Only Admin and Normal users without 2FA enabled are able to generate valid tokens using the API. Generating tokens in the UI is the recommended approach.
- FogBugz itself supports several methods of logging on; however, the only method supported by the API is by providing an email address (or full name, just like FogBugz sign-in) and password in the logon method:
- Successful logon – you get back an opaque string token which you will use for all subsequent requests. This token will persist until you execute a logoff command. Token reuse is encouraged over issuing repeat logon commands.
- Ambiguous logon – there is more than one FogBugz user with that email address. FogBugz will supply you with a list of full names; you must provide the appropriate full name to log on
<error code="2">Ambiguous Logon</error>
- If, for example, you get that response, you would prompt the user with a combo box to choose if they are John Hancock or Fred Astaire. If they are John, you would try logging on again with this URL:
- To check the validity of an existing token, pass the token to the logon command:
- If your token is valid, you will receive:
For more information, refer to the complete XML API documentation for FogBugz.