diff --git a/gitea-events-rabbitmq-publisher/main.go b/gitea-events-rabbitmq-publisher/main.go
index 816fe9e..b12d6fe 100644
--- a/gitea-events-rabbitmq-publisher/main.go
+++ b/gitea-events-rabbitmq-publisher/main.go
@@ -324,15 +324,18 @@ func parseRequestJSONOrg(reqType string, data []byte) (org *common.Organization,
 
 func main() {
 	var listenAddr string
+	var reqBearerToken string
 
 	flag.BoolVar(&DebugMode, "debug", false, "enables debugging messages")
 	flag.StringVar(&listenAddr, "listen", ListenAddrDef, "HTTP listen socket address for webhook events")
 	flag.StringVar(&topicScope, "topic-domain", DefTopicDomain, "Default domain for RabbitMQ topics")
+	flag.StringVar(&reqBearerToken, "token", "", "HTTP Bearer token to match")
 	flag.Parse()
 
 	log.Println("Starting....")
 	log.Printf("  * Debugging: %t\n", DebugMode)
 	log.Printf("  * Listening: %s\n", listenAddr)
+	log.Printf("  * Bearer token: %t\n", len(reqBearerToken) > 0)
 
 	connectToRabbitMQ()
 
@@ -345,6 +348,14 @@ func main() {
 			return
 		}
 
+		if len(reqBearerToken) > 0 {
+			authToken := req.Header.Get("Authorization")
+			if len(authToken) != len(reqBearerToken)+7 || authToken[0:7] != "Bearer " || authToken[7:] != reqBearerToken {
+				log.Println("Invalid Authorization request...", authToken)
+				res.WriteHeader(http.StatusNetworkAuthenticationRequired)
+			}
+		}
+
 		hdr := req.Header[common.GiteaRequestHeader]
 		if len(hdr) != 1 {
 			res.WriteHeader(http.StatusInternalServerError)