πŸ‡ΊπŸ‡ΈAn official website of the United States government
FACTS Info
U.S. Department of State | USAID

Technical Standards

Updated API Security Standards for FACTS Info Integrations

2026-06-22 β€” FACTS Info Data Systems Division

Security Standards Update

The FACTS Info Data Systems Division has published updated API security standards for all third-party system integrations. These standards take effect September 1, 2026, and apply to all data exchanges between FACTS Info and agency information systems.

Key Requirements

  • Authentication: All API connections must use OAuth 2.0 with PKCE. Basic authentication is deprecated.
  • Encryption: TLS 1.3 required for all data in transit. TLS 1.2 accepted until December 2026.
  • Rate limiting: Standard tier: 100 requests/minute. Premium tier: 1,000 requests/minute (requires justification).
  • Audit logging: All API calls must be logged with timestamp, user identity, and action type. Logs retained 7 years per NARA requirements.

Migration Timeline

Agencies currently using legacy SOAP-based integrations must migrate to RESTful endpoints by December 31, 2026. The FACTS Info team will provide migration support and testing environments upon request.

Technical questions: factsinfosupport@state.gov