• When you encrypt and decrypt values with Config Server, the access token is required to access the config server instance.
• Access Spring Cloud Services instances with HTTP REST APIs (For example, eureka APIs).  
• Use an access token for troubleshooting purpose. 

Note: The curl utility must be installed.
 

1. Find service instance credentials by checking the app's VCAP_SERVICES environment variables 'cf env APP_NAME'. Use config server instance as an example:

"credentials": {
"access_token_uri": "https://p-spring-cloud-services.uaa.SYSTEM_DOMAIN/oauth/token",
"client_id": "p-config-server-497b6620-b797-42b7-bbc0-3767faa0199d",
"client_secret": "xxxxxxxx",
"uri": "https://config-GUID.APP_DOMAIN"
},

If the credentials are managed by CredHub, the format is:

    "credentials": {
     "credhub-ref": "/c/p.spring-cloud-services-scs-service-broker/37a15060-c98c-461e-95e3-1ccf40448bd6/d444786a-c1b0-41ae-bbf8-3aa77f74497b/credentials-json"
    },

To fetch client_id and client_secret from CredHub, please query CredHub in the app container:

curl -vv https://credhub.service.cf.internal:8844/api/v1/interpolate -i -X POST -H 'Content-Type: application/json' --cert /etc/cf-instance-credentials/instance.crt --key /etc/cf-instance-credentials/instance.key -d "$VCAP_SERVICES"

2. Obtain the access token from step 1's access_token_uri, client_id, and client_secret and supply them as curl parameters, sample below:

$ curl -X POST https://p-spring-cloud-services.uaa.SYSTEM_DOMAIN/oauth/token -d 'grant_type=client_credentials&client_id=p-config-server-497b6620-b797-42b7-bbc0-3767faa0199d&client_secret=gK1BXy8lSaQC'

{"access_token":"xxxxxxx","token_type":"bearer","expires_in":29,"scope":"p-config-server.cbaa2ac4-3c17-4b16-8d51-ed28c3e11c2d.read","jti":"857a5653cb5a45159e5bad9953d61e64"

The token expires in 30 seconds, a new token is required once the token expires.