Allow obtaining security token of a web hook through API
Proposal
Currently API for webhooks does not return security token when you request information about the hook. This is explicitly documented:
Secret token to validate received payloads; this isn’t returned in the response.
On the other hand, in web UI, GitLab provides the token value when editing the API hook. This allows one to inspect existing configuration and edit it. I would like to have the same option through the API as well, so that I can both inspect existing token value and update it if necessary.
I suggest that the GET API endpoint accepts additional query string attribute include_token
so that one can call GET /projects/:id/hooks/:hook_id?include_token
to get the token for the hook returned, with opt-in to get it and by default it stays omitted.