Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Cora PPM API: Getting Started

            Modified on Wed, 25 Feb at 3:09 PM

            Your Gateway to Data Integration

             

            Cora API Overview

            The Cora API gives you flexible, secure access to your project data outside the Cora platform. Whether you want to build custom reports, automate workflows, or connect with third-party tools, this guide will help you understand what the API can do and how to get up and running quickly.


            What You Can Do with the Cora API

            Use the Cora API to extend and automate how you work with your project data. Here are the key capabilities available to you:

            • Pull Reports: Export data to build custom reports and dashboards in tools like Power BI or Excel.
            • Automate Workflows: Sync data and eliminate manual steps across existing tools.
            • Build Integrations: Connect Cora with third-party platforms and custom applications.
            • Access Financial Data: Retrieve financial records, budgets, and cost data.

             

            Enabling API Access in Your Site

            • Navigate to Administration: Go to Administration → System → My Installation →  Features to access your site's configuration settings.
            • Enable the API Feature: On the Features tab, check the box labelled "API" to activate API functionality. If the box is greyed out, you'll need to subscribe to the Cora Integration Platform through your sales team.

            • Access API Settings: Once enabled, the API option appears under Administration → System → API, where you can configure authentication methods and manage access tokens.

            Once the API is enabled, it remains configured even if temporarily disabled. Your tokens and settings persist, allowing you to toggle access without losing your setup.


            Authentication: Personal Access Tokens

            Simple, Static Access

            Personal access tokens provide a straightforward authentication method ideal for implementation phases and testing. These tokens act as your digital credentials, allowing tools to access Cora on your behalf.

            How it works: Generate a token in Administration → System → API → Personal Access Token. Give it a descriptive name, set an expiration date (up to one year out), and save. The token value remains static until you manually regenerate it or it expires.

            Best for: Importing bulk data, pulling reports into Excel or Power BI, and development/testing scenarios where ease of setup outweighs advanced security requirements.

            Understanding API Call Types

            • GET Requests: Retrieve data from Cora without modifying anything. Use GET to pull project lists, user information, financial data, or any other records. GET calls are read-only and safe to run repeatedly.
            • PUT Requests: Update existing records. PUT calls modify project names, user skills, budget values, or other attributes. You must specify which record to update (usually via ID) and provide the new values.
            • POST Requests: Create brand new records in Cora. POST calls add users, projects, register entries, or any other data type. You supply the data structure in JSON format, and Cora creates the record.
            • DELETE Requests: Remove specific data. DELETE endpoints are limited in Cora—you can't delete projects, but you can remove users from project teams or delete certain register entries. Use with caution.

             

            Authentication: API Clients (OAuth)

            Dynamic, Enterprise-Grade Security

            API clients use OAuth 2.0 to generate short-lived, automatically refreshing tokens. Unlike personal access tokens, these don't require manual renewal and provide enhanced security for production environments.

            Each API client has a Client ID and Client Secret. Your integration tool uses these credentials to request temporary access tokens that expire after a set period, typically 24 hours. The system automatically issues new tokens as needed, ensuring continuous access without manual intervention.

            Ideal for Production Integrations

            Use API clients when building permanent integrations with ERP systems, iPaaS platforms (like Boomi or N8N), or custom applications that need ongoing, unattended access to Cora data.

            The dynamic token refresh mechanism means you never have to worry about expiration dates disrupting critical workflows. Your integration runs smoothly without requiring periodic token updates from administrators.


            Discovering Available Endpoints: Swagger

            Swagger is your interactive API documentation hub, accessible by appending _API/swagger to your Cora site URL. This powerful tool serves three critical functions for API users.

            Comprehensive Catalog

            Browse every available API endpoint, organized by data type (Projects, Users, Financials, etc.). Each endpoint includes detailed parameter specifications and response formats.

            Live Testing Environment

            Execute API calls directly in your browser. Log in using your Cora credentials, configure parameters, and see real data returned instantly—perfect for validation and troubleshooting.

            Request URL Generator

            Swagger automatically generates the complete request URL for each call. Copy these URLs into tools like Power BI, Excel, or Postman to replicate successful queries.

             

            Testing APIs in Swagger

            Hands-On Exploration

            Swagger transforms API documentation from static text into an interactive testing environment. Start by clicking the red exclamation mark to authenticate using your Cora username and password.

            Once logged in, expand any endpoint (like GET Projects) and click "Try it out". Add optional filter parameters—like project type or root project ID—to narrow results. Click "Execute" and watch as Swagger displays the response in real-time.

            Response Components:

            • Response Code: 200 means success; 500 indicates an error
            • Response Body: The actual data in JSON format
            • Request URL: The exact endpoint called—copy this for use in other tools

            Swagger's live testing helps you validate data structure, confirm filter logic, and troubleshoot issues before building integrations in production tools.

             

            Key Endpoints You'll Use Most

            End Point

            Description

            GET Projects

            The most frequently used endpoint. Returns project IDs, names, descriptions, types, statuses, dates, and system-level attributes. Use the root ProjectID parameter to filter by program structure.

            GET Custom Fields Data

            Retrieves values from smart form fields. Specify project ID and field ID to get specific responses or use group ID to pull entire form pages. Essential for accessing custom project information.

            GET Enterprise Financials

            Access budgets, forecasts, actuals, estimates, and commitments. Filter by account code, time period, or project. Critical for financial reporting and ERP integrations.

            GET Users

            Returns complete user profiles including names, emails, departments, skills, and login history. Perfect for building organizational dashboards or syncing with HR systems.

             

            GET Project Registers

            Pulls register entries—issues, risks, changes, or custom registers. Filter by project, register type, or status to extract exactly the records you need.

            GET Tasks

            Retrieves Gantt chart task data including predecessors, resources, dates, and completion percentages. Build schedule reports or sync tasks with external project management tools.

             

             

            Understanding Pagination Limits

            • Why Limits Exist: Many endpoints enforce pagination limits to prevent performance issues. For example, GET Projects returns a maximum of 500 records per call, even if you have 10,000 projects.
            • Check Response Headers: Swagger displays pagination limits in the response headers section. Always verify this value to ensure you're not missing data when large datasets are involved.
            • Using Offset and LimitsTo retrieve records beyond the initial limit, use offset and limit parameters. For example, set offset=500 and limit=500 to get records 501-1000. Repeat until all data is retrieved.

            Advanced tools like Power Query and custom scripts can automate pagination loops, systematically calling the API until all records are collected. Templates for this logic are available to simplify implementation.

             

            Finding System IDs for Filters

            Many API endpoints require numeric IDs rather than human-readable names. For instance, filtering by project type requires the project type's ID number (1, 2, 3) instead of its name (e.g., "Capital Expense").

            While the Cora UI shows names, the underlying database uses IDs. Swagger provides easy access to these hidden values through dedicated lookup endpoints

            Common Lookup Endpoints

            • GET Project Statuses: Returns status names with their IDs
            • GET Project Types: Maps project type names to numeric IDs
            • GET Skills: Lists all skills and their corresponding IDs
            • GET Users: Shows user IDs alongside names and emails

            Run these lookup calls once to build a reference table, then use the IDs confidently in subsequent filtered queries.


            JSON: The Language of APIs

            JSON (JavaScript Object Notation) is the standard format for API data exchange. It is human-readable text that represents structured information using key-value pairs, arrays, and nested object.

            • Key-Value Pairs: "projectID": 123 pairs a field name (projectID) with its value (123). Each pair is separated by commas within curly braces.
            • Data Types: Values can be strings ("text"), numbers (42), booleans (true/false), or null. Understanding types ensures proper filtering and comparison.
            • Nested Structures: Objects can contain other objects or arrays, representing complex hierarchies. Projects might have nested arrays of team members or financial periods.

            While JSON looks technical, tools like Power Query and Excel automatically parse it into familiar table formats, hiding the complexity while preserving the structure.

             

            Connecting Power BI to Cora API

            • Get Data from Web: In Power BI, select Get Data → Web → Advanced. This opens the configuration dialog for web-based data sources.
            • Configure Headers: Add two HTTP headers: accept: application/json (specifies data format) and authorization: private-token [your_token] (authenticates the request).
            • Paste Request URL: Copy the request URL from a successful Swagger test. Paste this into the URL field. This tells Power BI exactly which endpoint to call.
            • Load and Transform: Click OK, then Connect. Power Query Editor opens, automatically converting JSON into a table. Expand nested fields, apply filters, and load into your report.

            This same process works in Excel's Power Query, providing identical data access capabilities for spreadsheet users.

             

            Power Query: From JSON to Tables

            Automatic Data Transformation

            Power Query Editor is your data shaping workspace. When API data arrives in JSON format, Power Query intelligently converts it into tabular rows and columns—no manual parsing required.

            Key Features:

            • Each JSON object becomes a row; each key becomes a column
            • Nested objects appear as expandable columns—click the icon to reveal child fields
            • Filters, sorts, and transformations apply to the data before loading into Excel or Power BI
            • Refresh updates pull the latest data without reconfiguring connections
            • For datasets exceeding pagination limits, advanced M code can loop through multiple API calls, concatenating results into a single comprehensive table.

             

            Using Postman for API Testing

            Postman is a dedicated API development platform that streamlines testing, documentation, and automation. While Swagger provides quick browser-based testing, Postman offers more powerful features for sustained API work.

            • Persistent CollectionsOrganize API calls into collections by site or function. Once configured, switch between customer environments or test different endpoints without re-entering authentication details
            • Environment Variable: Store base URLs, tokens, and project IDs as variables. Change one variable to redirect all calls in a collection—invaluable when working across multiple Cora instances.
            • Batch Operations: Run entire collections sequentially to bulk import users, create projects, or update hundreds of records. Postman's Collection Runner executes multiple requests automatically.

             

            Setting Up Postman Requests

            • Create New Request: Click New → Request, name it descriptively (e.g., "Get Project 123"), and add it to a collection for organization.
            • Configure Method & URL: Select GET/POST/PUT from the dropdown, then paste your API endpoint URL (base URL + specific path, like /projects/123).
            • Add Authorization Header: In the Headers tab, add Authorization as key and private-token [your_token] as value. This authenticates every request.
            • Send & Review: Click Send. Postman displays the response body, status code, and timing. Save successful requests for future use.

            For POST and PUT requests, add a JSON body in the Body tab. Postman validates syntax and highlights errors before sending, preventing malformed requests

             

            Practical API Use Cases

             

             

            Bulk Data Imports

            Create hundreds of users, projects, or skills at once by posting JSON arrays through Postman or custom scripts. Beats manual entry for large-scale rollouts.

             

            ERP Integration

            Automatically sync actuals from your accounting system into Cora, eliminating manual data entry. POST financials endpoints accept budget, forecast, and actual data in bulk.

             

            Workflow Automation

            Build custom automation with iPaaS tools: trigger actions in Cora when external events occur, or push Cora updates to Slack, Teams, or email notifications.

             

            Advanced Reporting

            Pull project and financial data into Power BI for custom visualizations that exceed Cora's native reporting capabilities. Combine multiple data sources for comprehensive insights.

             

            Historical Data Archiving

            Extract snapshots of forecasts or project states on a schedule (monthly, quarterly). Store in a SQL database to maintain a complete audit trail over years.

             

            Data Quality Audit

            Export all projects or users, run validation scripts to find inconsistencies (missing types, invalid dates), then PUT corrections back automatically.

             




             

            Auditing and Data Persistence

            Understanding how Cora tracks changes is crucial for compliance and troubleshooting. The API provides multiple layers of audit visibility.

            System Audit Report

            Access Administration → Reports → System Audit to see every action by any user. Filter by date range and username to track modifications. This report exports to Excel, PDF, or HTML and never gets purged—historical records remain indefinitely.

            Use this for investigations, compliance reviews, or understanding who changed what and when.

            Project Audit Trail

            Every project has a dedicated audit trail available both in the UI (Reports → Audit Trail) and via the GET Audit Trail endpoint. It captures changes to project properties, custom fields, team members, and more.

            API access to audit trails enables automated reporting—export changes to external databases for long-term retention or regulatory compliance.

             

            Best Practices for API Success

            • Secure Your Tokens: Never share personal access tokens publicly or hardcode them in version-controlled scripts. Use environment variables or secure vaults. Rotate tokens regularly, especially after team changes.
            • Document Your Integrations: Maintain clear documentation of which endpoints you use, what filters you apply, and where data flows. Future administrators will thank you when troubleshooting or extending functionality.
            • Test Before Production: Always validate API calls in a sandbox or demo site before running in production. Test pagination logic, error handling, and data transformations with realistic datasets.
            • Optimize for Performance: Use filters to request only needed data. Limit response fields when possible. Schedule bulk operations during off-peak hours to avoid impacting user experience.


            Your API Journey Begins Now

            The Cora API transforms your project management platform from a standalone application into an integrated data hub. You now have the knowledge to authenticate, explore endpoints, test calls, and connect external tools.

            • Start Small: Begin with simple GET requests in Swagger. Pull a list of projects or users. Get comfortable with JSON responses and filtering parameters before advancing to complex integrations.
            • Build Gradually: Move to Power BI or Excel once you understand endpoint structure. Create basic reports that demonstrate value to stakeholders—proving ROI justifies deeper investment.
            • Scale Strategically: When ready for production integrations, transition to API clients with OAuth for enhanced security. Partner with IT teams to build robust, automated workflows that sync data reliably.


            The API is one of Cora's most powerful features, enabling endless possibilities for customization and integration. Experiment, iterate, and don't hesitate to reach out for support as you build increasingly sophisticated solutions.

             

             

             

             

             

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0