Revoke Access-Token

If you want to revoke a specific access-token (thus disabling the integration and preventing your customer from using it), you do as follows:

• Do a POST-request using the following endpoint: https://api.fortnox.se/oauth-v1/revoke
• As headers you use:

Key	Value
Content-Type	application/x-www-form-urlencoded
Authorization	Basic {Base64 encode client-id:client-secret}

• If you use for example Postman, the Bulk-edit of the headers should look like:
  Content-Type:application/x-www-form-urlencoded
  Authorization:Basic SjU5WTcySjE4Z0Q6UnVaQVQ2ZTlj
• The value of the “Authorization”-key shall be “Basic” followed by the information you get when you Base64 encode “client-id:client-secret”. Note that you shall include “:” when you encode the information.
• As body you use:

Key	Value
token	{Access-Token to revoke}

• If you use for example Postman, the Bulk-edit of the body should look like:
  token:09d8e971-bf24-42ba-ac09-019aaa3d7297
• If everything goes as intended, you shall get:
  200 HTTP-response
• Body: {“revoked”:true}
• Read more at: https://tools.ietf.org/html/rfc7009#section-2