IP Reputation API
Real-Time Scores for Any IP.
Check any IPv4 or IPv6 address reputation in real time. Combines VPN, proxy, Tor, datacenter, spam, and abuse intelligence into a single 0–100 score.
How IP Reputation Is Calculated
When you check IP reputation with ip-api.io, six threat intelligence signals are evaluated in real time and weighted into a single 0–100 score. Higher combined weight means worse reputation and greater risk.
Anonymisation Detection
Identifies HTTP/HTTPS/SOCKS proxies, commercial VPN endpoints, and Tor exit nodes — the primary tools used to mask identity. These three signals carry the highest risk weights (0.25 each) because anonymised traffic is strongly correlated with abuse.
Network Classification
Flags IPs hosted in AWS, GCP, Azure, and other cloud or datacenter providers. Datacenter IPs contribute a medium weight (0.1) since they are commonly used by legitimate services but are also disproportionately associated with bots and scrapers.
Abuse History & IP Blacklist Check
Runs a live IP abuse check across threat intelligence feeds covering spam campaigns, botnet C&C servers, malware distribution, and reported abuse activity — equivalent to an IP blacklist check against multiple block lists simultaneously. Spam history contributes 0.05 and broader threat/suspicious signals contribute up to 0.25 each.
API Documentation & Code Examples
One endpoint, one consistent JSON score. Integrate IP reputation checks into any signup, checkout, or security pipeline in minutes.
GET /api/v1/ip-reputation/{ip}?api_key={key}
# IP reputation score
curl "https://ip-api.io/api/v1/ip-reputation/185.220.101.45?api_key=YOUR_API_KEY"
{
"score": 0.75,
"risk_level": "HIGH",
"ip": "185.220.101.45",
"factors": {
"ip_factors": {
"is_proxy": false,
"is_tor_node": true,
"is_spam": true,
"is_vpn": false,
"is_datacenter": true,
"is_suspicious": true
}
}
}
GET /api/v1/ip-reputation/{ip}?api_key={key}
async function checkIpReputation(ip) {
const res = await fetch(
`https://ip-api.io/api/v1/ip-reputation/${ip}?api_key=YOUR_API_KEY`
);
const data = await res.json();
console.log(data.score); // 0.75
console.log(data.risk_level); // "HIGH"
return data;
}
{
"score": 0.75,
"risk_level": "HIGH",
"ip": "185.220.101.45",
"factors": {
"ip_factors": {
"is_proxy": false,
"is_tor_node": true,
"is_spam": true,
"is_vpn": false,
"is_datacenter": true,
"is_suspicious": true
}
}
}
GET /api/v1/ip-reputation/{ip}?api_key={key}
import requests
res = requests.get(
"https://ip-api.io/api/v1/ip-reputation/185.220.101.45",
params={"api_key": "YOUR_API_KEY"}
)
data = res.json()
print(data["score"]) # 0.75
print(data["risk_level"]) # "HIGH"
{
"score": 0.75,
"risk_level": "HIGH",
"ip": "185.220.101.45",
"factors": {
"ip_factors": {
"is_proxy": false,
"is_tor_node": true,
"is_spam": true,
"is_vpn": false,
"is_datacenter": true,
"is_suspicious": true
}
}
}
Built for Every Security Workflow
IP reputation data is a foundational signal in modern security and anti-abuse workflows.
Fraud Prevention
Block high-risk IPs at signup, login, and checkout. Use risk_level: HIGH or VERY_HIGH as an automatic block threshold and MEDIUM as a CAPTCHA or step-up authentication trigger.
Content Filtering
Restrict access to region-locked, age-gated, or copyrighted content from anonymising proxies and VPNs. The is_proxy and is_vpn signals give you precise per-request control.
Abuse Investigation
Look up the reputation of IPs found in server logs, abuse reports, or security incidents. The full signal breakdown tells you exactly why an IP has a poor reputation and helps prioritise your response.
Security Automation
Integrate the IP Reputation API into WAF rules, SIEM pipelines, and rate-limiting middleware. A single GET request returns all signals you need to automate block/allow decisions at any scale.
IP Reputation Check — FAQs
Common questions about IP reputation scores and the ip-api.io Reputation API.
What is an IP reputation score?
An IP reputation score is a numeric value, typically expressed on a 0–100 scale, that indicates how trustworthy an IP address is based on its history and current characteristics. A score near 0 means very low risk; a score near 100 means very high risk. Scores are derived from threat feeds, abuse reports, and signals such as VPN, proxy, Tor, and datacenter usage.
How is an IP reputation score calculated?
ip-api.io calculates the reputation score by checking six IP signals — proxy detection, VPN detection, Tor node membership, datacenter hosting, spam/abuse history, and suspicious activity patterns — and weighting them into a composite score between 0.0 and 1.0 (displayed as 0–100). Each signal contributes a weighted risk_contribution, and the final score maps to a risk_level of VERY_LOW, LOW, MEDIUM, HIGH, or VERY_HIGH.
What is considered a bad IP reputation score?
Scores above 60 (HIGH or VERY_HIGH risk level) are generally considered poor reputation and warrant blocking or heightened scrutiny. Scores between 40 and 60 (MEDIUM) suggest caution — consider requiring additional verification such as CAPTCHA or email confirmation. Scores below 40 (LOW or VERY_LOW) represent good reputation.
Can I improve my IP's reputation score?
Yes. The most common causes of a poor reputation score are being listed in spam or abuse databases, routing traffic through shared VPN or proxy servers, or hosting on datacenter infrastructure used for abuse. Removing your IP from blacklists, switching to a residential or dedicated ISP, and ceasing abusive activity will improve your score over time as threat feeds refresh — typically within 24 to 72 hours.
How often does the IP reputation data update?
ip-api.io refreshes its threat intelligence feeds continuously. Most signals — VPN and proxy lists, Tor exit node consensus, and spam databases — update in real time or near-real time. Full re-scoring of a given IP address typically reflects changes within 24 hours.
Is an IP reputation score the same as an IP blacklist check?
No, but they are related. An IP blacklist check tells you whether a specific IP appears on one or more known block lists (such as Spamhaus or Barracuda). An IP reputation score aggregates blacklist data alongside behavioural signals — VPN, proxy, Tor, datacenter classification, and abuse history — into a single composite score. The reputation score is more nuanced and actionable than a simple pass/fail blacklist check.
Can I use the IP Reputation API for fraud prevention?
Yes. The IP reputation score is a core signal in fraud prevention pipelines. Integrating it at signup, login, checkout, or API rate-limiting points lets you automatically block or challenge high-risk IPs — those using VPNs to hide identity, Tor for anonymity, or datacenter IPs often associated with bots and scrapers. For combined IP and email fraud scoring, see the Risk Score API.
Simple, transparent pricing
Start small, scale as you grow. No hidden fees.
Know the reputation of every IP instantly
VPN, proxy, Tor, datacenter, spam, and abuse signals combined into a single 0–100 reputation score per API call.