Complete Guide to USCIS Internal Case APIs
Everything you need to know about the internal APIs that power the myUSCIS website — for educational purposes.
What Is the USCIS Internal API?
The USCIS internal API is a set of HTTP endpoints hosted at my.uscis.gov that the myUSCIS web application uses to fetch and display your case information. When you log into your myUSCIS dashboard and view your case status, the website is making requests to these very same API endpoints behind the scenes.
These endpoints return data in JSON format — a structured, machine-readable format. This raw JSON often contains more detailed information than what the official dashboard displays, including internal status codes, processing timestamps, and event histories.
How Do They Work?
The process is straightforward:
- You log in at my.uscis.gov, which creates a session cookie in your browser.
- The website makes API calls to endpoints like
/api/cases/IOE1234567890using that session cookie. - The API returns JSON containing your case details — status, dates, form type, events, etc.
- The website renders this JSON as the formatted dashboard you see on screen.
Tools like CaseStatusAPI simply construct the direct URL to these endpoints, letting you see the raw JSON data that the website normally processes behind the scenes.
Why Login Is Required
These APIs use session-based authentication. When you log into myUSCIS, your browser receives a secure session cookie. Every API request must include this cookie — without it, the API returns an authentication error.
This is an important security feature: it means only you (the authenticated account holder) can access your case data through these endpoints. No one else can query your case using these APIs unless they are logged into your USCIS account.
Official vs. Unofficial
| Aspect | Official Case Tracker | Internal API |
|---|---|---|
| Intended audience | General public | myUSCIS web app (internal) |
| Documentation | Publicly documented | Not officially documented |
| Login required | No (receipt number only) | Yes (full myUSCIS login) |
| Detail level | Basic status + dates | Detailed: events, codes, timestamps |
| Data format | Styled HTML page | Raw JSON |
Common Misconceptions
"Is this a hack or data leak?"
No. The USCIS internal API is not a hack, exploit, or data leak. It is visible through standard browser developer tools (Network tab) and requires full authentication. Every major website uses internal APIs like this — it's how modern web applications work. You are simply viewing the raw data that your browser already has access to.
"Can someone else see my data?"
No. The API requires your personal session cookie, which is only available in the browser where you are logged in. No third party — including tools like CaseStatusAPI — ever receives your login credentials or session cookie. The data request happens entirely in your own browser.
"Will USCIS know I used this?"
The API requests are identical to the ones your browser makes when you view the myUSCIS dashboard. From USCIS's perspective, it looks the same as you visiting your case status page.
Known API Endpoints
The following endpoints have been observed through browser network inspection. All require an active myUSCIS session:
| Endpoint | Returns |
|---|---|
/api/cases/{id} | Case status, form type, dates, current status |
/api/receipt_info/{id} | Location data, service center assignment |
/api/case_status/{id} | Receipt notice details |
/api/cases/{id}/documents | Document history and attachments |
Risks and Limitations
- Unofficial endpoints: These APIs are not publicly documented by USCIS and may change or be removed without notice.
- IOE cases only: Currently, these endpoints only work reliably with receipt numbers beginning with "IOE" (the electronic filing system).
- No guarantees: Data accuracy depends on USCIS's internal systems. Discrepancies between the API and official notices may occur.
- Session expiry: Your login session expires after a period of inactivity. If the API returns an error, try logging into myUSCIS again.
- Rate limiting: Making too many requests in a short period may result in temporary blocks.
Frequently Asked Questions
What is the USCIS internal API?
The USCIS internal API is a session-based endpoint used by the myUSCIS website (my.uscis.gov) to load case details after you log in. It is the same data source that powers your official myUSCIS dashboard, but it returns raw JSON data instead of a formatted web page.
Is it safe to use?
Yes. You are accessing your own data through the same endpoints your browser already uses. No credentials are shared with third parties. The session cookie stays in your browser and is never transmitted externally.
Why does it only work with IOE receipt numbers?
IOE receipt numbers are assigned to cases processed through USCIS's Electronic Immigration System (ELIS). The internal APIs were built for this system. Older receipt prefixes like MSC, SRC, or LIN use different backend systems that do not expose the same API endpoints.
What data does the USCIS internal API return?
The API returns detailed case information including: current case status, form type, receipt number, processing dates, case history events, assigned service center, and internal status codes. This is often more detailed than what the official case tracker shows.
Can USCIS revoke access to these APIs?
Yes. Since these are internal, undocumented endpoints, USCIS can modify, restrict, or remove them at any time without notice. They are not bound by any public API contract.
Get Your AI-Powered Case Analysis
See internal USCIS data the regular tracker doesn't show — with a personalized AI breakdown of your case status, timeline, and next steps.
Starting at just $1.99$0.99 for an AI Analysis & Chat Pass.
Check Your Case Status →