
--- a/middlewares/auth.js
+++ b/middlewares/auth.js
@@ -1,5 +1,6 @@
 const crypto = require('crypto');
 const { config } = require('../config');
+const { validateToken } = require('../services/common');
 
 const github = function (req, res, next) {
   if (!verifyGithubSignature(req)) {
@@ -9,21 +10,27 @@ const github = function (req, res, next) {
   next();
 };
 
-const gitlab = function (req, res, next) {
-  if (!verifyGitlabSignature(req)) {
+const gitlab = async function  (req, res, next) {
+  if (!(await verifyGitlabSignature(req))) {
     res.status(401).send('Unauthorized');
     return;
-  }
+  }8
   next();
 };
 
-const verifyGithubSignature = (req) => {
+const verifyGithubSignature = async (req) => {
   const githubSignature = crypto.createHmac('sha256', config.githubWebhookSecret).update(JSON.stringify(req.body)).digest('hex');
   return `sha256=${githubSignature}` === req.headers['x-hub-signature-256'];
 };
 
-const verifyGitlabSignature = (req) => {
-  return config.gitlabWebhookSecret === req.headers['x-gitlab-token'];
+const verifyGitlabSignature =async (req) => {
+  try{
+    await validateToken(req.headers['x-gitlab-token']);
+  }
+  catch(error){
+    return false;
+  }
+  return true;
 };
 
 module.exports = { github, gitlab };
diff --git a/services/common.js b/services/common.js
index 0bcdd29..f0b7e6e 100644
--- a/services/common.js
+++ b/services/common.js
@@ -19,6 +19,21 @@ const orchestratorDeploymentRequest = async (data) => {
   }
 };
 
+const validateToken = async (token) => {
+  log.info(token);
+  const headers = {
+    'Content-Type': 'application/json',
+    Authorization: `Bearer ${token}`
+  };
+  try {
+    const response = await axios.get(`${config.orchestratorBaseUrl}/apikey/validate`, { headers });
+    log.info(response?.data);
+  } catch (error) {
+    log.error(error);
+    throw new Error(error?.response?.data.message);
+  }
+};
+
 const orchestratorEnvListRequest = async (repoUrl, contextDir) => {
   const headers = {
     'Content-Type': 'application/json',
@@ -51,5 +66,6 @@ const createOrchestratorPayload = (payload, contextDir, envs, ref, ephemeral) =>
 module.exports = {
   orchestratorDeploymentRequest,
   createOrchestratorPayload,
-  orchestratorEnvListRequest
+  orchestratorEnvListRequest,
+  validateToken
 };