How to create an OAuth app in Fortnox
Before you get started, make sure you have a Fortnox developer account.
1. Create your OAuth app
Log in to the Fortnox Developer Portal and navigate to My apps. Click Create app to register a new OAuth application.
Give the app a meaningful name (for example, "Apideck integration") — your users will see this name when they are asked to authorise access to their Fortnox account.
2. Basic information
Fill in the required fields:
- App name: A name your users will recognise (e.g. "Apideck integration")
- Description: A short explanation of what the integration does
- Company URL: Your company or product homepage
3. Client credentials
Once the app is created, Fortnox generates a Client ID and lets you generate a Client Secret. Navigate to the app's OAuth settings tab to find them.
Copy these two values and paste them into the Apideck Fortnox connector settings under Use your Fortnox client credentials.
4. Scopes
In the Scopes section of your app, enable the following scopes. The scopes must match exactly what Apideck requests during the OAuth flow.
| Scope | Purpose |
|---|---|
invoice | Read and write customer invoices |
customer | Read and write customer records |
supplier | Read and write supplier records |
supplierinvoice | Read and write supplier invoices (bills) |
article | Read and write articles / products |
bookkeeping | Read and write accounts, vouchers, and financial years |
payment | Read and write invoice and supplier-invoice payments |
companyinformation | Read company information |
order | Read and write purchase orders |
archive | Read and write attachments / inbox |
project | Read and write projects (tracking categories) |
connectfile | Connect uploaded files to invoices, supplier invoices, and vouchers |
Refresh tokens are issued automatically by Fortnox; no separate scope is required.
Important: If the scopes configured in your Fortnox app do not match the scopes requested by Apideck, the authorisation will fail with a scope mismatch error.
5. Redirect URL
In the Redirect URIs section, add the following URL exactly as shown:
https://unify.apideck.com/vault/callback
This is where users are sent after they grant your app access to their Fortnox account.
6. App visibility
Fortnox allows apps to be hidden (unlisted from the Fortnox marketplace). Hidden apps can still onboard multiple tenants in production without requiring marketplace approval. If you are building a private or partner integration you do not need to submit the app for marketplace review.
FAQ and troubleshooting
Error: Scope mismatch during authorisation
This happens when the scopes enabled on your Fortnox app do not exactly match the scopes Apideck requests. Go to your app in the Fortnox Developer Portal, open Scopes, and verify all twelve scopes listed in step 4 are enabled.
Refresh token stops working after 45 days
Fortnox refresh tokens expire after 45 days if they are not used. Each time a refresh token is used, Fortnox issues a new one and invalidates the previous one immediately. Apideck handles this rotation automatically. If a connection stops working, ask the user to re-authorise from Vault.
Error: Invalid redirect URI
Ensure the redirect URI in your Fortnox app settings is set to https://unify.apideck.com/vault/callback with no trailing slash. URI values are matched exactly.