Usage of Procore's API is subject to rate limits. By limiting the number of API requests that can be issued from a unique authentication token, we're able to offer a more reliable service by protecting our own system infrastructure from being negatively affected by abusive users or applications who are not operating in accordance to our terms and conditions.

Per User

Procore API rate limits to 3,600 requests per hour. The rate limit resets every hour.

There are three important headers returned when making an api request.

Header Explanation
X-Rate-Limit-Limit The total number of requests per 60 minute window.
X-Rate-Limit-Remaining The number of requests you are allowed to make in the current 60 minute window.
X-Rate-Limit-Reset The Unix timestamp for when the next window begins.
X-Rate-Limit-Limit: 3600
X-Rate-Limit-Remaining: 3599
X-Rate-Limit-Reset: 1466182244

When you exceed the rate limit, the client will receive a 429 status code. The rate limit headers will still be present. The body will contain the message.

You have surpassed the max number of requests for an hour. Please wait until your limit resets.

Tips to Avoid Hitting the Rate Limit

The tips below are there to help you code defensively and reduce the possibility of exceeding the rate limit. Some application features that you may want to provide are simply impossible in light of rate limiting, especially around the most current data available.

  • If you don't need all of the fields in the show response, fetch the entire collection of objects through the index action in one API event.
  • Cache results whenever possible. This is especially true when you are displaying data to the public (i.e. everyone sees the same output).
  • Use logging to see how many requests you're making.