U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Sandbox

Sandbox Access to our APIs are granted during the Developer App or Developer Team App registration process. To access an APIs Sandbox, you must select that API product during the app registration process. 

API authentication is done with Access Tokens. Torch APIs are secured with Oauth 2.0 Authentication Policies. Client Credentials Grant Type is used to secure an access token by making a request to our Authentication URLs.

OAuth 2.0 Authentication URLS

EnvironmentSandboxProduction
URLhttps://api-int.uscis.gov/oauth/accesstokenProvided when granted Prod Access

Refer to the following support documentation to locate and utilize your Torch API Client Credentials, retrieve Access Tokens, and use our 'Try It" feature: 

Client Credentials are enabled for development and can be referenced as you build in your preferred programming language. You can reference the technical documentation located on our API Products Page

NOTE: To move forward with production access, we will require you send API traffic using mock dynamic data. The API Documentation will guide you on how to structure your payloads. 

For the demo, we require your application to handle all HTTPS Responses passed from our APIs. Our APIs will throw Error Messages in the JSON format below, as described in RFC-9457 Problem Details for HTTPS APIs . Your system must respond and recover from errors that may occur during execution. 

The error.message must be displayed on the front/backend of your application.

Error Format

{
                       "errors": 
                      [{
                                    "code": "ERROR_UNIQUE_CODE",
                                    "message": "ERROR_MESSAGE",
                                    "category" : "SHORT_DESCRIPTION/ERROR_CATEGORY",
                                    "reference" : "API_DOCUMENTATION_LINK",
                                    "status" : "HTTP_STATUS_CODE",
                                    "traceId" : "UUID"
                      }]}

Each API will have separate limitations in Sandbox and Production. The table below outlines each API's limitations. 

APIDaily QuotaTransactions Per Second 
(tps)
FOIA Request 
and Status API		Sandbox & Production
3,500 daily		Sandbox & Production: 
5 tps (1 request per 200 milliseconds)
Case Status API

Sandbox:
1,000 daily

Production:
150,000

Sandbox:
5 tps (1 request per 200 milliseconds)

Production:
10 tps (1 request per 100 milliseconds)

Please review the API Documentation by visiting our API Catalog. Conduct your API test directly from the page using our Try It Tool or by integrating our API endpoints with your application.