diff --git a/docs/20_Checks/check_gitlab_tokens.md b/docs/20_Checks/check_gitlab_tokens.md
index 50ac7121dab949f53847f0a21e4c652d4415b7ce..9f1959ce035050e35f1f8dcd0d154c36760a0b16 100644
--- a/docs/20_Checks/check_gitlab_tokens.md
+++ b/docs/20_Checks/check_gitlab_tokens.md
@@ -24,16 +24,33 @@ Extract or Git pull the Bash REST API client somewhere in your filesystem. eg. /
 ## Configuration
 
 The script needs to connect to the Gitlab API.
-You need to create a token in a admin group to read all tokens of all projects.
+You need to create a token
 
-Put 2 bash variabbles into `/etc/icinga2/gitlab.cfg`:
+* as an admin user
+* with api-read role
+
+to read all tokens and all projects + users.
+
+Put 2 bash variables for gitlab access and optionally the rest client into `/etc/icinga2/gitlab.cfg`. This file needs read permissions for the icinga client user only.
+
+You can use another filename for this configuration - but then you need the parameter `-g <FILE>`to reference it.
+
+| variable     | Type   | Description                                                                          |
+| --           | --     | --                                                                                   |
+| GITLAB_API   | string | target url to the gitlab api                                                         |
+| GITLAB_TOKEN | string | token of an admin user to read the api                                               |
+| REST_CLIENT  | string | rest-api-client.sh as filename with full path or relative to the check_gitlab_tokens |
+
+Example:
 
 ```shell
+# Gitlab access:
 GITLAB_API='https://gitlab.example.com/api/v4'
 GITLAB_TOKEN='glpat-1234567890'
-```
 
-You can use another filename for this configuration - but then you need the parameter `-g <FILE>`to reference it.
+# Rest API client
+# REST_CLIENT='/some/where/rest-api-client.sh'
+```
 
 ## Syntax
 
@@ -72,8 +89,8 @@ OPTIONS:
     -c VALUE       critical level (default: 10)
 
     -g FILE        path to GITLAB_CONFIG; default: /etc/icinga2/gitlab.cfg
-    -r FILE        path to REST_CLIENT; default: ./../inc/rest-api-client.sh
-
+    -r FILE        path to REST client; default: ./../inc/rest-api-client.sh
+                   It overrides the variable REST_CLIENT.
     -s DAYS        Number of days for max age of token; default: 395
 
 PARAMETERS:
@@ -112,4 +129,4 @@ OK: 16 Gitlab Tokens (max 395 days old) .. critical: 0 (10 days) .. warnings: 0
 2025-01-23  OK        read_repo - demoproject <https://gitlab.example.com/test/demoproject/-/settings/access_tokens>
 2025-03-14  OK        api_token - admin <https://gitlab.example.com/admin/sysadminstuff/-/settings/access_tokens>
 ...
-```
\ No newline at end of file
+```
diff --git a/docs/_index.md b/docs/_index.md
index 7d306d9aa8292f24129bea32f56300ffea20aab3..8bf54d2f93ce8a6d894e9e2a85db5021cda49231 100644
--- a/docs/_index.md
+++ b/docs/_index.md
@@ -8,11 +8,10 @@ This is a collection of our checks. They are used on Linux systems (Debian, Cent
 
 We use Icinga graphite module to show performance data. The templates are located in a sister repository
 
-
 📃 Sources:
 
 * Checks: <https://git-repo.iml.unibe.ch/iml-open-source/icinga-checks>
 * Graphs (Graphite): <https://git-repo.iml.unibe.ch/iml-open-source/icinga-graphite-templates>
 
 📜 Licence: GNU GPL 3.0 \
-📗 Docs: <https://os-docs.iml.unibe.ch/icinga-checks/>
\ No newline at end of file
+📗 Docs: <https://os-docs.iml.unibe.ch/icinga-checks/>