diff --git a/pkg/api/handlers/webhooks.go b/pkg/api/handlers/webhooks.go
index 77437d2e..c9f8fbcd 100644
--- a/pkg/api/handlers/webhooks.go
+++ b/pkg/api/handlers/webhooks.go
@@ -22,8 +22,8 @@ import (
 )
 
 const (
-	PasswordHTTPHeader = "X-Otto8-Webhook-Password"
-	PasswordQueryParam = "webhookPassword"
+	WebhookTokenHTTPHeader = "X-Otto8-Webhook-Token"
+	WebhookTokenQueryParam = "token"
 )
 
 type WebhookHandler struct{}
@@ -61,7 +61,7 @@ func (a *WebhookHandler) Update(req api.Context) error {
 		if err != nil {
 			return fmt.Errorf("failed to hash password: %w", err)
 		}
-		wh.Spec.PasswordHash = hash
+		wh.Spec.TokenHash = hash
 		webhookReq.Password = ""
 	}
 
@@ -116,7 +116,7 @@ func (a *WebhookHandler) Create(req api.Context) error {
 			return fmt.Errorf("failed to hash password: %w", err)
 		}
 		webhookReq.Password = ""
-		wh.Spec.PasswordHash = hash
+		wh.Spec.TokenHash = hash
 	}
 
 	for i, h := range wh.Spec.Headers {
@@ -196,13 +196,13 @@ func (a *WebhookHandler) Execute(req api.Context) error {
 		}
 	}
 
-	if webhook.Spec.PasswordHash != nil {
-		password := req.Request.Header.Get(PasswordHTTPHeader)
+	if webhook.Spec.TokenHash != nil {
+		password := req.Request.Header.Get(WebhookTokenHTTPHeader)
 		if password == "" {
-			password = req.Request.URL.Query().Get(PasswordQueryParam)
+			password = req.Request.URL.Query().Get(WebhookTokenQueryParam)
 		}
 
-		if err := bcrypt.CompareHashAndPassword(webhook.Spec.PasswordHash, []byte(password)); err != nil {
+		if err := bcrypt.CompareHashAndPassword(webhook.Spec.TokenHash, []byte(password)); err != nil {
 			req.WriteHeader(http.StatusForbidden)
 			return nil
 		}
diff --git a/pkg/storage/apis/otto.otto8.ai/v1/webhook.go b/pkg/storage/apis/otto.otto8.ai/v1/webhook.go
index 50ef36e7..5c6423de 100644
--- a/pkg/storage/apis/otto.otto8.ai/v1/webhook.go
+++ b/pkg/storage/apis/otto.otto8.ai/v1/webhook.go
@@ -34,7 +34,7 @@ func (w *Webhook) DeleteRefs() []Ref {
 
 type WebhookSpec struct {
 	types.WebhookManifest `json:",inline"`
-	PasswordHash          []byte `json:"passwordHash,omitempty"`
+	TokenHash             []byte `json:"tokenHash,omitempty"`
 }
 
 type WebhookStatus struct {
diff --git a/pkg/storage/apis/otto.otto8.ai/v1/zz_generated.deepcopy.go b/pkg/storage/apis/otto.otto8.ai/v1/zz_generated.deepcopy.go
index dc44cec7..3b68e86b 100644
--- a/pkg/storage/apis/otto.otto8.ai/v1/zz_generated.deepcopy.go
+++ b/pkg/storage/apis/otto.otto8.ai/v1/zz_generated.deepcopy.go
@@ -1555,8 +1555,8 @@ func (in *WebhookReferenceStatus) DeepCopy() *WebhookReferenceStatus {
 func (in *WebhookSpec) DeepCopyInto(out *WebhookSpec) {
 	*out = *in
 	in.WebhookManifest.DeepCopyInto(&out.WebhookManifest)
-	if in.PasswordHash != nil {
-		in, out := &in.PasswordHash, &out.PasswordHash
+	if in.TokenHash != nil {
+		in, out := &in.TokenHash, &out.TokenHash
 		*out = make([]byte, len(*in))
 		copy(*out, *in)
 	}