API Documentation
Public API reference focused on practical integration: endpoint structure, request parameters,
response schema, antifraud fields, and error behavior.
The content mirrors dashboard docs but is available in public mode, without private key values.
API Documentation
Detailed reference for /api with Bearer auth, error codes, and antifraud integration.
What's New In Current API Version
| Geo enrichment |
geo.country_enrichment now includes calling code, TLD, language, currency metadata and rates (USD + BTC/ETH/BNB/TON context). |
| Antifraud insights |
advanced_insights moved inside antifraud and returned as the last element for antifraud plans. |
| Behavior analytics |
Distance/speed travel checks, profile consistency and decision hints are included in antifraud.advanced_insights. |
Endpoint
| URL | https://geoip.space/api/ |
| Method | GET |
| Content-Type | application/json; charset=utf-8 |
| Auth | Authorization: Bearer YOUR_API_KEY |
Request Parameters
| Name |
Required |
Type |
Description |
ip |
Yes |
string |
Target IPv4/IPv6 address to check. |
user_id |
Yes |
string |
Stable client identifier used by antifraud behavior engine (country/ASN switches, device behavior history). |
ua |
No |
string |
User-Agent string. If omitted, endpoint uses current request UA from headers. |
fields |
No |
string |
Response field filter. Comma or pipe separated. Example: fields=geo.country,geo.country_enrichment.tld,antifraud.risk_score. |
crypto |
No |
string |
Optional filter for geo.country_enrichment.rates.crypto. Allowed: BTC,ETH,BNB,TON. Example: crypto=BTC,ETH. |
Field Filter Rules
| Rule | Details |
|---|
| Default behavior | If fields is omitted, response is full by subscription plan. |
| Path format | Dot notation: geo.country, geo.country_enrichment.tld, antifraud.risk_score. |
| Antifraud-only fields | asn, ptr, antifraud.* require antifraud subscription. |
| Heavy subdata filter | Use crypto to limit returned crypto rates, instead of overloading fields for value filtering. |
| When plan is not enough | API returns HTTP 200 plus access.missing_fields and required plan. |
Authorization (Bearer)
Authorization: Bearer YOUR_API_KEY
API key in query string is not used. Send key only in Bearer header.
user_id for Antifraud
`user_id` is required because antifraud correlates activity by account/device identity over time. It can be internal user ID, hashed email, payment account ID, or anonymous cookie-based ID.
| Example Source | Example user_id |
|---|
| Internal account | usr_15293 |
| CRM / billing account | billing_9fa2d11 |
| Hashed login | sha256:8f2f...ab1e |
| Anonymous cookie id | anon_7f3a2c9a1e44b2d0 |
Cookie-based user_id (without PHP session)
// Browser JS example
function getOrCreateUserId() {
const key = 'gid_uid';
const found = document.cookie.split('; ').find(v => v.startsWith(key + '='));
if (found) return decodeURIComponent(found.split('=')[1]);
const uid = 'anon_' + crypto.randomUUID().replace(/-/g, '').slice(0, 16);
document.cookie = `${key}=${encodeURIComponent(uid)}; Max-Age=31536000; Path=/; SameSite=Lax`;
return uid;
}
Success Response (geo plan)
{
"status": "ok",
"error_code": 0,
"http_status": 200,
"ip": "8.8.8.8",
"ua": "Mozilla/5.0 ...",
"user_id": "usr_15293",
"subscription_type": "geo",
"geo": {
"city": {"name": "Mountain View", "geoname_id": 5375480},
"country": {"iso_code": "US", "name": "United States", "geoname_id": 6252001},
"location": {"latitude": 37.4056, "longitude": -122.0775, "accuracy_radius": 1000},
"timezone": "America/Los_Angeles",
"postal": "94043",
"country_enrichment": {
"phone_code": "+1",
"tld": ".us",
"languages": [{"code":"en","name":"English"}],
"currencies": [{"code":"USD","name":"United States dollar","symbol":"$"}],
"rates": {
"currency_code": "USD",
"units_per_usd": 1,
"usd_per_unit": 1,
"crypto": {
"BTC": {"units_per_coin": 97000, "coin_per_unit": 0.0000103, "usd_per_coin": 97000, "coin_per_usd": 0.0000103}
}
}
},
"geo_intelligence": {
"is_eu": false,
"is_schengen": false
}
}
}
Success Response (antifraud plan)
{
"status": "ok",
"error_code": 0,
"http_status": 200,
"subscription_type": "antifraud",
"geo": {...},
"asn": {"asn": 15169, "org": "Google LLC", "network_type": "ISP"},
"ptr": "dns.google",
"antifraud": {
"risk_score": 42,
"proxy_suspected": false,
"confidence": 0.7,
"signals": ["ASN:heuristic"],
"behavior": {
"acc_country_switch": 2,
"dev_asn_switch": 3
},
"advanced_insights": {
"distance_to_historical_user_centroid_km": 18.4,
"distance_to_historical_user_centroid_note": "ok",
"location_stability_score": 86,
"impossible_travel": {
"is_detected": false,
"distance_km": 35.7,
"elapsed_minutes": 52.3,
"speed_kmh": 41.0,
"note": "speed_within_plausible_range"
},
"business_hours_mismatch": {
"current_hour_utc": 12,
"historical_avg_hour_utc": 11.6,
"hour_delta": 0.4,
"is_mismatch": false
},
"country_risk_profile": {
"country_iso2": "US",
"fraud_pressure_score": 31,
"chargeback_risk_bucket": "low",
"sanctions_flag": false
},
"asn_reputation": {
"asn": 15169,
"risk_score": 9,
"network_type": "ISP",
"reputation_tier": "trusted"
},
"network_change_anomaly": {
"primary_asn": 15169,
"current_asn": 15169,
"is_anomaly": false,
"asn_variants_recent": 1
},
"geo_consistency_with_profile": {
"primary_country": "US",
"current_country": "US",
"match": true,
"confidence": 0.92
},
"travel_context": {
"status": "normal",
"summary": "Current request aligns with recent mobility pattern"
},
"ip_quality_index": 82,
"region_precision_level": "city_level",
"smart_action_hint": "allow",
"source_signals": ["ASN:heuristic"]
}
}
}
Response Field Catalog (Paths)
| Path | Description |
|---|
status | Response status (ok or error). |
error_code | Numeric application code. |
http_status | HTTP status duplicated in body. |
ip | Checked IP address. |
ua | User-Agent used in analysis. |
user_id | Stable client identifier. |
subscription_type | none, geo, antifraud. |
geo.city.name | City name. |
geo.city.geoname_id | GeoNames city ID. |
geo.country.iso_code | ISO2 country code. |
geo.country.name | Country name. |
geo.country.geoname_id | GeoNames country ID. |
geo.location.latitude | Latitude. |
geo.location.longitude | Longitude. |
geo.location.accuracy_radius | Geo accuracy radius (km, provider-dependent). |
geo.timezone | IANA timezone. |
geo.postal | Postal code if available. |
geo.country_enrichment.iso2 | ISO2 code. |
geo.country_enrichment.iso3 | ISO3 code. |
geo.country_enrichment.name | Country display name. |
geo.country_enrichment.geoname_id | Country GeoNames ID. |
geo.country_enrichment.flag_emoji | Unicode flag emoji. |
geo.country_enrichment.flag_cdn_png_20 | Flag PNG 20px URL. |
geo.country_enrichment.flag_cdn_png_40 | Flag PNG 40px URL. |
geo.country_enrichment.flag_cdn_svg | Flag SVG URL. |
geo.country_enrichment.calling_code | Primary calling code. |
geo.country_enrichment.calling_codes | All calling codes list. |
geo.country_enrichment.capital | Capital city. |
geo.country_enrichment.continent | Continent object. |
geo.country_enrichment.tld | Country top-level domain. |
geo.country_enrichment.currency | Primary currency object. |
geo.country_enrichment.currencies | Currencies list. |
geo.country_enrichment.languages | Languages list. |
geo.country_enrichment.is_in_european_union | EU membership flag if known. |
geo.country_enrichment.localized_names | Localized country names map. |
geo.country_enrichment.enrichment_source | Enrichment dataset marker. |
geo.country_enrichment.rates.currency_code | Fiat code used as base. |
geo.country_enrichment.rates.units_per_usd | How many fiat units per 1 USD. |
geo.country_enrichment.rates.usd_per_unit | How many USD per 1 fiat unit. |
geo.country_enrichment.rates.crypto.BTC|ETH|BNB|TON.units_per_coin | Fiat units per one coin. |
geo.country_enrichment.rates.crypto.BTC|ETH|BNB|TON.coin_per_unit | Coins per one fiat unit. |
geo.country_enrichment.rates.crypto.BTC|ETH|BNB|TON.usd_per_coin | USD value per coin. |
geo.country_enrichment.rates.crypto.BTC|ETH|BNB|TON.coin_per_usd | Coins per 1 USD. |
geo.geo_intelligence.geo_point | lat,lon pair. |
geo.geo_intelligence.hemisphere | Hemisphere code (e.g. NW). |
geo.geo_intelligence.geohash_8 | Geohash precision 8. |
geo.geo_intelligence.distance_from_equator_km | Distance from equator. |
geo.geo_intelligence.distance_from_prime_meridian_km | Distance from prime meridian. |
geo.geo_intelligence.map_urls.openstreetmap | OpenStreetMap URL. |
geo.geo_intelligence.map_urls.google_maps | Google Maps URL. |
geo.geo_intelligence.time.timezone | Timezone echo. |
geo.geo_intelligence.time.current_local_time | Current local timestamp. |
geo.geo_intelligence.time.utc_offset_seconds | UTC offset in seconds. |
geo.geo_intelligence.time.utc_offset_hours | UTC offset in hours. |
geo.geo_intelligence.time.is_dst | Daylight-saving flag. |
geo.geo_intelligence.time.error | Time error marker (if timezone invalid). |
asn | ASN block (antifraud plan only). |
ptr | PTR/DNS block (antifraud plan only). |
antifraud.risk_score | Risk score 0..100. |
antifraud.proxy_suspected | Proxy/VPN suspicion flag. |
antifraud.confidence | Confidence coefficient. |
antifraud.signals | Triggered signal list. |
antifraud.behavior | Behavior counters block. |
antifraud.advanced_insights.distance_to_historical_user_centroid_km | Distance to user historical centroid. |
antifraud.advanced_insights.distance_to_historical_user_centroid_note | Centroid calc status. |
antifraud.advanced_insights.location_stability_score | Location stability score 0..100. |
antifraud.advanced_insights.impossible_travel | Travel-speed anomaly block. |
antifraud.advanced_insights.business_hours_mismatch | Time-pattern anomaly block. |
antifraud.advanced_insights.country_risk_profile | Country fraud pressure block. |
antifraud.advanced_insights.asn_reputation | ASN reputation block. |
antifraud.advanced_insights.network_change_anomaly | ASN change anomaly block. |
antifraud.advanced_insights.geo_consistency_with_profile | Current geo vs user profile block. |
antifraud.advanced_insights.travel_context | Travel status summary block. |
antifraud.advanced_insights.ip_quality_index | IP quality index 0..100. |
antifraud.advanced_insights.region_precision_level | Derived region precision level. |
antifraud.advanced_insights.smart_action_hint | Recommended action: allow/step_up_2fa/manual_review/block. |
antifraud.advanced_insights.source_signals | Signals used in advanced scoring. |
access.message | Plan access warning message for filtered response. |
access.required_subscription | Required plan type for missing fields. |
access.missing_fields | Requested fields denied by plan. |
access.available_fields | Requested fields that were returned. |
Error Response Format
{
"status": "error",
"error_code": 1005,
"http_status": 401,
"message": "Invalid API key"
}
Numeric Error Codes
| Error Code |
HTTP |
Meaning |
0 | 200 | Success. |
1001 | 405 | Method not allowed. Use GET. |
1002 | 400 | Missing ip parameter. |
1003 | 400 | Invalid ip format. |
1004 | 401 | Missing/invalid Bearer Authorization header. |
1005 | 401 | API key is invalid. |
1006 | 400 | Missing user_id parameter. |
1007 | 429 | Rate limit exceeded for key without active subscription (10 req / 60 sec). |
1008 | 400 | Invalid fields format. |
1009 | 400 | Invalid crypto format (allowed: BTC,ETH,BNB,TON). |
1500 | 500 | Framework bootstrap error. |
1501 | 500 | Internal lookup/runtime error. |
Examples (Bearer + user_id)
cURL
curl -G "https://geoip.space/api/" \
--data-urlencode "ip=8.8.8.8" \
--data-urlencode "user_id=anon_7f3a2c9a1e44b2d0" \
--data-urlencode "fields=geo.country,geo.country_enrichment.tld,antifraud.risk_score" \
--data-urlencode "crypto=BTC,ETH" \
-H "Authorization: Bearer YOUR_API_KEY"
JavaScript (browser fetch)
const userId = getOrCreateUserId();
const url = new URL("https://geoip.space/api/");
url.searchParams.set("ip", "8.8.8.8");
url.searchParams.set("user_id", userId);
url.searchParams.set("fields", "geo.country,geo.country_enrichment.tld,antifraud.risk_score");
url.searchParams.set("crypto", "BTC,ETH");
const res = await fetch(url, {
headers: { Authorization: "Bearer YOUR_API_KEY" }
});
const data = await res.json();
console.log(data.antifraud?.risk_score, data.antifraud?.advanced_insights?.smart_action_hint);
PHP (cURL)
$userId = $_COOKIE['gid_uid'] ?? ('anon_' . bin2hex(random_bytes(8)));
setcookie('gid_uid', $userId, time() + 31536000, '/');
$url = "https://geoip.space/api/?ip=8.8.8.8&user_id=" . urlencode($userId) . "&fields=geo.country,geo.country_enrichment.tld,antifraud.risk_score&crypto=BTC,ETH";
$ch = curl_init($url);
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => ["Authorization: Bearer YOUR_API_KEY"]
]);
$response = curl_exec($ch);
curl_close($ch);
$data = json_decode($response, true);
$score = $data['antifraud']['risk_score'] ?? null;
$hint = $data['antifraud']['advanced_insights']['smart_action_hint'] ?? 'allow';
Python (requests)
import requests, uuid
user_id = "anon_" + uuid.uuid4().hex[:16]
r = requests.get(
"https://geoip.space/api/",
params={
"ip": "8.8.8.8",
"user_id": user_id,
"fields": "geo.country,geo.country_enrichment.tld,antifraud.risk_score",
"crypto": "BTC,ETH",
},
headers={"Authorization": "Bearer YOUR_API_KEY"},
timeout=10,
)
data = r.json()
print(data.get("geo", {}).get("country", {}).get("iso_code"))
print(data.get("antifraud", {}).get("risk_score"))
print(data.get("antifraud", {}).get("advanced_insights", {}).get("smart_action_hint"))
Java (HttpClient)
String userId = "anon_" + java.util.UUID.randomUUID().toString().replace("-", "").substring(0, 16);
String api = "https://geoip.space/api/?ip=8.8.8.8&user_id=" + userId + "&fields=geo.country,geo.country_enrichment.tld,antifraud.risk_score&crypto=BTC,ETH";
HttpRequest req = HttpRequest.newBuilder()
.uri(URI.create(api))
.header("Authorization", "Bearer YOUR_API_KEY")
.GET()
.build();
HttpResponse<String> res = HttpClient.newHttpClient()
.send(req, HttpResponse.BodyHandlers.ofString());
System.out.println(res.body());
C++ (libcurl)
std::string userId = "anon_7f3a2c9a1e44b2d0";
std::string url = "https://geoip.space/api/?ip=8.8.8.8&user_id=" + userId + "&fields=geo.country,geo.country_enrichment.tld,antifraud.risk_score&crypto=BTC,ETH";
struct curl_slist* headers = NULL;
headers = curl_slist_append(headers, "Authorization: Bearer YOUR_API_KEY");
CURL* curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writeCallback);
curl_easy_perform(curl);
Kotlin (OkHttp)
val userId = "anon_" + java.util.UUID.randomUUID().toString().replace("-", "").take(16)
val url = "https://geoip.space/api/?ip=8.8.8.8&user_id=$userId&fields=geo.country,geo.country_enrichment.tld,antifraud.risk_score&crypto=BTC,ETH"
val request = Request.Builder()
.url(url)
.addHeader("Authorization", "Bearer YOUR_API_KEY")
.get()
.build()
val body = OkHttpClient().newCall(request).execute().body?.string()
println(body)
Response when antifraud field is requested without antifraud plan
{
"status": "ok",
"error_code": 0,
"http_status": 200,
"subscription_type": "geo",
"geo": {
"country": {"iso_code": "US", "name": "United States"},
"country_enrichment": {"tld": ".us"}
},
"access": {
"message": "Some requested fields are unavailable for your current subscription",
"required_subscription": "antifraud",
"missing_fields": ["antifraud.risk_score"],
"available_fields": ["geo.country", "geo.country_enrichment.tld"]
}
}