Build with the IPBot API
Everything you need to call the API: endpoints, evidence fields, data status, and error codes. Anonymous access works out of the box, and free API keys unlock higher limits.
{
"ip": "203.0.113.1",
"stack": "ipv4",
"location": {
"country": "United States",
"country_code": "US",
"region": "California",
"city": "San Francisco",
"timezone": "-08:00"
},
"network": {
"asn": "AS15169",
"org": "Example ISP Inc.",
"category": "residential",
"operator": "Example ISP",
"operator_type": "isp",
"owner": "Example ISP Inc.",
"allocation": {
"cidr": "203.0.113.0/24",
"range": "203.0.113.0 - 203.0.113.255",
"registry": "arin",
"country": "US"
}
},
"routing": {
"origin_asn": "AS15169",
"prefix": "203.0.113.0/24",
"rpki_status": "unknown",
"confidence": "low",
"origin_conflict": false
},
"score": {
"ip_score": 60,
"risk_score": 40,
"band": "fair",
"verdict": "monitor",
"recommended_action": "rate_limit"
},
"classification": {
"usage_type": "vpn",
"is_datacenter": false,
"is_proxy": true,
"is_privacy_relay": false,
"is_known_crawler": false,
"is_verified_crawler": false,
"is_mobile": false,
"proxy_type": "vpn",
"confidence": "medium",
"traits": ["proxy", "vpn"],
"threat_level": "Low"
},
"evidence": {
"signals": [
{
"category": "privacy",
"label": "VPN",
"severity": "medium",
"confidence": "medium",
"description": "This IP is associated with VPN traffic."
}
]
}
} /v1/ip/current Auto-detect the caller IP with v1 schema. Supports fields projection and Pro RDAP include.
curl -s "https://api.ipbot.com/v1/ip/current?fields=ip,location,score" | jq /v1/ip/{ip} Lookup a specific IPv4 or IPv6 address with v1 schema. Supports fields projection and Pro RDAP include.
curl -s "https://api.ipbot.com/v1/ip/8.8.8.8?fields=ip,network,score" | jq /v1/assessment Dual-stack assessment; supports ?ipv4= and ?ipv6=.
curl -s "https://api.ipbot.com/v1/assessment?ipv4=8.8.8.8&ipv6=2001:4860:4860::8888" | jq Base URL
All endpoints return JSON and include CORS headers.
https://api.ipbot.com Authentication
Anonymous access is supported with a baseline rate limit. Use an API key to raise your throughput. Pro-only fields require an authenticated Pro API key.
X-API-Key: ipb_free_REPLACE_ME V1 Lookup Parameters
GET /v1/ip/current and GET /v1/ip/{ip} support response projection.
Legacy routes and /v1/assessment keep their existing response shape.
| Parameter | Required | Description |
|---|---|---|
fields | No |
Comma-separated top-level response fields: ip, stack, location, network, routing, score, classification, evidence.
With Pro RDAP enabled, rdap can also be projected.
|
include | No |
Optional include list. include=rdap_contacts is Pro-only and adds normalized RDAP registration/contact data.
|
Field Projection
fields trims the canonical v1 response. It does not create a new schema or rename nested fields.
curl -s "https://api.ipbot.com/v1/ip/8.8.8.8?fields=ip,location,score" | jq {
"ip": "8.8.8.8",
"location": {
"country": "United States",
"country_code": "US",
"region": "California",
"city": "Mountain View",
"timezone": "-07:00"
},
"score": {
"ip_score": 85,
"risk_score": 15,
"band": "good",
"verdict": "allow",
"recommended_action": "allow"
}
} Pro RDAP Contacts
Free and anonymous responses never expose RDAP contact emails, phones, addresses, person records,
raw RDAP JSON, or raw WHOIS text. Pro keys can request the normalized object explicitly.
After the include is accepted, use fields=rdap to return only the RDAP object.
curl -s "https://api.ipbot.com/v1/ip/8.8.8.8?include=rdap_contacts&fields=ip,rdap" \
-H "X-API-Key: $IPBOT_PRO_API_KEY" | jq {
"ip": "8.8.8.8",
"rdap": {
"available": true,
"network": {
"handle": "NET-8-8-8-0-1",
"name": "GOGL",
"registry": "arin",
"registered_owner": "Google LLC",
"allocation": {
"cidr": "8.8.8.0/24",
"range": "8.8.8.0 - 8.8.8.255",
"registry": "arin",
"country": "US"
}
},
"contacts": [
{
"handle": "GOGL",
"roles": ["registrant"],
"name": "Google LLC",
"organization": "Google LLC",
"phones": ["+1-555-0100"]
},
{
"roles": ["abuse"],
"name": "Google Abuse",
"emails": ["abuse@example.com"]
}
]
}
}
Without a Pro key, include=rdap_contacts returns 403 PRO_REQUIRED.
Unknown include names return 400 INVALID_INCLUDE. Empty or unknown fields return
400 INVALID_FIELDS.
{
"error": "RDAP contacts require a Pro API key",
"code": "PRO_REQUIRED",
"details": {
"include": "rdap_contacts",
"allowed_includes": ["rdap_contacts"]
}
} Evidence Fields
IPBot returns product-level IP intelligence: network category, classification confidence, verdict, recommended action, and structured signals. Internal source and version details are not part of the public response contract.
proxy_type, is_proxy, is_vpn, is_tor, and is_privacy_relay describe public classifications without exposing the underlying data vendor.
evidence.signals contains stable labels, categories, severities, confidence, and short explanations suitable for product UI.
is_known_crawler comes from official ranges, including supported search crawler feeds, and avoids generic bot-UA over-scoring. is_verified_crawler, crawler_verified_by, and crawler_hostname are present only after DNS verification or supported range + user-agent verification succeeds.
network.routability, is_special_use, and is_bogon explain private, reserved, documentation, dynamic full-bogon, and other non-global address states without exposing raw source names.
network.category, operator_type, and service_name may include provider-declared content, network service provider, webhook, messaging, or crawler infrastructure context.
/v1/data/status reports public service and capability readiness. Detailed source readiness is reserved for internal operations.
network.owner and network.allocation come from normalized RDAP ownership data when available. Full RDAP contacts only appear in Pro responses after include=rdap_contacts.
Endpoints
| Method | Path | Description |
|---|---|---|
| GET | /v1/ip/current | Auto-detect the caller IP with v1 schema. Supports fields projection and Pro RDAP include. |
| GET | /v1/ip/{ip} | Lookup a specific IPv4 or IPv6 address with v1 schema. Supports fields projection and Pro RDAP include. |
| GET | /v1/assessment | Dual-stack assessment; supports ?ipv4= and ?ipv6=. |
| GET | /v1/data/status | Public service status and high-level intelligence capabilities. |
| GET | / | Legacy auto-detect endpoint (compatible). |
| GET | /{ip} | Legacy lookup endpoint (compatible). |
| GET | /asn/{asn} | Lookup ASN details with enriched insights. |
| GET | /health | Health check endpoint for liveness and readiness. |
| GET | /metrics | Operator-only Prometheus metrics for HTTP traffic and operational coverage counters. |
| POST | /reload | Admin-only: reloads runtime rules and intelligence data. |
| GET | /auth/github | Initiates GitHub OAuth flow for authentication. |
| GET | /auth/me | Returns current authenticated user profile. |
| GET | /auth/tiers | Returns tier limits and current tier context. |
| POST | /auth/logout | Clears the session and logs out the user. |
| GET | /auth/keys | Lists all API keys for the authenticated user. |
| POST | /auth/keys | Creates a new API key. |
| DELETE | /auth/keys/{id} | Revokes an API key immediately. |
| GET | /auth/usage | Returns request usage summary by API key. |
Error Responses
All errors follow a consistent JSON format.
{
"error": "Invalid IP address format",
"code": "INVALID_IP",
"details": {
"provided": "invalid-ip"
}
} | Code | HTTP | Description |
|---|---|---|
| INVALID_IP | 400 | Malformed or invalid IP address. |
| INVALID_FIELDS | 400 | The fields projection is empty or contains unknown fields. |
| INVALID_INCLUDE | 400 | The include parameter contains an unsupported include name. |
| INVALID_ASN | 400 | Malformed or invalid ASN format. |
| NO_CLIENT_IP | 400 | Unable to determine client IP. |
| UNAUTHORIZED | 401 | Authentication required. |
| INVALID_API_KEY | 401 | The API key is invalid or revoked. |
| FORBIDDEN | 403 | Access denied for admin routes. |
| PRO_REQUIRED | 403 | The requested include, such as rdap_contacts, requires a Pro API key. |
| NOT_FOUND | 404 | Endpoint or resource does not exist. |
| RATE_LIMITED | 429 | Rate limit exceeded. |
| INTERNAL_ERROR | 500 | Unexpected server error. |
| AUTH_DISABLED | 503 | Authentication not configured. |