Join us at Fortnox App Market today!

Revoke Access-Token

Developers Integration Dictionary

During the process of creating your integration you will bump into these words and functions.

Refresh-token

Revoke of access-token is not supported for Authorization Code Flow due to their short lifespan. Instead, the revoke is done on the refresh-token to prevent new access-tokens from being created. Revoke of a refresh-token is done like this:

POST https://apps.fortnox.se/oauth-v1/revoke

Headers

Content-type: application/x-www-form-urlencoded
Authorization: Basic {Credentials}

Body

token_type_hint=refresh_token&token={Refresh-Token}

Response

{
  "revoked":true
}

 
 

Old type access-token

Revoke of older types of access-tokens with long lifespans can be done like this:

POST https://apps.fortnox.se/oauth-v1/revoke

Headers

Content-type: multipart/form-data

Body

Key: token
Value: {Access-token to revoke}

Response

{
  "revoked":true
}