More than half of all web traffic is now automated. Independent measurements in 2026 put bots at over 53% of traffic, with nearly every modern attack routing through a VPN or residential proxy to look like a real user. If your app accepts signups, logins, or payments without checking where the request actually comes from, you are trusting traffic that was built to deceive you.
The good news: catching most of it is no longer a big project. This guide walks through adding live IP risk scoring to your app in about ten minutes, with a free API key and one request. Let's build it.
What you'll have at the end
A single function you can call at any sensitive moment — signup, login, checkout, password reset — that returns a clear verdict you can act on:
No machine-learning pipeline, no data warehouse, no blocklists to maintain. One HTTP call.
Step 1 — Get your free API key
Create a free account and copy your key from the dashboard. The Free plan gives you 1,500 lookups per day, forever, with every data field included and no credit card required.
Start Scoring Every IP in Real Time
GeoIPHub gives fraud, security, and engineering teams a single API for IP geolocation, VPN & proxy detection, threat intelligence, and an explainable 0–100 risk score.
Get Your Free API Key
Sign up in minutes — no credit card required. Upgrade only when you need more volume.
Step 2 — Make your first lookup
Authentication is a single header: x-api-key. The endpoint is GET /v1/lookup/{ip}. Here is the same call in three languages — try it with any IP address.
cURL
curl -H "x-api-key: YOUR_API_KEY" \
https://api.geoiphub.com/v1/lookup/45.83.220.7
Node.js
const res = await fetch("https://api.geoiphub.com/v1/lookup/45.83.220.7", {
headers: { "x-api-key": process.env.GEOIPHUB_API_KEY },
});
const data = await res.json();
console.log(data.geo.country_code); // "NL"
console.log(data.detection.is_vpn); // true
console.log(data.scoring.fraud_score); // 88
console.log(data.scoring.recommended_action); // "block"
Python
import os, requests
res = requests.get(
"https://api.geoiphub.com/v1/lookup/45.83.220.7",
headers={"x-api-key": os.environ["GEOIPHUB_API_KEY"]},
)
data = res.json()
print(data["geo"]["country_code"]) # "NL"
print(data["detection"]["is_vpn"]) # True
print(data["scoring"]["fraud_score"]) # 88
Step 3 — Read the response
The response is organized into clear groups. You rarely need all of it — for most fraud checks, the detection and scoring groups are enough:
Response (trimmed)
{
"geo": { "country_code": "NL", "city": "Amsterdam" },
"asn": { "asn": 60781, "isp": "LeaseWeb", "connection_type": "datacenter" },
"detection": {
"is_vpn": true,
"is_proxy": false,
"is_residential_proxy": false,
"is_tor": false,
"last_seen": "2026-06-12T21:14:03.000Z"
},
"scoring": {
"fraud_score": 88,
"confidence": 0.94,
"recommended_action": "block",
"detection_methods": ["vpn_handshake", "datacenter_asn", "blocklist"]
}
}
Three fields do most of the work:
fraud_score— a0–100composite. It is not a single blocklist hit; exonerating signals subtract (a residential ISP removes points, a verified search crawler removes more, and CGNAT ranges are capped) so legitimate users stay low.recommended_action—allow,challenge, orblock, if you want a decision without writing your own thresholds.detection_methods— the exact signals that fired, so every decision is explainable to a teammate, an auditor, or the customer.
Step 4 — Wire it into a real decision
Put the check at the moments that matter, and make the response graduated rather than a hard wall — because the same residential IP that carries a fraudster at noon may carry a real customer by dinner.
Gate a signup (Node.js)
async function screenSignup(ip) {
const res = await fetch(`https://api.geoiphub.com/v1/lookup/${ip}`, {
headers: { "x-api-key": process.env.GEOIPHUB_API_KEY },
});
const { scoring } = await res.json();
if (scoring.fraud_score >= 80) return "block"; // high-confidence fraud
if (scoring.fraud_score >= 50) return "challenge"; // step-up: email/SMS/OTP
return "allow"; // let real users through
}
A simple, defensible policy:
| Fraud score | Recommended response |
|---|---|
| 80–100 | Block, or hold for manual review |
| 50–79 | Step-up verification (email/SMS, payment re-auth) |
| 0–49 | Allow, and log the signal for later analysis |
That's the whole integration. From here you can expand to login (catch account takeover from anonymized IPs), checkout (stop carding and chargebacks), and promo/trial abuse (one free trial per real person, not per proxy).
Why this beats a blocklist
Static IP blocklists are stale the moment they ship — proxy pools rotate by the hour, and the same address flips between fraud and family. GeoIPHub scores each IP against live evidence on every request and returns why it scored that way. You can see the same engine behind any address right now, no account needed, with the free IP fraud score checker and the VPN & proxy detection test — or read the full API reference and the scoring methodology.
Ship it today
The threat landscape shifted: automation now outnumbers humans online, and the cheap anonymizing infrastructure that fraud rides on is widely available. The defense is no longer expensive or slow. Ten minutes, one endpoint, and a free key gets you real-time IP intelligence on every request — with an explainable score you can defend.
Create your free key, make your first lookup, and protect your next signup before it happens.
Start Scoring Every IP in Real Time
GeoIPHub gives fraud, security, and engineering teams a single API for IP geolocation, VPN & proxy detection, threat intelligence, and an explainable 0–100 risk score.
Get Your Free API Key
Sign up in minutes — no credit card required. Upgrade only when you need more volume.
Frequently Asked Questions
Is the GeoIPHub API really free to start?
Yes. The Free plan includes 1,500 IP lookups per day, forever, with no credit card required. Every data field is included on every plan — geolocation, ASN, VPN/proxy/Tor detection, threat intelligence, and the 0–100 fraud score. Paid plans (Starter $29/mo, Business $99/mo) add volume and log retention, never extra fields.
How fast can I integrate it?
About ten minutes. Create a free account, copy your API key, and make a single GET request to /v1/lookup/{ip} with an x-api-key header. The JSON response includes a ready-to-use fraud_score and recommended_action, so you can gate a signup or checkout with a few lines of code.
Will it block my real customers?
Not if you use the score as designed. The fraud_score is a 0–100 composite with exonerating signals built in (a residential ISP subtracts points, a verified crawler subtracts more, CGNAT ranges are capped). The recommended pattern is graduated: allow low scores, step up verification in the middle band, and block only high-confidence fraud.
What can I detect with one lookup?
A single call returns geolocation and ASN, VPN, public-proxy and residential-proxy and Tor flags, hosting/datacenter classification, threat signals (botnet, scanner, spammer, blocklists), and a composite fraud_score with a recommended_action and the detection_methods that fired — so you can both decide and explain the decision.
Do I need to send personal data to use it?
No. You send an IP address and receive intelligence about that IP. There is no need to send names, emails, or payment details, which keeps the integration simple and privacy-friendly.