API tokens are used for authorizing access to our FogBugz instance without sharing our username and password. API tokens are required before performing any action via FogBugz API.
Tokens can be easily generated, and also revoked.
This article describes how to generate API token using the FogBugz UI.
Alternatively, you can get an API token using FogBugz API commands.
Note: The FogBugz API token has no expiry time. This is why for security reasons, it is important to invalidate it once it is not needed anymore.
FogBugz API token can be invalidated by performing one of the following:
- Executing a logoff API command with that token.
- Changing the user’s password who created the given API token.
- Having a FogBugz administrator invalidate that token from the Session Management page.
To generate a FogBugz API token, follow the steps mentioned below:
Navigate to the Avatar Menu > User Options.
Click Create API Token.
A token will be returned as shown in the image below:
Important! The API token is tied to the user account password. If the account password is changed, the API gets invalidated.