diff --git a/arkindex/dataimport/api.py b/arkindex/dataimport/api.py
index a0f8ca71260f987a89de74513d3471fa309d8220..b7f4c763a4ef787c5982e20ffa2b1be8d00e2c09 100644
--- a/arkindex/dataimport/api.py
+++ b/arkindex/dataimport/api.py
@@ -505,7 +505,8 @@ class GitRepositoryImportHook(APIView):
 
     def post(self, request, pk=None, **kwargs):
         repo = get_object_or_404(Repository, id=pk)
-        assert repo.enabled, 'No credentials available'
+        if not repo.enabled:
+            raise PermissionDenied(detail='No credentials available for this repository.')
         repo.provider_class(credentials=repo.credentials).handle_webhook(repo, request)
         return Response(status=status.HTTP_204_NO_CONTENT)
 
diff --git a/arkindex/dataimport/tests/test_providers.py b/arkindex/dataimport/tests/test_providers.py
index e93467fa3676886c64bbbc22d1d99201f6c22fe7..c75c19980a99771ad0cea3ed45b9811bac562903 100644
--- a/arkindex/dataimport/tests/test_providers.py
+++ b/arkindex/dataimport/tests/test_providers.py
@@ -33,6 +33,15 @@ class TestProviders(FixtureAPITestCase):
         glp = GitLabProvider(credentials=self.creds, url='something')
         self.assertEqual(glp.url, 'something')
 
+    @patch('arkindex.dataimport.api.Repository.provider_class')
+    def test_webhook_no_credentials(self, provider_class):
+        self.client.force_login(self.user)
+        self.repo.credentials = None
+        self.repo.save()
+        response = self.client.post(reverse('api:import-hook', kwargs={'pk': self.repo.id}))
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertDictEqual(response.json(), {'detail': 'No credentials available for this repository.'})
+
     @patch('arkindex.dataimport.api.Repository.provider_class')
     def test_webhook(self, provider_class):
         self.client.force_login(self.user)