Technical Standards
Updated API Security Standards for FACTS Info Integrations
2026-06-22 β FACTS Info Data Systems Division
Security Standards Update
The FACTS Info Data Systems Division has published updated API security standards for all third-party system integrations. These standards take effect September 1, 2026, and apply to all data exchanges between FACTS Info and agency information systems.
Key Requirements
- Authentication: All API connections must use OAuth 2.0 with PKCE. Basic authentication is deprecated.
- Encryption: TLS 1.3 required for all data in transit. TLS 1.2 accepted until December 2026.
- Rate limiting: Standard tier: 100 requests/minute. Premium tier: 1,000 requests/minute (requires justification).
- Audit logging: All API calls must be logged with timestamp, user identity, and action type. Logs retained 7 years per NARA requirements.
Migration Timeline
Agencies currently using legacy SOAP-based integrations must migrate to RESTful endpoints by December 31, 2026. The FACTS Info team will provide migration support and testing environments upon request.
Technical questions: factsinfosupport@state.gov