Managing OAuth Credentials and Redirect URIs
Client Secret Confidentiality
Once a user successfully authorizes your app to access their data in Procore, the Procore
authorization server redirects them back to your app with either an authorization code or
access token in the URL depending on the particular OAuth 2.0 grant type
you have implemented. To ensure that the user's browser is directed back to the proper location, you are required to
define one or more Redirect URIs for your application. You can optionally
manage two distinct sets of Redirect URIs for the sandbox and production environments,
though this is not required. The
URI is registered by default when you create a new application in the Developer Portal.
Managing Sandbox OAuth Credentials and Redirect URIs
Using the Sandbox Account section on the App Settings page you can view and manage the OAuth credentials and Redirect URIs for your sandbox. Your sandbox Client ID and Client Secret is accessible in this section and you can reset the Client Secret as needed. You can also add, update, or delete Redirect URIs for your sandbox.
Managing Production OAuth Credentials and Redirect URIs
Using the App Credentials section on the App Settings page you can view and manage the the OAuth credentials and Redirect URIs for your production environment. Your production Client ID is accessible in this section and you can reset the Client Secret as needed. It is important to note that your production Client Secret is hidden from view in the App Credentials section and only visible to you once when you initially obtain production credentials through the manifest promotion process.