Quick Start Guide

Learn how to build and test your first Procore app.

Introduction

This guide walks you through creating and testing a basic app using User‑level Authentication in the Procore Developer Sandbox. You’ll create an app, add a data connector component, install it in your Sandbox company, obtain an access token, and make your first API calls.


Steps to Make Your First API Call

Prerequisites

  1. A Procore Developer Account (email verified).
  2. Basic understanding of OAuth 2.0 (authorization code flow) and redirect URIs.
  3. An API client such as Postman or cURL.

Step 1: Create Your App in the Developer Portal

  1. Log in to the Procore Developer Portal.
  2. Go to My Apps and select Create New App.
  3. Enter a meaningful name (for example, QuickStart Test App).
  4. Click Create App.


Step 2: Add a Data Connector Component

A Data Connector Component enables your app to access Procore’s REST APIs.

  1. In your app, expand Data Connector Components.
  2. Click Add Components.
  3. Select User‑level Authentication.
  4. Click Save Component.
  5. Click Create Version near the top right and follow the prompts.


Step 3: Update Your App’s Redirect URI (for testing)

For quick testing, set a temporary out‑of‑band Redirect URI.

  1. In your app, select OAuth Credentials.
  2. Under Sandbox OAuth Credentials, edit the Redirect URI.
  3. Enter urn:ietf:wg:oauth:2.0:oob (testing only).
  4. Click Update.
Note: Use a proper HTTPS redirect URI in production.


Step 4: Install Your App in the Developer Sandbox

Each app includes a Developer Sandbox for testing. Only the App Creator is added by default. To add testers, see Add a User Account to the Company Directory.

  1. Log in to your Developer Sandbox company.
  2. Go to Company Tools > Admin > App Management.
  3. Click Install App > Install Custom App.
  4. Paste the Sandbox App Version Key from your app in the Developer Portal.
  5. Click Install, then confirm.


Step 5: Generate an Authorization Code

Replace CLIENT_ID with your Sandbox Client ID and open the URL in your browser to authorize.

  • https://login-sandbox.procore.com/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=urn:ietf:wg:oauth:2.0:oob
If prompted, sign in and click Allow. Copy the displayed code for the next step.


Step 6: Exchange the Code for an Access Token

Use Postman (or any API client) to exchange the code for a token.

  1. Create a POST request to https://login-sandbox.procore.com/oauth/token/.
  2. In the Body (x-www-form-urlencoded), add:
    • grant_type: authorization_code
    • code: the authorization code from Step 5
    • client_id: your Sandbox Client ID
    • client_secret: your Sandbox Client Secret
    • redirect_uri: urn:ietf:wg:oauth:2.0:oob
  3. Click Send.
If successful, the response includes access_token, token_type, expires_in, and refresh_token.
{
  "access_token": "dbaf9757982a9e738f05d249b7b5b4a266b3a139049317c4909f2f263572c781",
  "token_type": "bearer",
  "expires_in": 5400,
  "refresh_token": "76ba4c5c75c96f6087f58a4de10be6c00b29ea1ddc3b2022ee2016d1363e3a7c",
  "created_at": 1508271900
}
Tip: Store client credentials securely. Do not commit secrets to source control.


Step 7: Test API Requests

With a valid access token, you can call Procore’s REST APIs. Use the Authorization header with the Bearer token. API calls use the https://sandbox.procore.com base URL.

1) List available companies

  1. Method: GET
  2. URL: https://sandbox.procore.com/rest/v1.0/companies
  3. Headers:
    • Authorization: Bearer ACCESS_TOKEN
Copy the id of the company where your app is installed for the next request.

2) List projects in a company
  1. Method: GET
  2. URL: https://sandbox.procore.com/rest/v1.1/projects?company_id=COMPANY_ID
  3. Headers:
    • Authorization: Bearer ACCESS_TOKEN
    • Procore-Company-Id: COMPANY_ID
For more endpoints, see the REST API Overview.