You need a token to do anything with the FogBugz API. Here’s how to get one:

  1. Head over to your User Options Page (Avatar > Options)
  2. Click the “Create API Token” button
  3. That’s it!  There is no step 3

Generate API Token

You can also use cmd=logon in the XML API as described below, but only if Two-Factor Authentication is disabled for your user. Note that we recommend you write XML API scripts to require a token that you generate for it in the web UI, rather than storing an email address and password and calling cmd=logon in the script itself.

For FogBugz For Your Server customers:

Open a browser and load the following URL into it, replacing the text in [square brackets] with values appropriate to your install:

  • NOTE: If you’re on FogBugz On Demand, you must use HTTPS, not HTTP.
  • ALSO NOTE: Follow the General rules for API requests, including URL Encoding your URLs. Otherwise, special characters in passwords may cause trouble.

Alternatively, from the command line set the variables FOGBUGZ, EMAIL, and PASSWORD, then run:

curl "https://$FOGBUGZ/api.asp?cmd=logon&email=$EMAIL&password=$PASSWORD"

The API should give you an XML response with a token that looks something like this:


Copy the token value. This is how you use it to do a search for “foo”:


Alternatively, from the command line set the variable TOKEN:

curl "https://$FOGBUGZ/api.asp?token=$TOKEN&cmd=search&q=foo" 

The token has no expiry time. It can be invalidated by executing a logoff command with that token or by changing your user’s password.

See also the full XML API documentation.