client_id (required) - The client_id is the public identifier for the app.

response_type (required) - The response_type should be set to code, indicating that the application expects to receive an authorization code if successful.

state (required) - The state parameter is used by the application to store request-specific data and/or prevent CSRF attacks. The authorization server will return the unmodified state value back to the application.

scope (required) - The request should have one or more scope values indicating access requested by the application. The authorization server will display the requested scopes to the user. The scope parameter is a list of URL-encoded space-delimited, case-sensitive strings. A full list of scopes can be found here . Example: scope=article%20companyinformation

redirect_uri (optional) - URL-encoded URI that must match the Redirect URI for the app set in the Developer Portal. If omitted, it will default to the registered Redirect URI.

access_type (optional) - Indicates whether your app can refresh access tokens when the user is not present at the browser. Should be set to offline.

account_type (optional) - Indicates whether a service account should be created. Service account must also be enabled for the app in the Developer Portal. A service account is not connected to any specific user and has a specific set of permissions suitable for integrations within the requested scopes. There can only be one service account per client_id and customer. Only system administrators of the customer can authorize service accounts during the authorization process. The only valid value is “service”, if a service account should be created.

Users will be redirected to a login screen where authentication is performed using regular Fortnox user credentials. Upon successful authentication, the server responds with a redirect containing the Authorization-Code.

Read more about OAuth

Response redirect