U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

FAQs

Get the answers to frequently asked questions.

  • How do I get my Access Token?

    Your Access Token is granted when you successfully authorize your Developer App using OAuth 2.0 Authentication. By providing your Client Credentials, you can request for an Access Token by calling our OAuth Endpoint.

    For additional information please see "How to Get Access Tokens with Client Credentials".

  • How do I get my Client Credentials?

    Your Client Credentials otherwise known as Client Key and Client Secret, are revealed to you when you create a Developer App. For more information on this, please see more in "How do I Create an App?".

  • Can I make a batch submission?

    Our APIs only support individual submissions, but your client-facing side can support either batch or individual submissions. Just make sure you use the correct ID for each submission to ensure proper processing. 

  • What kind of API Products is USCIS offering?

    Currently USCIS is ONLY offering SandBox API Products for external integration testing. 

    The process for production access will be communicated through the Developer Portal when production products are available.

  • Security & PII considerations

    USCIS will only have access to the data you submit, which will be sent to the relevant system and stored there according to our security and privacy policies.

  • Are there SDKs?

    Not currently.

  • What languages are supported?

    Your front end application can be built with any language, as long as it can talk to REST APIs. 

  • How do API keys work? Can multiple accounts use one API key?

    A unique API Key is used for each front end application. Multiple developer accounts can use the same API key

  • What is the overall architecture and framework for how to use APIs with current applications?

    The architecture is a “pull” model—we provide REST endpoints. You must make a call to APIs to get information. For API-specific questions, please refer to API-specific documentation

  • How do developers manage access for multiple products?

    Once you register, you can manage multiple products from a single account.

  • I am a developer working with other developers. Should we share credentials?

    No. Only one account is required to gain sandbox access. Anyone who wants to receive updates about the API program can sign up for an account as well.

  • How do I support all of my environments with credentials?

    At this time, ONLY Sandbox products are planned.

    The same user account can be used for SandBox and Production (when applicable)

    You can add each environment as its own application in the SandBox API environment.

  • Who should create an account?

    Developers must create an account to be able to access our APIs. All communication, including support, is tied back to the organization’s domain. If you leave your current company, you must register again to affiliate a new company’s application with our APIs or receive API portal updates.

    USCIS controls access by assigning a unique user ID via email address. When a developer is no longer employed by their organization, companies are responsible for deleting developer email accounts. This prevents developers changing access to APIs.

    Anyone who wants to receive updates about our APIs can also sign up for an account.

  • Can an organization filing on behalf of an individual (schools, employment-based requests by in house counsel) use this?

    Yes.

  • Who are these API products for?

    USCIS APIs are for software development organizations who can comply with our Terms of Use and offer Section 508 compliant apps and websites with a suitable privacy policy.

    You do not need to have customers, but you will need to provide documentation of your policies. USCIS will complete due diligence to validate that your policies are compliant. If you market your software to external users, you must have a public website where these policies are posted for USCIS to complete due diligence.

  • Where can we find any reference data that USCIS wants us to use?

    USCIS has a public GitHub repo that will be used to share different types of information, including:

    • Reference Data
    • API Specifications
    • Onboarding Documents
    • KBAs

    Public GitHub Repo: https://github.com/USCIS/torch

  • What authentication protocol do you use?

    USCIS uses Industry Standard OAuth 2.0 - Client Credentials grant type to secure our APIs. 

    Each token expires after 30 minutes.

  • Why are you using REST?

    REST is simple, lightweight, scalable, and maps very well to representing and exposing data.

  • How can I lookup the available API Products?

    All APIs are listed under the API tab, or search for them by name in the search box.

     

  • What role does Developer App play in the access process?

    Developer App is what identifies your application to USCIS. Once you create a Developer App, you should be able to:

    • Retrieve OAuth Client Credentials
    • Request Access to Available API Products

    USCIS uses the identity to track developer engagement, which is used to determine access to Production API Products.