diff --git a/spec/controllers/api/v1/apps/credentials_controller_spec.rb b/spec/controllers/api/v1/apps/credentials_controller_spec.rb
deleted file mode 100644
index 350e0c7a0..000000000
--- a/spec/controllers/api/v1/apps/credentials_controller_spec.rb
+++ /dev/null
@@ -1,45 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Api::V1::Apps::CredentialsController do
-  render_views
-
-  let(:token) { Fabricate(:accessible_access_token, scopes: 'read', application: Fabricate(:application)) }
-
-  context 'with an oauth token' do
-    before do
-      allow(controller).to receive(:doorkeeper_token) { token }
-    end
-
-    describe 'GET #show' do
-      before do
-        get :show
-      end
-
-      it 'returns http success' do
-        expect(response).to have_http_status(200)
-      end
-
-      it 'does not contain client credentials' do
-        json = body_as_json
-
-        expect(json).to_not have_key(:client_secret)
-        expect(json).to_not have_key(:client_id)
-      end
-    end
-  end
-
-  context 'without an oauth token' do
-    before do
-      allow(controller).to receive(:doorkeeper_token).and_return(nil)
-    end
-
-    describe 'GET #show' do
-      it 'returns http unauthorized' do
-        get :show
-        expect(response).to have_http_status(401)
-      end
-    end
-  end
-end
diff --git a/spec/requests/api/v1/apps/credentials_spec.rb b/spec/requests/api/v1/apps/credentials_spec.rb
new file mode 100644
index 000000000..dafe168c5
--- /dev/null
+++ b/spec/requests/api/v1/apps/credentials_spec.rb
@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe 'Credentials' do
+  describe 'GET /api/v1/apps/verify_credentials' do
+    subject do
+      get '/api/v1/apps/verify_credentials', headers: headers
+    end
+
+    context 'with an oauth token' do
+      let(:token)   { Fabricate(:accessible_access_token, scopes: 'read', application: Fabricate(:application)) }
+      let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
+
+      it 'returns http success' do
+        subject
+
+        expect(response).to have_http_status(200)
+      end
+
+      it 'returns the app information correctly' do
+        subject
+
+        expect(body_as_json).to match(
+          a_hash_including(
+            name: token.application.name,
+            website: token.application.website,
+            vapid_key: Rails.configuration.x.vapid_public_key
+          )
+        )
+      end
+    end
+
+    context 'without an oauth token' do
+      let(:headers) { {} }
+
+      it 'returns http unauthorized' do
+        subject
+
+        expect(response).to have_http_status(401)
+      end
+    end
+  end
+end