Overview

Only Admin and Normal users without 2FA enabled are able to generate valid tokens using the API. Generating tokens in the UI is the recommended approach.

Step-By-Step Guide

• FogBugz itself supports several methods of logging on; however, the only method supported by the API is by providing an email address (or full name, just like FogBugz sign-in) and password in the logon method:

http://www.example.com/api.asp?cmd=logon&email=xxx@example.com&password=BigMac

• Successful logon – you get back an opaque string token which you will use for all subsequent requests. This token will persist until you execute a logoff command. Token reuse is encouraged over issuing repeat logon commands.

<response><token>24dsg34lok43un23</token></response>

• Ambiguous logon – there is more than one FogBugz user with that email address. FogBugz will supply you with a list of full names; you must provide the appropriate full name to log on

<response>
     <error code="2">Ambiguous Logon</error>
     <people>
               <person>John Hancock</person>
               <person>Fred Astaire</person>
     </people>
  </response>

• If, for example, you get that response, you would prompt the user with a combo box to choose if they are John Hancock or Fred Astaire. If they are John, you would try logging on again with this URL:

http://www.example.com/api.asp?cmd=logon&email=John%20Hancock&password=BigMac

• To check the validity of an existing token, pass the token to the logon command:

http://www.example.com/api.asp?cmd=logon&token=[your_token]

• If your token is valid, you will receive:

<response><token>[your_token]</token></response>

For more information, refer to the complete XML API documentation for FogBugz.