Quick Start Guide
Learn how to build and test your first Procore app.
Introduction
This guide walks you through creating and testing a basic app using User‑level Authentication in the Procore Developer Sandbox. You’ll create an app, add a data connector component, install it in your Sandbox company, obtain an access token, and make your first API calls.
Steps to Make Your First API Call
Prerequisites
- A Procore Developer Account (email verified).
- Basic understanding of OAuth 2.0 (authorization code flow) and redirect URIs.
- An API client such as Postman or cURL.
Step 1: Create Your App in the Developer Portal
- Log in to the Procore Developer Portal.
- Go to My Apps and select Create New App.
- Enter a meaningful name (for example, QuickStart Test App).
- Click Create App.
Step 2: Add a Data Connector Component
A Data Connector Component enables your app to access Procore’s REST APIs.
- In your app, expand Data Connector Components.
- Click Add Components.
- Select User‑level Authentication.
- Click Save Component.
- Click Create Version near the top right and follow the prompts.
Step 3: Update Your App’s Redirect URI (for testing)
For quick testing, set a temporary out‑of‑band Redirect URI.
- In your app, select OAuth Credentials.
- Under Sandbox OAuth Credentials, edit the Redirect URI.
- Enter
urn:ietf:wg:oauth:2.0:oob
(testing only). - Click Update.
Step 4: Install Your App in the Developer Sandbox
Each app includes a Developer Sandbox for testing. Only the App Creator is added by default. To add testers, see Add a User Account to the Company Directory.
- Log in to your Developer Sandbox company.
- Go to Company Tools > Admin > App Management.
- Click Install App > Install Custom App.
- Paste the Sandbox App Version Key from your app in the Developer Portal.
- Click Install, then confirm.
Step 5: Generate an Authorization Code
Replace CLIENT_ID with your Sandbox Client ID and open the URL in your browser to authorize.
https://login-sandbox.procore.com/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=urn:ietf:wg:oauth:2.0:oob
Step 6: Exchange the Code for an Access Token
Use Postman (or any API client) to exchange the code for a token.
- Create a POST request to
https://login-sandbox.procore.com/oauth/token/
. - In the Body (x-www-form-urlencoded), add:
grant_type
:authorization_code
code
: the authorization code from Step 5client_id
: your Sandbox Client IDclient_secret
: your Sandbox Client Secretredirect_uri
:urn:ietf:wg:oauth:2.0:oob
- Click Send.
access_token
, token_type
, expires_in
, and refresh_token
.
{ "access_token": "dbaf9757982a9e738f05d249b7b5b4a266b3a139049317c4909f2f263572c781", "token_type": "bearer", "expires_in": 5400, "refresh_token": "76ba4c5c75c96f6087f58a4de10be6c00b29ea1ddc3b2022ee2016d1363e3a7c", "created_at": 1508271900 }Tip: Store client credentials securely. Do not commit secrets to source control.
Step 7: Test API Requests
With a valid access token, you can call Procore’s REST APIs. Use the Authorization header with the Bearer token. API calls use the https://sandbox.procore.com
base URL.
1) List available companies
- Method: GET
- URL:
https://sandbox.procore.com/rest/v1.0/companies
- Headers:
Authorization
:Bearer ACCESS_TOKEN
id
of the company where your app is installed for the next request.
2) List projects in a company
- Method: GET
- URL:
https://sandbox.procore.com/rest/v1.1/projects?company_id=COMPANY_ID
- Headers:
Authorization
:Bearer ACCESS_TOKEN
Procore-Company-Id
:COMPANY_ID