Introducing the Visibuild Core API
The Visibuild Core API is designed for teams that need deeper, more granular access to their Visibuild data. Whether you’re syncing data with other construction management tools, performing detailed analysis, or building custom reporting solutions, the API provides the flexibility to retrieve and work with Visibuild data exactly how you need.
What you can do with it
The Core API is designed for teams that need deeper, more granular access to their Visibuild data. Whether you're syncing data with other construction management tools, performing detailed analysis, or building custom reporting solutions, the Core API provides the flexibility to retrieve and work with Visibuild data exactly how you need.
Integrating with other systems by syncing Visibuild data with your ERP, CRM, or project management tools.
Building custom reports and dashboards with full access to individual records, beyond what’s available in standard reporting.
Automating ticket creation from external systems like resident portals or building management platforms.
Real-time notifications via webhooks when ticket statuses change, so downstream systems stay up to date without polling.
Base URL
AU
https://app.visibuild.com.au/api/core/v1/
EU
https://app.visibuild.co.uk/api/core/v1/
US
https://app.us.visibuild.com/api/core/v1/
API reference: Core API documentation, including the full endpoint list with request/response schemas.
What’s available
The Core API covers the core building blocks of your Visibuild data:
Resource | Description |
Projects & structure | Access project details, hierarchies, and records to understand how your data is organised across the platform. |
Visis (Inspections and Issues) | Retrieve inspections, issues, defects, and their associated data including statuses, assignees, tags, links, and attachments. |
Locations | Access your project’s location hierarchy, closures, and milestone progress, from high-level zones down to specific rooms or areas where work is being tracked. |
Approval flows | Retrieve information about your structured review processes, including approval statuses and workflow progress. |
Tickets | Create and retrieve defect tickets, including file attachments and comments. |
Webhooks | Register endpoints to receive real-time notifications when ticket events occur. |
Authentication
Every API request must include a valid token in the Authorization header:
Authorization: Bearer {your_token}There are two ways to authenticate:
OAuth 2.0 Client Credentials for external integrations and machine-to-machine access. OAuth tokens are scoped (
read,write, or both) and expire automatically. See Setting up OAuth authentication.Legacy bearer token for internal reporting, dashboards, and scripts. See Generating API credentials.
Both methods authenticate at the company level. The token determines which company's data you can access, not a specific user.
Pagination
All list endpoints use seek-based pagination (also called keyset pagination). Each response includes a next cursor that you pass as a query parameter to fetch the next page.
GET /api/core/v1/tickets?pageSize=100
Response:
{
"data": { "tickets": [ ... ] },
"pagination": {
"pageSize": 100,
"next": "019cda2d-3826-d0fb-c8cc-66bd0ee25062"
}
}To get the next page:
GET /api/core/v1/tickets?pageSize=100&next=019cda2d-3826-d0fb-c8cc-66bd0ee25062
When next is null, there are no more results.
For more detail, see Pagination.
Keeping data in sync
Most list endpoints support an updatedAfter query parameter. This returns only records that have been modified since a given timestamp, which is essential for efficient data synchronisation.
GET /api/core/v1/tickets?updatedAfter=2026-03-20T00:00:00Z
Recommended sync strategy
For integrations that need to stay in sync with Visibuild, combine webhooks with polling:
Webhooks for real-time updates. Register a webhook to receive instant notifications when tickets are created, updated, or status-changed. This covers the vast majority of cases. See Webhooks.
Polling as a safety net. Run a periodic job (e.g. every 15 minutes) using
updatedAfterto catch anything that might have been missed, for example if your webhook endpoint was temporarily down.Nightly reconciliation. Once a day, do a full comparison between your system and Visibuild to verify everything is consistent.
Initial sync
When connecting a new integration, you’ll need to do an initial bulk fetch of existing data. Page through the relevant endpoints without any updatedAfter filter to pull everything, then switch to incremental sync using the timestamp of your last successful fetch.
Rate limiting
The Core API enforces a rate limit of 100 requests per minute per company. The limit uses a rolling 60-second window.
Response headers
Every response includes rate limit headers:
Header | Description |
| Maximum requests allowed per minute. |
| Requests remaining in the current window. |
| Seconds until the window resets. |
When the limit is exceeded
If you exceed 100 requests per minute, the API returns:
HTTP 429 Too Many Requests
A
Retry-Afterheader indicating how many seconds to wait before retrying.
The rate limit is shared across all tokens and integrations within the same company. If you have multiple systems calling the API, they share the same 100-request budget.
Tip: Use pageSize to fetch more data per request (up to 5,000 for ticket endpoints) and rely on updatedAfter to limit the volume of data you’re requesting. This keeps you well within the rate limit for most use cases.
Webhooks
You can register webhook endpoints to receive real-time HTTP POST notifications when ticket events occur, such as creation, status changes, and comments. This removes the need to poll for changes.
Webhooks are managed in Company Settings → API → Webhooks or via the API. See Webhooks for setup, payload format, signature verification, and retry behaviour.
Error handling
The API uses standard HTTP status codes:
Status | Meaning |
| Success. |
| Resource created successfully. |
| Bad request. Check the request body or parameters. |
| Unauthorised. Token is missing, expired, or invalid. |
| Forbidden. Token doesn't have the required scope. |
| Resource not found (or belongs to a different company). |
| Validation error. Check the error details in the response body. |
| Rate limit exceeded. Back off and retry after the |
Getting started
Set up authentication. Create an OAuth application or generate an API token.
Explore the API. Browse the Core API reference to see available endpoints.
Set up webhooks if you need real-time notifications. See Webhooks.
Understand pagination. See Pagination for how to page through large result sets.
API reference: Core API documentation, including the full endpoint list with request/response schemas.