IP Security API
Overview
IP Security API provides detailed security information for a given IP address. It detects whether the IP is associated with a proxy, Tor node, or bot, and identifies the proxy type (e.g., VPN, PROXY, RELAY) along with its VPN/proxy service provider—making it a powerful VPN checker. The API also flags IPs involved in spam activities and checks if the IP is linked to a cloud provider, including the cloud provider’s name.
The IP Security API offers two endpoints for threat detection, supporting both single and bulk IP lookups.
apiKey parameter can be omitted.Single IP Security Lookup API
1.Lookup With IP
You can use the single IP lookup API to get security details of a given IP in both JSON and XML formats.The URL for this API is https://api.ipgeolocation.io/v2/security?apiKey=API_KEY&ip=2.56.188.34 and its default JSON response is shown below:
2.Lookup Without an IP
Without passing IP Address, API returns the security health details of the client device IP. You can perform this lookup using the following URL: https://api.ipgeolocation.io/v2/security?apiKey=API_KEY and its default JSON response is given below:
Parameters
You can use following parameters to customize the API response according to your requirements.
1.Including Data (include)
This parameter accepts multiple values: location, network, currency, time_zone, user_agent, country_metadata , hostname, liveHostname, hostnameFallbackLive
i.Combine IP Security with Geolocation
This parameter accepts two values: location and network . To retrieve security details along with geolocation data, set the include parameter to location like mentioned below. Note that the apiKey is also passed with query parameter for authorization. The response for this parameter appears below.
ii.Combine IP Security with Network Details
To retrieve security details along with AS Number and network information, set the include parameter to network like mentioned below. Note that the apiKey is also passed with query parameter for authorization. The response for this parameter appears below.
iii.Combine IP Security with Both Geolocation and Network details
For complete security insights, you can include both geolocation data and network information of an IP address. To do this, set the Include by separating them with a comma include=location,network like mentioned below. Note that the apiKey is also passed with query parameter for authorization. The response for these values given below:
iv.Combine IP Security with Timezone details
Get actual time zone of particular IP along with its proxy details. For this you have to put time_zone keyword in include parameter like mentioned below. Time zone details are combined with default response.
v.Combine IP Security with User Agent
Get the user agent of client device along with its proxy details. For this you have to provide user_agent keyword in include parameter like mentioned below. User agent information is merged with default response.
vi.Combine IP Security with Currency details
Get the currency of particular IP along with its proxy details. For this you have to put currency keyword in include parameter like mentioned below. Currency details are combined with default response.
vii.Combine IP Security with Country Metadata details
Get the country metadata of particular IP along with its proxy details. For this you have to put country_metadata keyword in include parameter like mentioned below. Country metadata details are combined with default response.
viii.Combine IP Security with Hostname
You can also retrieve the hostname associated with an IP address by providing one of the following values in the include parameter:
If the hostname cannot be resolved, the queried IP address will be returned in the hostname field.
- hostname – Queries only the latest local database.
- liveHostname – Performs a live hostname lookup only.
- hostnameFallbackLive – First checks the local database, then falls back to a live lookup if no result is found.
ix.Combine IP Security with all fields
To retrieve a complete and detailed response from the API, you need to explicitly include all of the following fields in the include parameter:
location, network, currency, time_zone, user_agent, country_metadata, hostname .
Each of these fields provides a specific layer of information, and combining them with security details ensures you receive the full scope of security data.
Here's how you can do it
2.Excluding Fields (excludes)
You can exclude specific fields from the API response based on your requirements, except for the ip field, which is always included. For example, If you want to remove is_tor and is_cloud_provider from api response, you can put the keys in excludes parameter like this:
3.Get Specific Fields (fields)
You can also retrieve only the specific fields you need from the geolocation and network details. To do this, use the fields parameter and specify the object and field names you want in the response. For example, if you only need threat_score , city and as_number in api response, you can put the keys in fields parameter, as demonstrated in the URL below. Please note that, to make this work, you need to include the objects that aren't included by default. If you're selecting specific fields from those objects (like location or network), make sure to include the full object first. Kindly refer to example given below:
Response in Multiple Languages
You can retrieve only the location information for an IP address from the IP Security API in any of these languages:
- English (en)
- German (de)
- Russian (ru)
- Japanese (ja)
- French (fr)
- Chinese Simplified (cn)
- Spanish (es)
- Czech (cs)
- Italian (it)
- Korean (ko)
- Persian (fa)
- Portuguese (pt)
By default, the API responds in English. You can change the response language by passing the language code as a query parameter lang Here is an example to get the geolocation data for IP adderss '2.56.188.34' in Chinese language:
Bulk IP Security Lookup API
The Bulk IP Security Lookup API allows you to retrieve security details for up to 50,000 IP addresses in a single request . It supports the same customization parameters as the Single IP Security Lookup API, enabling you to tailor the response to your needs. You can find the API endpoint and a sample JSON response below.
Reference to IP Security API Response
Below, we provide separate tables for each JSON object in the response, listing all possible fields available across the security endpoint.
1.Standalone fields reference
| Field | Type | Description | Can be empty? |
|---|---|---|---|
| ip | string | IP address that is used to lookup security information. | No |
| hostname | string | Hostname of the IP address used to query IP Security API. | No |
2. security json object reference
| Field | Type | Description | Can be empty? |
|---|---|---|---|
| threat_score | number | IP address’ threat score. It ranges from 0 to 100. 100 indicates highest threat and vice versa for lower score. | No |
| is_tor | boolean | Indicates if the IP address is being consumed on a Tor endpoint. | No |
| is_proxy | boolean | Indicates if the IP address belongs to a proxy network. | No |
| proxy_type | string | Type of the proxy network if the IP address belongs to a proxy network. | Yes |
| proxy_provider | string | Name of the proxy provider, if the IP address belongs to a proxy network. | Yes |
| is_anonymous | boolean | Indicates if the IP address is being used anonymously. | No |
| is_known_attacker | boolean | Indicates if the IP address is enlisted as an attacking IP address. | No |
| is_spam | boolean | Indicates if the IP address is enlisted as a spam IP address. | No |
| is_bot | boolean | Indicates if the IP address is enlisted as a bot IP address. | No |
| is_cloud_provider | boolean | Indicates if the IP address belongs to a cloud provider (computing infrastructure providers). | No |
| cloud_provider | boolean | Name of the Cloud Provider, if the IP address belongs to a cloud provider. | Yes |
3. location json object reference
| Field | Type | Description | Can be empty? |
|---|---|---|---|
| continent_code | string | 2-letter code of the continent. | No |
| continent_name | string | Name of the continent. | No |
| country_code2 | string | Country code (ISO 3166-1 alpha-2) of the country. | No |
| country_code3 | string | Country code (ISO 3166-1 alpha-3) of the country. | No |
| country_name | string | Name of the country. | No |
| country_name_official | string | Official name (ISO 3166) of the country. | No |
| country_capital | string | Name of the country’s capital. | No |
| state_prov | string | Name of the state/province/region. | Yes |
| state_code | string | Code of the state/province/region. | Yes |
| district | string | Name of the district or county. | Yes |
| city | string | Name of the city. | Yes |
| zipcode | string | ZIP/Postal code of the place. | Yes |
| latitude | string | Latitude of the place. | No |
| longitude | string | Longitude of the place. | No |
| is_eu | boolean | Is the country belong to European Union? | No |
| country_flag | string | URL to get the country flag. | No |
| geoname_id | string | Geoname ID of the place from geonames.org | Yes |
| country_emoji | string | Emoji of the Country flag. | Yes |
4. network json object reference
| Field | Type | Description | Can be empty? |
|---|---|---|---|
| asn.as_number | string | Autonomous system number of the autonomous system, to which IP address belongs to. | Yes |
| asn.organization | string | Legal Full Name of AS organization holding the IP address. | Yes |
| asn.country | string | Name of the country, ASN is residing. | Yes |
| company.name | string | Name of the company/ISP holding the IP address. | No |
5. currency json object reference
| Field | Type | Description | Can be empty? |
|---|---|---|---|
| code | string | Currency code (ISO 4217). | No |
| name | string | Currency name (ISO 4217). | No |
| symbol | string | Currency symbol. | No |
6. country_metadata json object reference
| Field | Type | Description | Can be empty? |
|---|---|---|---|
| calling_code | string | Calling code/Dialing code of the country. | No |
| tld | string | Top Level Domain Name (TLD) of the country, which is also called ccTLD. | No |
| languages | list of strings | List of the languages’ codes, spoken in the country. | No |
7. time_zone json object reference
| Field | Type | Description | Can be empty? |
|---|---|---|---|
| name | string | Name (ISO 8601) of the time zone. | No |
| offset | number | Time zone offset from UTC. | No |
| offset_with_dst | number | Time zone with DST offset from UTC. | No |
| current_time | string | Current time in ‘yyyy-MM-dd HH:mm:ss.SSS±ZZZ’ format. | No |
| current_time_unix | float | Current time in seconds since 1970. | No |
| is_dst | boolean | Is the time zone in daylight savings? | No |
| dst_savings | number | Total daylight savings. | No |
| dst_exists | boolean | Indicates whether Daylight Saving Time (DST) is observed in the region. If | No |
| dst_start.utc_time | string | The date and time in UTC when DST begins. | No |
| dst_start.duration | string | The time change that occurs when DST starts. | No |
| dst_start.gap | boolean | Is there a gap when the clocks jump forward or not. | No |
| dst_start.date_time_after | string | The local date and time that immediately follows the start of DST. | No |
| dst_start.date_time_before | string | The local date and time immediately before DST begins. | No |
| dst_start.overlap | boolean | Whether there is an overlap of time due to clocks being set back when DST starts. | No |
| dst_end.utc_time | string | The date and time in UTC when DST ends. | No |
| dst_end.duration | string | The time change that occurs when DST ends. | No |
| dst_end.gap | boolean | Is there a gap when the clocks jump backward or not. | No |
| dst_end.date_time_after | string | The local date and time that immediately follows the ends of DST. | No |
| dst_end.date_time_before | string | The local date and time immediately before DST ends. | No |
| dst_end.overlap | boolean | Whether there is an overlap of time due to clocks being set back when DST ends. | No |
8. user_agent json object reference
| Field | Type | Description | Can be empty? |
|---|---|---|---|
| user_agent_string | string | User-Agent string passed along with the query in the 'User-Agent' header. | No |
| name | string | User-Agent Name. | No |
| type | string | User-Agent Class. | No |
| version | string | User-Agent Version. | No |
| version_major | string | User-Agent Version Major. | No |
| device.name | string | Device Name. | No |
| device.type | string | Device Type. | No |
| device.brand | string | Device Brand. | No |
| device.cpu | string | Device CPU Model. | No |
| engine.name | string | Layout Engine Name | No |
| engine.type | string | Layout Engine Class | No |
| engine.version | string | Layout Engine Version. | No |
| engine.version_major | string | Layout Engine Version Major. | No |
| operating_system.name | string | Operating System Name. | No |
| operating_system.type | string | Operating System Class. | No |
| operating_system.version | string | Operating System Version. | No |
| operating_system.version_major | string | Operating System Version Major. | No |
| operating_system.build | string | Operating System Version Major. | No |
Error Codes
IP Security API returns HTTP status code 200 for a successful API request along with the response.
While, in case of a bad or invalid request, IP Security API returns 4xx HTTP status code along with a descriptive message explaining the reason for the error.
Below is a detailed explanation of the specific HTTP status codes and their corresponding error conditions:
| HTTP Status | Description |
|---|---|
| 400 Bad Request | It is returned for one of the following reasons:
|
| 401 Unauthorized | It is returned for one of the following reasons:
|
| 404 Not Found | It is returned for one of the following reasons:
|
| 405 Method Not Allowed |
|
| 413 Content Too Large |
|
| 415 Unsupported Media Type |
|
| 423 Locked |
|
| 429 Too Many Requests | It is returned for one of the following reasons:
|
| 499 Client Closed Request |
|
| 5XX Server Side Error |
|
API SDKs
To facilitate the developers, we have added some SDKs for various programming languages. The detailed documentation on how to use these SDKs is available in the respective SDK's documentation page linked below.
Our SDKs are also available on Github. Feel free to help us improve them. Following are the available SDKs:
Frequently Asked Questions
- Proxy: Routes traffic via an intermediate server.
- VPN: Adds encryption and hides your activity.
- TOR: Bounces traffic through multiple nodes.
You can access our comprehensive and accurate VPN database through our Databases
Yes, we provide latest sample VPN/Proxy data for users to evaluate quality and observe it's structure. You can refer to Security DB Docs.
You can check if particular IP is VPN or proxy by simply making request to the endpoint: Refer to the above documentation.