client_id (required) - The client_id is the public identifier for the app.
response_type (required) - The response_type should be set to code, indicating that the application expects to receive an authorization code if successful.
state (required) - The state parameter is used by the application to store request-specific data and/or prevent CSRF attacks. The authorization server will return the unmodified state value back to the application.
scope (required) - The request should have one or more scope values indicating access requested by the application. The authorization server will display the requested scopes to the user. The scope parameter is a list of URL-encoded space-delimited, case-sensitive strings.A full list of scopes can be found here. Example: scope=article%20companyinformation
redirect_uri (optional) - URL-encoded URI that must match the Redirect URI for the app set in the Developer Portal. If omitted, it will default to the registered Redirect URI.
access_type (optional) - Indicates whether your app can refresh access tokens when the user is not present at the browser. Should be set to offline.
account_type (optional) - Indicates whether a service account should be created. Service account must also be enabled for the app in the Developer Portal. A service account is not connected to any specific user and has a specific set of permissions suitable for integrations within the requested scopes. There can only be one service account per client_id and customer. Only system administrators of the customer can authorize service accounts during the authorization process. The only valid value is “service”, if a service account should be created.
Users will be redirected to a login screen where authentication is performed using regular Fortnox user credentials. Upon successful authentication, the server responds with a redirect containing the Authorization-Code.