U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

New Developer Team App and Key Rotation Policies: For more information, see article Developer Teams and Developer Team Apps and API Key Management Policy

  1. Home

FAQs

Overview

USCIS APIs are for software development organizations incorporated within the United States, who can comply with our Terms of Use and offer Section 508 compliant apps and websites with a suitable privacy policy.

You do not need to have customers, but you will need to provide documentation of your policies. USCIS will complete due diligence to validate that your policies are compliant. 

If you market your software to external users, you must have a public website where these policies are posted for USCIS to complete due diligence.

All members of your company/organization who will require access to your API keys must create an account to be able to access our APIs. Sharing login credentials is prohibited and violates our Terms of Use.

More details on sharing your API keys available in API Keys Section of this FAQ.

Anyone from your organization can create a team. However, you should designate 1 person to reduce creating multiple teams.

If your company already has a team, see more in Developer Teams and Developer Team Apps on how to invite other team members to join the team.

Currently USCIS is offering RESTful APIs available in the following environments

  • Sandbox : for external integration testing in a staging environment.
  • Production: for external use, access to prod data granted when you pass your demo*

*for more information on how to request access, see Production Access Process

View our available APIs by visiting here.

The architecture is a “pull” model—we provide REST endpoints. You must make a request to our APIs to get information.

REST is simple, lightweight, scalable, and maps very well to represent and exposing data.

USCIS will only have access to the data you submit, which will be sent to the relevant system and stored there according to our security and privacy policies.

Our APIs only support individual submissions, but your client-facing side can support either batch or individual submissions. Just make sure you use the correct ID for each submission to ensure proper processing. Please also review our API Rate Limits and Throttling to avoid any errors.

 

API Keys

Developer Team Apps are associated to your API keys (aka Client Credentials) and identifies your application to USCIS. Once your Developer Team creates a Developer Team App, you should be able to:

  • Retrieve Client Credentials (Client ID and Client Secret)
  • Request Access to Available API Products

No. Sharing your login credentials or API keys is a violation of our Terms of Use. Anyone who requires access to your API keys must:

  • Register for an account 

  • Accept the invitation to your Developer Team

API keys are a unique pair of client credentials (Client ID and Client Secret). These keys are used to request an Oauth 2.0 access token. When validated, a token is granted and must be presented in your authorization headers  when making an API request from your front end application to any USCIS APIs

Your API keys are revealed to you when you create a Developer Team App or accept an invitation to view an existing Developer Team  App. 

Your Access Token is granted when you successfully authorize your Developer Term App using OAuth 2.0 Authentication. By providing your Client Credentials, you can request for an Access Token by calling our OAuth Endpoint.

For additional information please see "How to Get Access Tokens with Client Credentials".

The Try It Tool is a quick way to test the Sandbox APIs. You must have API keys approved to access  the Sandbox API Product in order for this to work.

For more details please see: "How to test an API in Sandbox - 'Try It Authorize' Feature"

Production API keys are granted to developers who successfully pass and meet our demo requirements. During this review, USCIS will evaluate your system’s back-end architecture. 

USCIS will accept requests for additional keys only if the back-end architecture of the new application operates independently from other implementations previously granted production access. These requests are subject to our normal demo requirements for production access.

 

Developer Team and Developer Team App Migration

Migration begins November 4th, 2025. Deadline to migrate is February 2nd, 2026

 

If you already have a developer team app, we will update your keys with a 90-day expiration. You will receive email notification of your upcoming rotation, and will be tasked to login to the portal, access the rotated keys and update them in your code.

  • Click on Teams > if you do not see a Team listed – you do not have a developer team created or assigned to your profile; this also means you do not have a developer team app.
  • If you have a team listed > Click on Team App > if you do not see a developer team app listed – you do not have a developer team app

  • Your existing keys will expire by Monday February 2nd, 2026.
  • Failure to update to your new API keys will result in 401 Unauthorized Errors, losing access to APIs.