Refresh-token
Revoke of access-token is not supported for Authorization Code Flow due to their short lifespan. Instead, the revoke is done on the refresh-token to prevent new access-tokens from being created. Revoke of a refresh-token is done like this:
POST https://apps.fortnox.se/oauth-v1/revoke
Headers
Content-type: application/x-www-form-urlencoded Authorization: Basic {Credentials}
Body
token_type_hint=refresh_token&token={Refresh-Token}
Response
{ "revoked":true }
Old type access-token
Revoke of older types of access-tokens with long lifespans can be done like this:
POST https://apps.fortnox.se/oauth-v1/revoke
Headers
Content-type: multipart/form-data
Body
Key: token
Value: {Access-token to revoke}
Response
{ "revoked":true }