Get an API Token using FogBugz API commands



Before executing any FogBugz API command, a token will be needed for authentication.

This article describes how to get an API token using FogBugz API commands. The method described here will work only if Two-Factor Authentication is disabled.

Alternatively, you can create API Token using the FogBugz UI.



In general, we recommend you to write API scripts to require a token that you generate in the web UI, rather than storing an email address and password and calling cmd=logon in the script itself.



Note: The FogBugz API token has no expiry time. This is why, for security reasons, it is important to invalidate it once it is not needed anymore. 

FogBugz API token can be invalidated by performing one of the following:

  • Executing a logoff API command with that token.
  • Changing the user’s password who created the given API token.
  • Having a FogBugz administrator invalidate that token from the Session Management page.

FogBugz API logon command

API logon using the browser

Open a browser and load the following URL into it, replacing the text in [square brackets] with values appropriate to your install:

NOTE: If you’re on FogBugz On-Demand, you must use HTTPS, not HTTP.

Follow the General rules for API requests, including URL Encoding your URLs. Otherwise, special characters in passwords may cause trouble.

API logon using Curl

Alternatively, from the command line set the variables FOGBUGZ, EMAIL, and PASSWORD, then run:

curl "https://$FOGBUGZ/api.asp?cmd=logon&email=$EMAIL&password=$PASSWORD"

The API should give you an XML response with a token that looks something like this:



Do a search with the token to test it

Execute the search with the browser

Copy the token value. This is how you use it to do a search for “foo”:


Execute search with Curl

Alternatively, from the command line set the variable TOKEN:

curl "https://$FOGBUGZ/api.asp?token=$TOKEN&cmd=search&q=foo"


Back to the top

Related Articles