IP Blacklist Lookup API
Overview
To use IP Blacklist Lookup, you need an API key. You can get one by creating a free account and visiting your dashboard.
GET Endpoint
https://api.apiverve.com/v1/ipblacklistlookupExample
How to call the IP Blacklist Lookup API in different programming languages.
curl -X GET \
"https://api.apiverve.com/v1/ipblacklistlookup?ip=185.220.101.1" \
-H "X-API-Key: your_api_key_here"const response = await fetch('https://api.apiverve.com/v1/ipblacklistlookup?ip=185.220.101.1', {
method: 'GET',
headers: {
'X-API-Key': 'your_api_key_here',
'Content-Type': 'application/json'
}
});
const data = await response.json();
console.log(data);import requests
headers = {
'X-API-Key': 'your_api_key_here',
'Content-Type': 'application/json'
}
response = requests.get('https://api.apiverve.com/v1/ipblacklistlookup?ip=185.220.101.1', headers=headers)
data = response.json()
print(data)package main
import (
"fmt"
"io"
"net/http"
)
func main() {
req, _ := http.NewRequest("GET", "https://api.apiverve.com/v1/ipblacklistlookup?ip=185.220.101.1", nil)
req.Header.Set("X-API-Key", "your_api_key_here")
req.Header.Set("Content-Type", "application/json")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}{
"status": "ok",
"error": null,
"data": {
"ipAddress": "185.220.101.1",
"isIPBlacklisted": true,
"inbound": {
"found": true,
"description": "IP is known for malicious inbound activity (spam, scanning, brute-force attacks)"
},
"outbound": null,
"threatLevel": "high",
"ipDetails": {
"ip": "185.220.101.1",
"country": "DE",
"region": "BY",
"timezone": "Europe/Berlin",
"city": "Nuremberg",
"coordinates": [
49.4478,
11.0683
],
"countryName": "Germany",
"regionName": "Bavaria",
"postalCode": "90403",
"continent": "EU",
"continentName": "Europe",
"accuracyRadius": 20
}
}
}Authentication
The IP Blacklist Lookup API requires authentication via API key. Include your API key in the request header:
X-API-Key: your_api_key_hereInteractive API Playground
Test the IP Blacklist Lookup API directly in your browser with live requests and responses.
Parameters
The following parameters are available for the IP Blacklist Lookup API:
Check IP Against Blocklists
| Parameter | Type | Required | Description | Default | Example |
|---|---|---|---|---|---|
ip | string | required | The IP address to check against blocklists Format: ip (e.g., 185.220.101.1) | - |
Response
The IP Blacklist Lookup API returns responses in JSON, XML, YAML, and CSV formats. The JSON response is shown in the Example section above; alternative formats below.
Other Response Formats
<?xml version="1.0" encoding="UTF-8"?>
<response>
<status>ok</status>
<error xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
<data>
<ipAddress>185.220.101.1</ipAddress>
<isIPBlacklisted>true</isIPBlacklisted>
<inbound>
<found>true</found>
<description>IP is known for malicious inbound activity (spam, scanning, brute-force attacks)</description>
</inbound>
<outbound xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
<threatLevel>high</threatLevel>
<ipDetails>
<ip>185.220.101.1</ip>
<country>DE</country>
<region>BY</region>
<timezone>Europe/Berlin</timezone>
<city>Nuremberg</city>
<coordinates>
<coordinate>49.4478</coordinate>
<coordinate>11.0683</coordinate>
</coordinates>
<countryName>Germany</countryName>
<regionName>Bavaria</regionName>
<postalCode>90403</postalCode>
<continent>EU</continent>
<continentName>Europe</continentName>
<accuracyRadius>20</accuracyRadius>
</ipDetails>
</data>
</response>
status: ok
error: null
data:
ipAddress: 185.220.101.1
isIPBlacklisted: true
inbound:
found: true
description: >-
IP is known for malicious inbound activity (spam, scanning, brute-force
attacks)
outbound: null
threatLevel: high
ipDetails:
ip: 185.220.101.1
country: DE
region: BY
timezone: Europe/Berlin
city: Nuremberg
coordinates:
- 49.4478
- 11.0683
countryName: Germany
regionName: Bavaria
postalCode: '90403'
continent: EU
continentName: Europe
accuracyRadius: 20
| key | value |
|---|---|
| ipAddress | 185.220.101.1 |
| isIPBlacklisted | true |
| inbound | {found:true,description:IP is known for malicious inbound activity (spam, scanning, brute-force attacks)} |
| outbound | |
| threatLevel | high |
| ipDetails | {ip:185.220.101.1,country:DE,region:BY,timezone:Europe/Berlin,city:Nuremberg,coordinates:[49.4478,11.0683],countryName:Germany,regionName:Bavaria,postalCode:90403,continent:EU,continentName:Europe,accuracyRadius:20} |
Response Structure
All API responses follow a consistent structure with the following fields:
| Field | Type | Description | Example |
|---|---|---|---|
status | string | Indicates whether the request was successful ("ok") or failed ("error") | ok |
error | string | null | Contains error message if status is "error", otherwise null | null |
data | object | null | Contains the API response data if successful, otherwise null | {...} |
Learn more about response formats →
Response Data Fields
When the request is successful, the data object contains the following fields:
| Field | Type | Sample Value | Description |
|---|---|---|---|
ipAddress | string | The IP address that was checked | |
isIPBlacklisted | boolean | Whether IP appears on any known blocklists | |
inboundPremium | object | Inbound threat assessment for attacker/spam sources | |
â”” found | boolean | Whether IP is on inbound attacker blocklist | |
â”” description | string | Description of inbound threat type if found | |
outboundPremium | object | Outbound threat assessment for malicious destinations | |
threatLevelPremium | string | Overall threat severity assessment level | |
ipDetailsPremium | object | Geolocation details for the IP address | |
â”” ip | string | The queried IP address | |
â”” country | string | Two-letter country code of IP location | |
â”” region | string | Region/state code of IP location | |
â”” timezone | string | Timezone of IP geolocation | |
â”” city | string | City name of IP location | |
â”” coordinates | array | Latitude and longitude coordinates of IP | |
â”” countryName | string | Full country name of IP location | |
â”” regionName | string | Full region/state name of IP location | |
â”” postalCode | string | Postal code of IP geolocation | |
â”” continent | string | Continent code of IP location | |
â”” continentName | string | Full continent name of IP location | |
â”” accuracyRadius | number | Accuracy radius in kilometers for IP geolocation |
Headers
Only X-API-Key is required. Optional headers include Accept for response format negotiation (JSON, XML, or YAML), User-Agent, and X-Request-ID for request tracing. See all request headers →
GraphQL AccessALPHA
Access IP Blacklist Lookup through GraphQL to combine it with other API calls in a single request. Query only the ip blacklist lookup data you need with precise field selection, and orchestrate complex data fetching workflows.
Credit Cost: Each API called in your GraphQL query consumes its standard credit cost.
POST https://api.apiverve.com/v1/graphqlquery {
ipblacklistlookup(
input: {
ip: "185.220.101.1"
}
) {
ipAddress
isIPBlacklisted
inbound {
found
description
}
outbound
threatLevel
ipDetails {
ip
country
region
timezone
city
coordinates
countryName
regionName
postalCode
continent
continentName
accuracyRadius
}
}
}Note: Authentication is handled via the x-api-key header in your GraphQL request, not as a query parameter.
CORS Support
The IP Blacklist Lookup API accepts cross-origin requests from any origin, so it can be called directly from browser-based applications without a proxy. See CORS support →
Rate Limiting
IP Blacklist Lookup requests are throttled per minute on the Free plan and unthrottled on paid plans. Exceeding the limit returns 429 Too Many Requests; rate-limit usage is reported in the X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset response headers. See per-plan limits and best practices →
Error Codes
The IP Blacklist Lookup API uses standard HTTP status codes — 200 on success, 400 for invalid parameters, 401 for missing or invalid keys, 403 for insufficient credits, 429 for rate-limit exhaustion, and 500/503 for server-side issues. Each error response includes an X-Request-ID header you can quote when contacting support. See full error handling guide →
SDKs for IP Blacklist Lookup
Official IP Blacklist Lookup packages on npm, PyPI, NuGet, and JitPack — plus a Postman collection and an OpenAPI spec. See the SDK guide →
No-Code Integrations
IP Blacklist Lookup works with Zapier, Make, Pipedream, n8n, and Power Automate using the same API key. See setup guides →
Frequently Asked Questions
How do I get an API key for IP Blacklist Lookup?
How many credits does IP Blacklist Lookup cost?
Each successful IP Blacklist Lookup API call consumes credits based on plan tier. Check the pricing section above for the exact credit cost. Failed requests and errors don't consume credits, so you only pay for successful ip blacklist lookup lookups.
Can I use IP Blacklist Lookup in production?
The free plan is for testing and development only. For production use of IP Blacklist Lookup, upgrade to a paid plan (Starter, Pro, or Mega) which includes commercial use rights, no attribution requirements, and guaranteed uptime SLAs. All paid plans are production-ready.
Can I use IP Blacklist Lookup from a browser?
What happens if I exceed my IP Blacklist Lookup credit limit?
When you reach your monthly credit limit, IP Blacklist Lookup API requests will return an error until you upgrade your plan or wait for the next billing cycle. You'll receive notifications at 80% and 95% usage to give you time to upgrade if needed.








