API Reference
Free, public REST endpoint. No signup. Multi-provider fallback chain with 24 h in-memory cache. Free tier: 100 req/min per caller IP. Higher limits and paid SLAs ship with E5 (BV) close.
Try it
Loading your IP…
Endpoint
| Method | GET |
|---|---|
| URL | https://iploc.eu/api/lookup |
| Auth | None (anonymous tier). API keys ship with paid plans. |
| Content-Type | application/json |
| CORS | Access-Control-Allow-Origin: * |
Query patterns
GET /api/lookup?ip=8.8.8.8 # explicit IP via query param
GET /api/lookup/8.8.8.8 # path-style (also accepted)
GET /api/lookup # no IP — geolocates the callerResponse schema
Full JSON Schema 2020-12: /lookup.schema.json.
{
"ip": "8.8.8.8",
"city": "Mountain View",
"region": "California",
"country_code": "US",
"country_name": "United States",
"lat": 37.4056,
"lon": -122.0775,
"timezone": "America/Los_Angeles",
"asn": "AS15169",
"org": "Google LLC",
"postal": "94043",
"is_eu": false,
"_provider": "ip-api.com",
"_cached": false,
"_response_time_ms": 47
}Error responses
| Status | Error code | Meaning |
|---|---|---|
| 400 | invalid_ip | The supplied value is not a valid IPv4 or IPv6 address. |
| 400 | private_ip_rejected | Loopback, RFC1918, link-local, multicast, and CGNAT addresses are not geolocatable. |
| 405 | method_not_allowed | Only GET and HEAD are accepted. |
| 429 | rate_limited | You hit the anonymous-tier rate limit (100 req/min per caller IP). Wait, or join early-access. |
| 502 | all_providers_failed | All upstream geo providers timed out. Retry shortly. |
Rate limits
- Anonymous — 100 req/min per caller IP. No key required.
- Early-access — 10 000 req/h, attached to your API key. Join the waitlist.
- Paid — tier-based; ships with E5 BV-close.
Examples
1. curl — lookup an IP
curl https://iploc.eu/api/lookup?ip=8.8.8.82. JavaScript (fetch) — geo-personalize without a backend
const geo = await fetch('https://iploc.eu/api/lookup', {
headers: { Accept: 'application/json' },
}).then(r => r.json());
if (geo.is_eu) showCookieBanner();
document.documentElement.lang = (geo.country_code || 'en').toLowerCase();
console.log('caller geo:', geo.city, geo.country_code, geo.asn);3. Python (requests) — ASN-based bot filtering
import requests
BLOCKLIST_ASNS = {'AS14618', 'AS16509', 'AS8075'} # AWS, AWS, Microsoft
def is_likely_bot(ip: str) -> bool:
r = requests.get('https://iploc.eu/api/lookup', params={'ip': ip}, timeout=5)
r.raise_for_status()
return r.json().get('asn') in BLOCKLIST_ASNS4. Go (net/http) — fraud-scoring pipeline
type Geo struct {
IP string `json:"ip"`
CountryCode string `json:"country_code"`
ASN string `json:"asn"`
IsEU bool `json:"is_eu"`
}
func lookup(ctx context.Context, ip string) (*Geo, error) {
req, _ := http.NewRequestWithContext(ctx, "GET",
"https://iploc.eu/api/lookup?ip="+url.QueryEscape(ip), nil)
resp, err := http.DefaultClient.Do(req)
if err != nil { return nil, err }
defer resp.Body.Close()
var g Geo
return &g, json.NewDecoder(resp.Body).Decode(&g)
}Privacy
- We do not log queried IPs. Only the in-RAM LRU cache (24 h, 2 000 entries per serverless instance) retains them, and it is wiped on every redeploy and cold start.
- No cookies, no analytics on this endpoint. The CDN caches the response by URL only; no caller fingerprinting.
- EU residency. Functions run on Vercel’s Frankfurt and Amsterdam regions.
- GDPR Art. 28 DPA available on the paid tier for processor agreements.
Source providers (current)
While the M0 beta runs, /api/lookup proxies a fallback chain of four free providers (ip-api.com → ipwho.is → ipinfo.io → freeipapi.com). The provider that served your response is reported in _provider. The owned MaxMind GeoIP2-City + ASN stack ships post BV-close (target: 8 weeks).
Join the waitlist for paid tiers →
Get early access — 50% off for 12 months
First 100 signups lock in 50% off any paid plan for the first year. No credit card required — we’ll email you at launch.