API Documentation

Integrate IP enrichment and threat intelligence into your applications with our free REST API.

Authentication

All API requests require authentication via an API key. Include your key in the X-API-Key header.

To obtain an API key, register for a free account and visit your profile page.

Rate Limits

All accounts start on the free tier. The default limits are:

Endpoint	Limit	Scope
API lookups	600 requests per hour	Per API key
Web lookups	30 requests per hour	Per IP address
Login attempts	10 attempts per hour	Per IP address

Need higher API limits? Registered users can request a limit increase from their profile page. Requests are reviewed and approved on a case-by-case basis.

Rate limit information is included in every API response via headers:

X-RateLimit-Limit: 600X-RateLimit-Remaining: 95

IP Lookup

Retrieve enrichment data, geolocation, ISP information, and threat assessment for any public IP address.

GET /api/v1/lookup?ip={address}

Request Parameters

Parameter	Type	Required	Description
ip	string	Yes	IPv4 or IPv6 address to look up

Example Request

curl -H "X-API-Key: your_api_key_here" \
     "https://ipinsights.io/api/v1/lookup?ip=8.8.8.8"

Example Response

{
  "success": true,
  "data": {
    "ip": "8.8.8.8",
    "ip_version": 4,
    "type": "ipv4",
    "country_code": "US",
    "country_name": "United States",
    "region_name": "California",
    "city": "Mountain View",
    "latitude": 37.4056,
    "longitude": -122.0775,
    "isp": "Google LLC",
    "org": "Google Public DNS",
    "as_number": "AS15169",
    "as_name": "GOOGLE",
    "is_tor": false,
    "is_proxy": false,
    "is_datacenter": true,
    "blacklists": [],
    "threat_assessment": {
      "score": 10,
      "level": "low",
      "reasons": ["Datacentre IP address"]
    }
  },
  "queried_at": "2026-02-20T12:00:00Z"
}

Response Fields

Field	Description
ip	Queried IP address
ip_version	IP version (4 or 6)
country_code	ISO 3166-1 alpha-2 country code
country_name	Country name
region_name	Region or state name
city	City name
latitude / longitude	Geographic coordinates
timezone	IANA timezone identifier
isp	Internet Service Provider
org	Organisation name
as_number / as_name	Autonomous System details
is_tor	Whether the IP is a known Tor exit node
is_proxy	Whether the IP is a known proxy/VPN
is_datacenter	Whether the IP belongs to a datacentre
blacklists	Array of blacklist entries (source, category, listed_at)
threat_assessment.score	Overall threat score (0–100)
threat_assessment.level	Risk level: low, medium, high, critical
threat_assessment.reasons	Array of reasons contributing to the score

ASN Lookup

Retrieve enrichment summary for an Autonomous System by AS number. Returns AS metadata, risk breakdown, blacklisted IP counts out of total IPs, and per-IP threat details.

GET /api/v1/lookup?asn={as_number}

Request Parameters

Parameter	Type	Required	Description
asn	string	Yes	AS number (e.g. "AS15169" or "15169")

Example Request

curl -H "X-API-Key: your_api_key_here" \
     "https://ipinsights.io/api/v1/lookup?asn=AS15169"

Example Response

{
  "success": true,
  "data": {
    "as_number": "AS15169",
    "as_name": "GOOGLE",
    "isp": "Google LLC",
    "org": "Google LLC",
    "total_ips": 42,
    "blacklisted_ips": 3,
    "risk_breakdown": {
      "low": 38, "medium": 2, "high": 1, "critical": 1
    },
    "risk_score": 12,
    "risk_level": "low",
    "ips": [
      {
        "ip": "8.8.8.8",
        "threat_score": 10,
        "level": "low",
        "is_blacklisted": false,
        "country_code": "US"
      }
    ]
  },
  "queried_at": "2026-02-20T12:00:00Z"
}

CIDR Lookup

Retrieve enrichment summary for an IPv4 CIDR block. Returns all known IPs within the range with threat and blacklist data. Prefix length must be between /8 and /32.

GET /api/v1/lookup?cidr={cidr_block}

Request Parameters

Parameter	Type	Required	Description
cidr	string	Yes	IPv4 CIDR block (e.g. "8.8.8.0/24")

Example Request

curl -H "X-API-Key: your_api_key_here" \
     "https://ipinsights.io/api/v1/lookup?cidr=8.8.8.0/24"

Example Response

{
  "success": true,
  "data": {
    "cidr": "8.8.8.0/24",
    "range_start": "8.8.8.0",
    "range_end": "8.8.8.255",
    "total_ips_in_db": 5,
    "blacklisted_ips": 1,
    "autonomous_systems": [
      { "as_number": "AS15169", "as_name": "GOOGLE" }
    ],
    "risk_breakdown": {
      "low": 4, "medium": 0, "high": 1, "critical": 0
    },
    "risk_score": 22,
    "risk_level": "low",
    "ips": [
      {
        "ip": "8.8.8.8",
        "threat_score": 10,
        "level": "low",
        "is_blacklisted": false,
        "as_number": "AS15169",
        "country_code": "US"
      }
    ]
  },
  "queried_at": "2026-02-20T12:00:00Z"
}

Error Codes

Code	Meaning
400	Invalid request (missing or malformed IP, ASN, or CIDR)
401	Missing or invalid API key
422	IP address is private or reserved
429	Rate limit exceeded
500	Internal server error