Quick Start Guide

Learn how to build and test your first Procore app.

Overview

Make your first Procore API call; this guide walks you through a single, linear path: create an app, authenticate, and retrieve data from your Developer Sandbox.

Things to Consider

  • A Procore Developer Account (email verified) is required. See Registering a New Developer Account.
  • You should have a basic understanding of OAuth 2.0 (authorization code flow) and redirect URIs.
  • You will need an API client such as Postman or cURL.

Step 1: Create Your App in the Developer Portal

  1. Sign in to the Procore Developer Portal.
  2. Go to My Apps and select Create New App.
  3. Enter a meaningful name (for example, QuickStart Test App).
  4. Select Create App.

Step 2: Add a Data Connector Component

A Data Connector Component enables your app to access Procore's REST APIs.

  1. In your app, expand Data Connector Components.
  2. Select Add Components.
  3. Select User‑level Authentication.
  4. Select Save Component.
  5. Select Create Version near the top right and follow the prompts.

Step 3: Update Your App's Redirect URI (for testing)

For quick testing, set a temporary out‑of‑band Redirect URI.

  1. In your app, select OAuth Credentials.
  2. Under Sandbox OAuth Credentials, edit the Redirect URI.
  3. Enter urn:ietf:wg:oauth:2.0:oob (testing only).
  4. Select Update.
Note: Use a proper HTTPS redirect URI in production.

Step 4: Install Your App in the Developer Sandbox

Each app includes a Developer Sandbox for testing. Only the App Creator is added by default. To add testers, see Add a User Account to the Company Directory.

  1. Sign in to your Developer Sandbox company.
  2. Go to Company Tools > Admin > App Management.
  3. Select Install App > Install Custom App.
  4. Paste the Sandbox App Version Key from your app in the Developer Portal.
  5. Select Install, then confirm.

Step 5: Generate an Authorization Code

Replace CLIENT_ID with your Sandbox Client ID and open the URL in your browser to authorize.

  • https://login-sandbox.procore.com/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=urn:ietf:wg:oauth:2.0:oob
If prompted, sign in and select Allow. Copy the displayed code for the next step.

Step 6: Exchange the Code for an Access Token

Use Postman (or any API client) to exchange the code for a token.

  1. Create a POST request to https://login-sandbox.procore.com/oauth/token/.
  2. In the Body (x-www-form-urlencoded), add:
    • grant_type: authorization_code
    • code: the authorization code from Step 5
    • client_id: your Sandbox Client ID
    • client_secret: your Sandbox Client Secret
    • redirect_uri: urn:ietf:wg:oauth:2.0:oob
  3. Select Send.
If successful, the response includes access_token, token_type, expires_in, and refresh_token. 
{
  "access_token": "dbaf9757982a9e738f05d249b7b5b4a266b3a139049317c4909f2f263572c781",
  "token_type": "bearer",
  "expires_in": 5400,
  "refresh_token": "76ba4c5c75c96f6087f58a4de10be6c00b29ea1ddc3b2022ee2016d1363e3a7c",
  "created_at": 1508271900
}
Tip: Store client credentials securely. Do not commit secrets to source control.

Step 7: Test API Requests

With a valid access token, you can call Procore's REST APIs. Use the Authorization header with the Bearer token. API calls use the https://sandbox.procore.com base URL.

1) List available companies

  1. Method: GET
  2. URL: https://sandbox.procore.com/rest/v1.0/companies
  3. Headers:
    • Authorization: Bearer ACCESS_TOKEN
Copy the id of the company where your app is installed for the next request.

2) List projects in a company
  1. Method: GET
  2. URL: https://sandbox.procore.com/rest/v1.1/projects?company_id=COMPANY_ID
  3. Headers:
    • Authorization: Bearer ACCESS_TOKEN
    • Procore-Company-Id: COMPANY_ID
For more endpoints, see the REST API Overview.

You just made your first Procore API call

You’ve created an app, authenticated with OAuth 2.0, and retrieved real data from Procore. From here:

Was this page helpful? Thanks for your feedback!