Bugzilla::Webservice::User - The User Account and Login API


This part of the Bugzilla API allows you to create User Accounts and log in/out using an existing account.


See Bugzilla::WebService for a description of how parameters are passed, and what STABLE, UNSTABLE, and EXPERIMENTAL mean.

Logging In and Out




Logging in, with a username and password, is required for many Bugzilla installations, in order to search for bugs, post new bugs, etc. This method logs in an user.

login (string) - The user's login name.
password (string) - The user's password.
remember (bool) Optional - if the cookies returned by the call to login should expire with the session or not. In order for this option to have effect the Bugzilla server must be configured to allow the user to set this option - the Bugzilla parameter rememberlogin must be set to "defaulton" or "defaultoff". Addionally, the client application must implement management of cookies across sessions.

On success, a hash containing one item, id, the numeric id of the user that was logged in. A set of http cookies is also sent with the response. These cookies must be sent along with any future requests to the webservice, for the duration of the session.

300 (Invalid Username or Password)

The username does not exist, or the password is wrong.

301 (Account Disabled)

The account has been disabled. A reason may be specified with the error.

305 (New Password Required)

The current password is correct, but the user is asked to change his password.

50 (Param Required)

A login or password parameter was not provided.




Log out the user. Does nothing if there is no user logged in.

Params (none)
Returns (nothing)
Errors (none)

Account Creation




Sends an email to the user, offering to create an account. The user will have to click on a URL in the email, and choose their password and real name.

This is the recommended way to create a Bugzilla account.

email (string) - the email to send the offer to.
Returns (nothing)
500 (Account Already Exists)

An account with that email address already exists in Bugzilla.

501 (Illegal Email Address)

This Bugzilla does not allow you to create accounts with the format of email address you specified. Account creation may be entirely disabled.




Creates a user account directly in Bugzilla, password and all. Instead of this, you should use "offer_account_by_email" when possible, because that makes sure that the email address specified can actually receive an email. This function does not check that.

You must be logged in and have the editusers privilege in order to call this function.

email (string) - The email address for the new user.
full_name (string) Optional - The user's full name. Will be set to empty if not specified.
password (string) Optional - The password for the new user account, in plain text. It will be stripped of leading and trailing whitespace. If blank or not specified, the newly created account will exist in Bugzilla, but will not be allowed to log in using DB authentication until a password is set either by the user (through resetting their password) or by the administrator.

A hash containing one item, id, the numeric id of the user that was created.


The same as "offer_account_by_email". If a password is specified, the function may also throw:

502 (Password Too Short)

The password specified is too short. (Usually, this means the password is under three characters.)

Error 503 (Password Too Long) removed in Bugzilla 3.6.

User Info




Gets information about user accounts in Bugzilla.


Note: At least one of ids, names, or match must be specified.

Note: Users will not be returned more than once, so even if a user is matched by more than one argument, only one user will be returned.

In addition to the parameters below, this method also accepts the standard include_fields and exclude_fields arguments.

ids (array)

An array of integers, representing user ids.

Logged-out users cannot pass this parameter to this function. If they try, they will get an error. Logged-in users will get an error if they specify the id of a user they cannot see.

names (array)

An array of login names (strings).

match (array)

An array of strings. This works just like "user matching" in Bugzilla itself. Users will be returned whose real name or login name contains any one of the specified strings. Users that you cannot see will not be included in the returned list.

Some Bugzilla installations have user-matching turned off, in which case you will only be returned exact matches.

Most installations have a limit on how many matches are returned for each string, which defaults to 1000 but can be changed by the Bugzilla administrator.

Logged-out users cannot use this argument, and an error will be thrown if they try. (This is to make it harder for spammers to harvest email addresses from Bugzilla, and also to enforce the user visibility restrictions that are implemented on some Bugzillas.)

group_ids (array)
groups (array)

group_ids is an array of numeric ids for groups that a user can be in. groups is an array of names of groups that a user can be in. If these are specified, they limit the return value to users who are in any of the groups specified.

include_disabled (boolean)

By default, when using the match parameter, disabled users are excluded from the returned results unless their full username is identical to the match string. Setting include_disabled to true will include disabled users in the returned results even if their username doesn't fully match the input string.


A hash containing one item, users, that is an array of hashes. Each hash describes a user, and has the following items:


int The unique integer ID that Bugzilla uses to represent this user. Even if the user's login name changes, this will not change.


string The actual name of the user. May be blank.


string The email address of the user.


string The login name of the user. Note that in some situations this is different than their email.


boolean A boolean value to indicate if the user can login into bugzilla.


boolean A boolean value to indicate if bug-related mail will be sent to the user or not.


string A text field that holds the reason for disabling a user from logging into bugzilla, if empty then the user account is enabled. Otherwise it is disabled/closed.

Note: If you are not logged in to Bugzilla when you call this function, you will only be returned the id, name, and real_name items. If you are logged in and not in editusers group, you will only be returned the id, name, real_name, email, and can_login items.

51 (Bad Login Name or Group ID)

You passed an invalid login name in the "names" array or a bad group ID in the group_ids argument.

304 (Authorization Required)

You are logged in, but you are not authorized to see one of the users you wanted to get information about by user id.

505 (User Access By Id or User-Matching Denied)

Logged-out users cannot use the "ids" or "match" arguments to this function.

804 (Invalid Group Name)

You passed a group name in the groups argument which either does not exist or you do not belong to it.

Added in Bugzilla 3.4.
group_ids and groups were added in Bugzilla 4.0.
include_disabled added in Bugzilla 4.0. Default behavior for match has changed to only returning enabled accounts.
Error 804 has been added in Bugzilla 4.0.9 and 4.2.4. It's now illegal to pass a group name you don't belong to.