Developers

Free IP Address API

A free JSON API for IP geolocation, ASN/ISP, reverse DNS, and DNSBL blacklist status. No API key, no sign-up, CORS enabled, IPv4 + IPv6. Neither your IP nor your queries are ever logged.

Endpoints

GET /api/ip

Echo your own IP: address, reverse DNS hostname, geolocation and ASN of the caller.

curl https://ipaddress.you/api/ip
GET /api/ip/{ip}

Look up any public IPv4 or IPv6 address: geolocation, ASN/ISP, network and reverse DNS. Invalid input returns 422.

curl https://ipaddress.you/api/ip/1.1.1.1
GET /api/blacklist/{ip}

Check an IPv4 address against 8 reputable DNSBLs (Spamhaus ZEN, SpamCop, Barracuda, DroneBL, PSBL, Mailspike, UCEPROTECT-1, s5h.net).

curl https://ipaddress.you/api/blacklist/8.8.8.8

Force IPv4 or IPv6

/api/ip echoes the address of whichever family your client connected with. To force a specific family (for example to test dual-stack connectivity), use the dedicated subdomains:

curl https://ipv4.ipaddress.you/api/ip   # always answers over IPv4
curl https://ipv6.ipaddress.you/api/ip   # always answers over IPv6

This is how the home page detects both of your addresses at once.

Example Response: IP Lookup

{
  "ip": "8.8.8.8",
  "version": 4,
  "host": "dns.google",
  "geo_asn": {
    "autonomous_system_number": 15169,
    "autonomous_system_organization": "GOOGLE",
    "ip_address": "8.8.8.8",
    "network": "8.8.8.0/24"
  },
  "geo_city": {
    "continent": { "code": "NA", "names": { "en": "North America" } },
    "country": { "iso_code": "US", "names": { "en": "United States" } },
    "location": { "latitude": 37.751, "longitude": -97.822,
                  "accuracy_radius": 1000, "time_zone": "America/Chicago" },
    "traits": { "ip_address": "8.8.8.8", "network": "8.8.8.0/24" }
  }
}

geo_city follows the GeoLite2 city model (continent, country, subdivisions, city, location with accuracy radius); names objects contain multiple locales (trimmed to en above), and fields that are unknown for an address are omitted entirely. Private and reserved addresses return null geo data.

Example Response: Blacklist Check

{
  "ip": "8.8.8.8",
  "checked": 8,
  "listed_count": 0,
  "clean": true,
  "results": [
    { "zone": "zen.spamhaus.org", "name": "Spamhaus ZEN",
      "status": "clean", "reason": null },
    { "zone": "bl.spamcop.net", "name": "SpamCop",
      "status": "clean", "reason": null }
  ]
}

status per list is listed, clean, or error (resolver failure, never counted as a listing). When a list returns a reason (TXT record), it is included.

Rate Limits & Fair Use

  • /api/ip: unlimited for normal use.
  • /api/ip/{ip}: 40 requests/minute per client.
  • /api/blacklist/{ip}: 10 requests/minute per client.

Exceeding a limit returns HTTP 429; back off and retry after a minute. All endpoints send Access-Control-Allow-Origin: *, so browser apps work without a proxy. If you need more, get in touch.

Privacy & Attribution

API queries are handled like every page on this site: nothing is logged or stored: not the caller's IP, not the addresses you look up. Geolocation runs against local databases, so queries never reach a third-party service. See the privacy policy.

This product includes GeoLite2 data created by MaxMind, available from maxmind.com.

Frequently Asked Questions

Do I need an API key?
No. All endpoints are open and require no registration, key, or token. Just send a GET request and you get JSON back.
What are the rate limits?
The IP echo endpoint (/api/ip) is unlimited for normal use. Lookups of arbitrary addresses (/api/ip/{ip}) are limited to 40 requests per minute per client, and blacklist checks (/api/blacklist/{ip}) to 10 per minute. Exceeding the limit returns HTTP 429.
Does the API support IPv6?
Yes, everywhere. /api/ip echoes whichever address family your request used, and you can force a family via https://ipv4.ipaddress.you/api/ip or https://ipv6.ipaddress.you/api/ip. Lookups accept both IPv4 and IPv6 addresses.
Can I call the API from a browser (CORS)?
Yes. All /api/ endpoints send Access-Control-Allow-Origin: *, so cross-origin requests from any website work out of the box.
Do you log API requests or the addresses I look up?
No. Like the rest of the site, the API never writes requester IPs or looked-up addresses to a log or database. Geolocation runs against local GeoLite2 databases, so queries are not forwarded to any third party.
Can I use the API in production or commercially?
Yes, within the rate limits and fair use. It is meant for real projects. Geolocation data comes from GeoLite2 (created by MaxMind), so redistribution of the data must respect the GeoLite2 license. If you need higher limits, get in touch via the about page.

Related Tools