diff --git a/docs/configuration/configuration.md b/docs/configuration/configuration.md
index 0b944008ef..8f6e4d9b87 100644
--- a/docs/configuration/configuration.md
+++ b/docs/configuration/configuration.md
@@ -2554,12 +2554,35 @@ project: <string>
 [ <http_config> ]
 ```
 
-A Service Account Token can be set through `http_config`.
+A [Service Account Key](https://docs.stackit.cloud/platform/access-and-identity/service-accounts/how-tos/manage-service-account-keys/) can be set through `http_config`. This can be done mapping values from STACKIT Service Account json into oauth2 configuration.
+
+From a given Service Account json
+```json
+{
+  //....
+  "credentials": {
+    "kid": "6a7c3b36-xxxxxxxx",
+    "iss": "xxxx@sa.stackit.cloud",
+    "sub": "af2c2336-xxxxxxxx",
+    "aud": "https://stackit-service-account-prod.apps.01.cf.eu01.stackit.cloud",
+    "privateKey": "-----BEGIN PRIVATE KEY-----xxxx"
+  }
+}
+```
+
+properties can be mapped as:
 
 ```yaml
 stackit_sd_config:
-- authorization:
-    credentials: <token>
+- oauth2:
+    client_id: <credentials.sub>
+    client_certificate_key: <credentials.privateKey>
+    client_certificate_key_id: <credentials.kid>
+    iss: <credentials.iss>
+    audience: <credentials.aud>
+    grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer"
+    token_url: "https://service-account.api.stackit.cloud/token"
+    signature_algorithm: RS512
 ```
 
 ### `<triton_sd_config>`
diff --git a/documentation/examples/prometheus-stackit.yml b/documentation/examples/prometheus-stackit.yml
index 623cb231ff..9be3f9c53a 100644
--- a/documentation/examples/prometheus-stackit.yml
+++ b/documentation/examples/prometheus-stackit.yml
@@ -12,8 +12,15 @@ scrape_configs:
 
     stackit_sd_configs:
       - project: 11111111-1111-1111-1111-111111111111
-        authorization:
-          credentials: "<replace with a STACKIT ServiceAccount Token>"
+        oauth2:
+          client_id: <credentials.sub>
+          client_certificate_key: <credentials.privateKey>
+          client_certificate_key_id: <credentials.kid>
+          iss: <credentials.iss>
+          audience: <credentials.aud>
+          grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer"
+          token_url: "https://service-account.api.stackit.cloud/token"
+          signature_algorithm: RS512
     relabel_configs:
       # Use the public IPv4 and port 9100 to scrape the target.
       - source_labels: [__meta_stackit_public_ipv4]
@@ -25,8 +32,15 @@ scrape_configs:
 
     stackit_sd_configs:
       - project: 11111111-1111-1111-1111-111111111111
-        authorization:
-          credentials: "<replace with a STACKIT ServiceAccount Token>"
+        oauth2:
+          client_id: <credentials.sub>
+          client_certificate_key: <credentials.privateKey>
+          client_certificate_key_id: <credentials.kid>
+          iss: <credentials.iss>
+          audience: <credentials.aud>
+          grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer"
+          token_url: "https://service-account.api.stackit.cloud/token"
+          signature_algorithm: RS512
     relabel_configs:
       # Use the private IPv4 within the STACKIT Subnet and port 9100 to scrape the target.
       - source_labels: [__meta_stackit_private_ipv4_mynet]