As simple as one, two, three, four!
Register as a developer
First of all you need to register as a developer. This is so that we know who you are and how to get in touch with you.
Developing against Fortnox API is great, you get access to Sweden’s foremost online business system and have the opportunity to reach all of our customers with your product.
As a registered developer you’ll get access to the following things
- A sandbox account of Fortnox F3
- Support to help you with our products and API
- Access to our latest updates in our developer environment
- Invitations to special events hosted by Fortnox
- Be a part of our great developer community
To register, you just need to fill out this form.
Our integration support will come back to you with a sandbox account and the authorization information for your application.
Connect your integration
In Fortnox you now have to connect your integration to your Fortnox account.
You’ll find all connected integrations at the page “Administrate users” in Fortnox under the section “Integrations”.
You are also able to add new integrations here by pressing the button “Add integration”.
A window will pop up where you have the possibility to search for your integration by name or paste in your Client-Id.
A public integration will always be searchable by both the name of the integration and by using the Client-Id. A private integration will only be searchable using the Client-Id.
Select your integration and press the button “Save”.
A new window will pop up with a code called “API code”, this is an Authorization-Code. The Authorization-Code is used to retrieve the final Access-Token.
Each Fortnox account need both a unique Authorization-Code and a unique Access-Token. That means that your integration needs to be able to manage a unique set of keys for every Fortnox account that is connected.
Authorize your application
You’ve got your Authorization-Code and your Client-Secret. These will be the keys to get the final Access-Token.
The Authorization-Code is valid for thirty days before becoming invalid and can only be used once to retrieve the Access-Token.
If the Authorization-Code is used again after an Access-Token has been retrieved the Authorization-Code will become invalid and the integration will become deactivated. The Access-Token does not have a time limit and will be valid until it is deactivated.
The Access-Token combined with the Client-Secret is unique for your application and connects to a specific Fortnox account.
To retrieve your Access-Token you simply send a request to our API using the headers “Authorization-Code” and “Client-Secret”.
Here’s an example using cURL
curl -X "GET" "https://api.fortnox.se/3/customers" \ -H "Authorization-Code: 03b8d2b5-cade-c544-7a59-5a1ac8665856" \ -H "Client-Secret: BFr3jKKZ1J" \ -H "Content-Type: application/json" \ -H "Accept: application/json"
For more information about authentication, follow this link.
Making your request
With the Access-Token you just received you can start making requests and develop against our API.
Start by going through our documentation to see which data is available and how to use it. If there are any questions, please don’t hesitate to contact us!