Free IP Geolocation APIs
There are several free IP geolocation APIs available. This comparison focuses on product trade-offs that matter for developers: authentication, browser use, response shape, rate limits, and whether the API includes security-oriented IP intelligence.
Quick Comparison
Section titled “Quick Comparison”| Service | Free Limit | API Key Required | Browser CORS | Risk / Security Signals | Self-Host |
|---|---|---|---|---|---|
| IPBot | 60 req/min anonymous, 200 req/min free key | No for anonymous | Yes | Yes, evidence-first score/classification/signals | Yes |
| IP-API.com | 45 req/min | No | Limited by plan / endpoint | Proxy fields are paid-oriented | No |
| ipapi.co | 1,000/day | No for basic use | Yes | No dedicated risk model | No |
| ipwhois.io | 60 req/min free endpoint | No | No on free endpoint | Security data is paid-plan only | No |
| ipgeolocation.io | Low monthly free tier | Yes | Plan-dependent | Security fields are paid-oriented | No |
| Cloudflare trace | No standalone public quota promise | No | Same-origin/edge context | No | No |
Detailed Comparison
Section titled “Detailed Comparison”URL: https://api.ipbot.com
Free access:
- Anonymous access at 60 req/min.
- Free API key tier at 200 req/min.
- CORS is supported for browser-facing demos and frontend tools.
- Rate-limit headers are exposed so clients can back off predictably.
Best for: Applications that need geolocation plus explainable risk scoring, proxy/datacenter/crawler flags, and a stable public response contract.
IP-API.com
Section titled “IP-API.com”URL: http://ip-api.com/json/{ip}
Free access:
- 45 requests per minute on the public endpoint.
- HTTPS and higher-volume/commercial use are plan-sensitive.
Best for: Low-volume server-side geolocation where a simple response is enough.
ipapi.co
Section titled “ipapi.co”URL: https://ipapi.co/{ip}/json/
Free access:
- Public docs advertise a small daily free allocation.
- Extended usage and support are plan-sensitive.
Best for: Geolocation plus country/timezone/currency-style enrichment when security scoring is not the main need.
ipwhois.io
Section titled “ipwhois.io”URL: https://ipwho.is/{ip}
Free access:
- Official docs describe the free endpoint as no signup, no API key, and 60 requests per minute.
- The free endpoint is server-to-server only; CORS is not supported on the free endpoint.
- Bulk lookup, browser CORS, currency data, security data, usage analytics, SLA, and priority routing are positioned as paid-plan capabilities.
Developer-experience ideas worth borrowing:
- Official client libraries across several languages.
- A
fieldsquery parameter for response projection. - Clear separation between free server-to-server usage and paid production features.
Best for: Server-side geolocation with a broad country metadata response and a clear paid upgrade path.
ipgeolocation.io
Section titled “ipgeolocation.io”URL: https://api.ipgeolocation.io/ipgeo?ip={ip}
Free access:
- API key required.
- Free usage is monthly quota based.
Best for: Projects that specifically need timezone, currency, or extended country metadata and can manage API keys from day one.
Cloudflare Trace
Section titled “Cloudflare Trace”URL: https://1.1.1.1/cdn-cgi/trace
Free access:
- Useful for simple country/network hints in Cloudflare-adjacent environments.
- Not a full geolocation or IP reputation API.
Best for: Cloudflare Workers or debugging flows that only need coarse request context.
Feature Matrix
Section titled “Feature Matrix”| Feature | IPBot | IP-API | ipapi.co | ipwhois.io | ipgeolocation |
|---|---|---|---|---|---|
| Country / region / city | Yes | Yes | Yes | Yes | Yes |
| Coordinates / timezone | Yes | Yes | Yes | Yes | Yes |
| ASN / organization | Yes | Yes | Yes | Yes | Yes |
| Field projection | Yes | Yes, via fields list | Provider-specific | Yes | Provider-specific |
| Browser CORS on free tier | Yes | Limited | Yes | No | Plan-dependent |
| No key option | Yes | Yes | Yes for basic use | Yes | No |
| Rate-limit headers | Yes | Provider-specific | Provider-specific | Retry-After on 429 | Provider-specific |
| Evidence-first risk score | Yes | No | No | Paid security fields | Paid security fields |
| Proxy / VPN / Tor signals | Yes | Paid-oriented | No dedicated risk model | Paid security fields | Paid security fields |
| Self-host option | Yes | No | No | No | No |
When to Use Each Service
Section titled “When to Use Each Service”Use IPBot when you need a free developer path, browser-friendly CORS, rate-limit transparency, and security-oriented IP intelligence in the same response.
Use IP-API.com when you need simple low-volume geolocation and can accept its protocol and commercial-use constraints.
Use ipapi.co when currency or country metadata matters more than reputation scoring.
Use ipwhois.io when you want broad country metadata and server-side free usage, or when its paid production package fits your CORS, bulk, security-data, and SLA needs.
Use ipgeolocation.io when you can manage API keys up front and need its extended timezone/device/country metadata.
Use Cloudflare trace when you only need coarse request hints inside Cloudflare-adjacent infrastructure.