diff --git a/jobs/golangapiserver/spec b/jobs/golangapiserver/spec
index 50ab2e0866..ae53911732 100644
--- a/jobs/golangapiserver/spec
+++ b/jobs/golangapiserver/spec
@@ -66,6 +66,13 @@ properties:
        - broker_username: user2
          broker_password: password2
     default: ''
+  autoscaler.apiserver.broker.credential_type:
+    description: |
+      The list of credential types to authenticate with custom metrics api. If credential_type "binding-secret" is used, then username and password are generated by the broker. Also, credential_type "binding-secret" is default, if no credential_type is provided.
+      example:
+       - credential_type: binding-secret
+       - credential_type: X509
+    default: 'binding-secret'
   autoscaler.apiserver.broker.server.catalog:
     description: ""
   autoscaler.apiserver.broker.server.dashboard_redirect_uri:
diff --git a/jobs/golangapiserver/templates/apiserver.yml.erb b/jobs/golangapiserver/templates/apiserver.yml.erb
index 32f298c965..1b0642c028 100644
--- a/jobs/golangapiserver/templates/apiserver.yml.erb
+++ b/jobs/golangapiserver/templates/apiserver.yml.erb
@@ -88,6 +88,7 @@ catalog_schema_path: /var/vcap/packages/golangapiserver/catalog.schema.json
 info_file_path: /var/vcap/jobs/golangapiserver/config/info.json
 policy_schema_path: /var/vcap/packages/golangapiserver/policy_json.schema.json
 dashboard_redirect_uri: <%= p("autoscaler.apiserver.broker.server.dashboard_redirect_uri") %>
+credential_type: <%= p("autoscaler.apiserver.broker.credential_type") %>
 
 health:
   port: <%= p("autoscaler.apiserver.health.port") %>
diff --git a/src/autoscaler/api/broker/broker.go b/src/autoscaler/api/broker/broker.go
index d41ccbc293..f584aa39f7 100644
--- a/src/autoscaler/api/broker/broker.go
+++ b/src/autoscaler/api/broker/broker.go
@@ -511,7 +511,8 @@ func (b *Broker) Bind(ctx context.Context, instanceID string, bindingID string,
 		logger.Error("get-default-policy", err)
 		return result, err
 	}
-	credentialType, err := getOrDefaultCredentialType(policyJson, logger)
+	customMetricsCredentialType := b.conf.CustomMetricsCredentialType
+	credentialType, err := getOrDefaultCredentialType(policyJson, customMetricsCredentialType, logger)
 	if err != nil {
 		logger.Error("getOrDefaultCredentialType %w", err)
 		return result, err
@@ -618,10 +619,14 @@ func (b *Broker) Bind(ctx context.Context, instanceID string, bindingID string,
 	return result, nil
 }
 
-func getOrDefaultCredentialType(policyJson json.RawMessage, logger lager.Logger) (*models.CredentialType, error) {
+func getOrDefaultCredentialType(policyJson json.RawMessage, credentialTypeConfig string, logger lager.Logger) (*models.CredentialType, error) {
 	credentialType := &models.CredentialType{}
+	if credentialTypeConfig == "" {
+		logger.Error("error: Credential Type in the configuration is empty", ErrInvalidCredentialType)
+		return credentialType, nil
+	}
 	if len(policyJson) == 0 {
-		credentialType.CredentialType = "binding-secret"
+		credentialType.CredentialType = credentialTypeConfig
 		return credentialType, nil
 	}
 	err := json.Unmarshal(policyJson, &credentialType)
@@ -631,8 +636,7 @@ func getOrDefaultCredentialType(policyJson json.RawMessage, logger lager.Logger)
 	}
 	// credential-type in policyJson is not set
 	if credentialType.CredentialType == "" {
-		//TODO - set default value from bosh specs
-		credentialType.CredentialType = "binding-secret"
+		credentialType.CredentialType = credentialTypeConfig
 	}
 	logger.Debug("getOrDefaultCredentialType", lager.Data{"credential-Type": credentialType})
 	return credentialType, err
diff --git a/src/autoscaler/api/brokerserver/broker_server_suite_test.go b/src/autoscaler/api/brokerserver/broker_server_suite_test.go
index 2927ad6ada..147a1bfbe4 100644
--- a/src/autoscaler/api/brokerserver/broker_server_suite_test.go
+++ b/src/autoscaler/api/brokerserver/broker_server_suite_test.go
@@ -138,6 +138,7 @@ var _ = BeforeSuite(func() {
 			MetricsForwarderUrl:     "someURL",
 			MetricsForwarderMtlsUrl: "Mtls-someURL",
 		},
+		CustomMetricsCredentialType: "binding-secret",
 	}
 	fakeBindingDB := &fakes.FakeBindingDB{}
 	fakePolicyDB := &fakes.FakePolicyDB{}
diff --git a/src/autoscaler/api/config/config.go b/src/autoscaler/api/config/config.go
index ff8cd607a1..b6d9fa5583 100644
--- a/src/autoscaler/api/config/config.go
+++ b/src/autoscaler/api/config/config.go
@@ -89,28 +89,29 @@ type LowerUpperThresholdConfig struct {
 }
 
 type Config struct {
-	Logging               helpers.LoggingConfig         `yaml:"logging"`
-	BrokerServer          helpers.ServerConfig          `yaml:"broker_server"`
-	PublicApiServer       helpers.ServerConfig          `yaml:"public_api_server"`
-	DB                    map[string]db.DatabaseConfig  `yaml:"db"`
-	BrokerCredentials     []BrokerCredentialsConfig     `yaml:"broker_credentials"`
-	APIClientId           string                        `yaml:"api_client_id"`
-	PlanCheck             *PlanCheckConfig              `yaml:"plan_check"`
-	CatalogPath           string                        `yaml:"catalog_path"`
-	CatalogSchemaPath     string                        `yaml:"catalog_schema_path"`
-	DashboardRedirectURI  string                        `yaml:"dashboard_redirect_uri"`
-	PolicySchemaPath      string                        `yaml:"policy_schema_path"`
-	Scheduler             SchedulerConfig               `yaml:"scheduler"`
-	ScalingEngine         ScalingEngineConfig           `yaml:"scaling_engine"`
-	EventGenerator        EventGeneratorConfig          `yaml:"event_generator"`
-	CF                    cf.Config                     `yaml:"cf"`
-	InfoFilePath          string                        `yaml:"info_file_path"`
-	MetricsForwarder      MetricsForwarderConfig        `yaml:"metrics_forwarder"`
-	Health                helpers.HealthConfig          `yaml:"health"`
-	RateLimit             models.RateLimitConfig        `yaml:"rate_limit"`
-	CredHelperImpl        string                        `yaml:"cred_helper_impl"`
-	StoredProcedureConfig *models.StoredProcedureConfig `yaml:"stored_procedure_binding_credential_config"`
-	ScalingRules          ScalingRulesConfig            `yaml:"scaling_rules"`
+	Logging                     helpers.LoggingConfig         `yaml:"logging"`
+	BrokerServer                helpers.ServerConfig          `yaml:"broker_server"`
+	PublicApiServer             helpers.ServerConfig          `yaml:"public_api_server"`
+	DB                          map[string]db.DatabaseConfig  `yaml:"db"`
+	BrokerCredentials           []BrokerCredentialsConfig     `yaml:"broker_credentials"`
+	APIClientId                 string                        `yaml:"api_client_id"`
+	PlanCheck                   *PlanCheckConfig              `yaml:"plan_check"`
+	CatalogPath                 string                        `yaml:"catalog_path"`
+	CatalogSchemaPath           string                        `yaml:"catalog_schema_path"`
+	DashboardRedirectURI        string                        `yaml:"dashboard_redirect_uri"`
+	PolicySchemaPath            string                        `yaml:"policy_schema_path"`
+	Scheduler                   SchedulerConfig               `yaml:"scheduler"`
+	ScalingEngine               ScalingEngineConfig           `yaml:"scaling_engine"`
+	EventGenerator              EventGeneratorConfig          `yaml:"event_generator"`
+	CF                          cf.Config                     `yaml:"cf"`
+	InfoFilePath                string                        `yaml:"info_file_path"`
+	MetricsForwarder            MetricsForwarderConfig        `yaml:"metrics_forwarder"`
+	Health                      helpers.HealthConfig          `yaml:"health"`
+	RateLimit                   models.RateLimitConfig        `yaml:"rate_limit"`
+	CredHelperImpl              string                        `yaml:"cred_helper_impl"`
+	StoredProcedureConfig       *models.StoredProcedureConfig `yaml:"stored_procedure_binding_credential_config"`
+	ScalingRules                ScalingRulesConfig            `yaml:"scaling_rules"`
+	CustomMetricsCredentialType string                        `yaml:"credential_type"`
 }
 
 type PlanCheckConfig struct {