Overview
Only Admin and Normal users without 2FA enabled are able to generate valid tokens using the API. Generating tokens in the UI is the recommended approach.
Step-By-Step Guide
- FogBugz itself supports several methods of logging on; however, the only method supported by the API is by providing an email address (or full name, just like FogBugz sign-in) and password in the logon method:
http://www.example.com/api.asp?cmd=logon&email=xxx@example.com&password=BigMac
- Successful logon – you get back an opaque string token which you will use for all subsequent requests. This token will persist until you execute a logoff command. Token reuse is encouraged over issuing repeat logon commands.
<response><token>24dsg34lok43un23</token></response>
- Ambiguous logon – there is more than one FogBugz user with that email address. FogBugz will supply you with a list of full names; you must provide the appropriate full name to log on
<response>
<error code="2">Ambiguous Logon</error>
<people>
<person>John Hancock</person>
<person>Fred Astaire</person>
</people>
</response>
- If, for example, you get that response, you would prompt the user with a combo box to choose if they are John Hancock or Fred Astaire. If they are John, you would try logging on again with this URL:
http://www.example.com/api.asp?cmd=logon&email=John%20Hancock&password=BigMac
- To check the validity of an existing token, pass the token to the logon command:
http://www.example.com/api.asp?cmd=logon&token=[your_token]
- If your token is valid, you will receive:
<response><token>[your_token]</token></response>
For more information, refer to the complete XML API documentation for FogBugz.