CMiC API

What is CMiC?

CMiC is a construction-focused enterprise resource planning (ERP) platform serving general contractors, subcontractors, and civil/heavy-highway firms. Built on a single-database architecture, CMiC unifies financials, project management, human capital, and field operations so that accounting, project controls, and operations all draw from one source of record. The company reports that 25% of ENR's top 400 contractors run CMiC, managing roughly $100B of construction revenue annually.

Core product areas include:

• Construction Financials (accounting, project controls, equipment/inventory, opportunity management, payroll/HCM)
• Project Management (project controls, drawing/document management, pre-qualification, procurement, quality, safety)
• Workflow (process automation across modules)
• Analytics (data insights and reporting)
• NEXUS (AI-powered construction ERP layer that automates workflows and surfaces data-driven decisions)

Common data entities:

• Projects, Jobs, Job Billing Groups, Project Controls
• Business Partners, Vendors, Subcontractors, Competitors
• Contracts, Change Orders, Purchase Orders, Material Sale Orders
• GL Documents, Vouchers, Invoices, Payments, Pay Deductions
• Work Orders, Assets, Preventative Maintenance records
• Imaging Documents, PM Attachments, ECM/Workflow items

The CMiC Integration Challenge

Contractors run mission-critical workloads on CMiC every day, but turning its module-driven workflows into clean API-driven automation is non-trivial:

• OAuth 2.0 transition and IdP dependency: CMiC is moving from Basic Auth to OAuth 2.0 client-credentials through external identity providers (Azure AD, Okta, Google), so headless integrations must handle JWT tokens, client IDs/secrets, and per-IdP quirks
• Service-account provisioning: API access requires creating and verifying a dedicated CMiC user, plus SSL-certificate validation for integration service accounts before any call succeeds
• Role-based endpoint security: Application-level RBAC restricts each account to specific endpoints, and responses respect company, job, project, and employee security rules—so what you can read varies by role configuration
• Module sprawl: Financials, Project Controls, HCM, Materials, Asset, Opportunity, and ECM/Workflow each expose their own object models and IDs across the open API catalogue
• Single-database coupling: Because financials and operations share one database, writes carry cross-module side effects that must be sequenced carefully to avoid breaking project or GL integrity
• Document and imaging workflows: Drawings, vouchers, PM attachments, and imaging documents need careful upload/download and ECM-aware handling rather than simple field updates

How Supergood Creates CMiC APIs

Supergood reverse-engineers authenticated CMiC sessions and the open API catalogue to deliver a resilient API layer for your CMiC instance—across Financials, Project Management, HCM, Materials, and Asset modules. You integrate once against normalized objects instead of wiring each module's endpoint and security model by hand.

• Handles Basic Auth and OAuth 2.0 client-credentials via Azure AD, Okta, or Google, managing JWT tokens and secrets securely
• Provisions and maintains API service accounts, including SSL-certificate validation and credential rotation
• Normalizes responses across projects, contracts, vendors, GL documents, and work orders so downstream systems rely on consistent objects
• Respects CMiC's role-based and company/job/project-level security so the API only surfaces what your account is entitled to

Use CMiC with AI agents: CMiC MCP Server →

Getting Started

• Schedule Integration Assessment

Book a 30-minute session to confirm your modules, authentication model, and service-account setup.

• Supergood Generates and Validates Your API

We deliver a production-ready CMiC adapter tailored to your instance configuration and role-based entitlements.

• Deploy with Monitoring

Go live with continuous monitoring and automatic adjustments as CMiC evolves.