If you want to revoke a specific access-token (thus disabling the integration and preventing your customer from using it), you do as follows:
- Do a POST-request using the following endpoint: https://api.fortnox.se/oauth-v1/revoke
- As headers you use
Key Value Content-Type application/x-www-form-urlencoded Authorization Basic {Base64 encode client-id:client-secret} If you use for example Postman, the Bulk-edit of the headers should look like:
Content-Type:application/x-www-form-urlencoded
Authorization:Basic SjU5WTcySjE4Z0Q6UnVaQVQ2ZTlj - The value of the “Authorization”-key shall be “Basic” followed by the information you get when you Base64 encode “client-id:client-secret”. Note that you shall include “:” when you encode the information.
- As body you use
Key Value token {Access-Token to revoke} If you use for example Postman, the Bulk-edit of the body should look like:
token:09d8e971-bf24-42ba-ac09-019aaa3d7297 - If everything goes as intended, you shall get:
- 200 HTTP-response
- Body: {“revoked”:true}
- Read more at: https://tools.ietf.org/html/rfc7009#section-2