Skip to main content

API Access

If a customer needs to access the Bugfender API, they will need to generate an API key. There are three ways to generate an API key:

  • Service accounts (medium security)
  • Service accounts with JWT (high security)
  • OAuth app (medium security)

All api keys are stored in the o_auth_clients table in the database.

Service accounts (medium security)

This is the easiest way to generate an API key. Before starting, make sure the customer has a Pro plan or better.

  • Make sure the client is in a Pro plan or better
  • Make sure the user is an admin in the team.
  • Write down the team ID.

Using Lens, open a shell into a pod of “web-pro” and run the command (replace team ID):

/bugfender-admin serviceaccountadd -conf /conf/bugfender.conf -team XXXXX

This will generate a client ID and a client secret and store them in the database automatically. You can now send the client ID and client secret to the customer.

Service account with JWT (high security)

This is the most secure way to generate an API key. Before starting, make sure the customer has a Pro plan or better.

  • The customer must provide a public key (instructions here https://support.bugfender.com/en/articles/4667823-api-access)
  • Follow the steps to create a service account above
  • Edit the database and edit the o_auth_clients table:
    • Remove the client_secret_hash
    • Paste the provided public key in the client_r_s_a_public_key field

OAuth app (medium security)

This is the most complex way to generate an API key. Before starting, make sure the customer has a Pro plan or better.

  • Make sure the client is in a Pro plan or better
  • Generate a random string of 16 lowercase+uppercase letters and numbers (client ID)
  • Generate a random string of 32 lowercase+uppercase letters and numbers (client secret) and encode it in bcrypt with 10 passes
    • Choose two of these and concatenate them
    • Put them in htpasswd -nbBC 10 DISCARDME thepasswordhere
    • Discard the DISCARDME: part (the hash starts with $)
  • Add those to the o_auth_clients table in mysql
    • You can use urn:ietf:wg:oauth:2.0:oob if you don’t have a redirect URL
  • Put the secret key in a https://onetimesecret.com and send it to the customer
success

If everything went well, the customer should be able to access the API with the provided credentials. In the team settings, you can see the new Service Account that have been created as a new user in the team.