Only Admin and Normal users without 2FA enabled are able to generate valid tokens using the API. Generating tokens in the UI is the recommended approach.
Customer Facing Information.
FogBugz itself supports several methods of logging on, however, the only method supported by the API is by providing an email address (or full name, just like FogBugz sign-in) and password in the logon method: http://firstname.lastname@example.org&password=BigMac
Successful logon– you get back an opaque string token which you will use for all subsequent requests. This token will persist until you execute a logoff command. Token reuse is encouraged over issuing repeat logon commands.
- Ambiguous logon – there is more than one FogBugz user with that email address. FogBugz will supply you with a list of full names; you must provide the appropriate full name to log on.
<error code="2">Ambiguous Logon</error>
- If, for example, you got that response, you would prompt the user with a combo box to choose if they are John Hancock or Fred Astaire. If they’re John, you would try logging on again with this URL:
- To check the validity of an existing token, pass the token to the logon command:
- If your token is valid, you’ll receive:
See also the full XML API documentation.