ipstack Alternative — Why Developers Switch to IP Geo API

TL;DR: ipstack (by apilayer) is a widely-used IP geolocation service with global infrastructure, but its free tier is HTTP-only (no HTTPS), requires attribution, and the useful bits (threat detection via the “Security Module”) are paywalled. If you need HTTPS on every tier, EU-only hosting, EUR billing, or threat classification without a bolt-on add-on, IP Geo API is the faster path. Drop-in REST replacement, EU-hosted on Hetzner Frankfurt + Vercel fra1.

Try IP Geo API free → · 1.000 requests/day · HTTPS on every tier · no credit card

Quick comparison

Honest note: ipstack has broader global edge presence than an EU-only provider can match for non-EU clients, and the apilayer multi-API dashboard is convenient if you already use their other APIs (currencylayer, weatherstack, etc.). If those outweigh EU residency or HTTPS-on-free for you, stay with ipstack.

When IP Geo API is the better fit

1. You need HTTPS on your free tier

ipstack’s free plan serves over HTTP only. For any modern browser-side code, that means mixed-content warnings, CSP headers blocking the request, and in many cases outright failure. The workaround (upgrade to Basic at $9.99/mo) is fine if you have revenue, but it’s a hard wall for side projects and proof-of-concepts. IP Geo API serves HTTPS on every plan — including the 1.000 req/day free tier.

2. You need VPN/proxy detection without a second invoice

ipstack’s “Security Module” (fraud flags, proxy/Tor/VPN detection) is a paid add-on, not included even in the Basic plan. That means fraud-prevention use cases force a jump to Professional ($49.99/mo) or beyond. IP Geo API ships is_vpn, is_proxy, is_tor, is_datacenter, is_residential on every response, every tier — no add-on, no quota multiplier.

3. You need EU data residency (GDPR Article 44+)

apilayer is a US/Austrian company operating global infrastructure. Your IP queries may transit US-based edge nodes. For regulated industries (fintech, healthtech, gov-tech, adtech under GDPR scrutiny), that’s a compliance liability. IP Geo API runs only on EU infrastructure (Hetzner Nuremberg + Vercel fra1) and contractually commits to no transfer to non-adequacy countries.

4. You’re tired of USD pricing

Paddle/USD invoicing + monthly FX volatility add 1-3% friction to every bill. Dutch, Belgian, German, and French accounting teams flag this as a recurring annoyance. IP Geo API bills in EUR. iDEAL, SEPA, and Bancontact are first-class payment methods. No FX, no currency-conversion fee, no surprises on the monthly close.

5. You outgrew ipstack’s free 100-request ceiling

100 requests per month is thin for anything beyond a single-page demo. IP Geo API’s free tier is 1.000 requests per day (~30× ipstack’s monthly quota), attribution-free.

6. Your team prefers a simple, single-vendor invoice in EUR

Especially relevant for Dutch/Belgian/German agencies where supplier invoicing is audited. Mollie is a Dutch BV, fully invoicable, BTW-compliant. One invoice, one vendor, no reseller pass-through.

Migration guide (15 minutes)

Step 1: Sign up

# 1. Create account
open https://ipgeo.10b.app/pricing

# 2. Get your API key from the dashboard
export IPGEO_API_KEY=sk_live_...

Step 2: Swap the URL

ipstack:

curl "http://api.ipstack.com/8.8.8.8?access_key=YOUR_KEY"
# ↑ note the http:// on free tier

IP Geo API:

curl https://ipgeo.10b.app/v1/lookup/8.8.8.8 \
  -H "Authorization: Bearer $IPGEO_API_KEY"

Step 3: Map response fields

Most fields are 1:1 compatible. Key differences:

A compatibility shim (?format=ipstack) is available that returns the legacy ipstack flat shape — useful if you don’t want to refactor consumer code:

curl "https://ipgeo.10b.app/v1/lookup/8.8.8.8?format=ipstack" \
  -H "Authorization: Bearer $IPGEO_API_KEY"

Step 4: Verify rate limits

Free: 1.000 req/day, no burst. Starter (EUR 29/mo): 100K req/mo, 60 req/sec burst. Business (EUR 99/mo): 1M req/mo, 200 req/sec burst, dedicated IP.

Step 5: Cut over

Recommended: dual-write for 24-48h, compare results (especially threat.* flags, which will be richer), then switch DNS / config / env var. Most customers complete the cutover in <30 minutes including verification.

Pricing comparison (2026-04-23)

Pricing accurate as of 2026-04-23 based on vendor public pages. Verify on ipstack.com/product and ipgeo.10b.app/pricing before purchase decisions — ipstack has changed quotas and prices historically.

What ipstack does better

Honest disclosure — these are real strengths of ipstack:

• Global Anycast edge: if your users are spread across 50+ countries, ipstack’s global network has lower median latency than EU-hosted IP Geo API for non-EU clients. For a European SaaS with European users, this rarely matters.
• Longer track record: ipstack has been live since 2016. IP Geo API launched in 2026.
• apilayer ecosystem: if you’re already using currencylayer, weatherstack, numverify, or another apilayer API, one dashboard is convenient.
• Wider output format support: XML fallback is available. IP Geo API is JSON-only by design.

If those matter more than HTTPS-on-free-tier, EU data residency, or EUR billing — ipstack is still a fine choice. We won’t pretend otherwise.

FAQ

Is IP Geo API built on the same data as ipstack?

Both pull from broadly similar upstream sources (MaxMind-style databases). IP Geo API is built on MaxMind GeoLite2 + IP2Location LITE + custom ASN enrichment, with our own threat-scoring model trained on public abuse feeds. ipstack’s upstream composition is not publicly disclosed.

How accurate is the geolocation?

Country-level: ~99.5%. City-level: ~85% within 25km radius — consistent with industry benchmarks for IP-only resolution. This is not GPS-grade; no IP geolocation provider is.

Why is HTTPS-on-free such a big deal?

Modern browsers block mixed content (HTTPS page → HTTP API) by default. CSP headers block it more strictly. For any client-side JavaScript that looks up visitor geolocation from a production HTTPS site, ipstack free tier is effectively unusable without a paid upgrade. IP Geo API’s free tier ships HTTPS so side projects and MVPs can ship without an upfront invoice.

Do you offer batch lookups?

Yes — POST /v1/lookup/batch accepts up to 100 IPs per request, counted as 100 against your quota. ipstack’s bulk endpoint tops out at 50 per request.

What about IPv6?

Full IPv6 support on every tier. Same endpoint, same response shape.

Can I self-host?

Not at the moment. EU-managed SaaS is the current focus. If you have a self-hosted requirement (€10K+/year), contact us.

Do you log my queries?

Operational logs only (1 hour retention for debugging). No customer-IP-to-queried-IP mapping is retained for analytics. See our privacy policy for full disclosure.

What happens if I exceed my quota?

Hard cutoff at 100% (HTTP 429). Optional soft-burst (110% for 30 min) on Business plan. No surprise overage bills — a pattern some apilayer users have flagged on Paddle invoices.

I already pay for ipstack’s Security Module. How is IP Geo API’s threat data different?

Our threat classification (is_vpn, is_proxy, is_tor, is_datacenter, is_residential) uses an ensemble of public abuse feeds (Spamhaus DROP, FireHOL, AbuseIPDB-lite) + our own passive-probe data. It returns on every request at no extra charge. If you need signed, audit-trail reports for regulated fraud use cases, contact us for the Business-plus offer.

Read also

IP Geo API vs ipstack in 2026: HTTPS-on-Free, EU Hosting, and the Security Module Question → — 5-minute narrative companion to this comparison: why the HTTP-only free tier breaks browser-side calls, how the bundled threat-detection block compares to ipstack’s Security Module add-on, code-diff migration sketch, and 2026 pricing math at 100K / 1M / 10M req/mo.

How to Migrate from ipstack to IP Geo API in 2026: A Step-by-Step Drop-In Guide → — practical 7-step migration guide: field-by-field map, drop-in code diffs (Python / Node / Go), the HTTP→HTTPS scheme-flip and Security-Module-paywall gotchas, shadow-mode validation, gradual cutover, rollback plan.

Six sibling migration walkthroughs — same field-map + code-diff format, different incumbent gotchas:

• Migrate from MaxMind GeoIP2 to IP Geo API (2026 walkthrough) → — drop the weekly .mmdb sync, swap to a REST call with the same field shape, edge-cache patterns + CSV→JSON field map.
• Migrate from ipinfo.io to IP Geo API (2026 walkthrough) → — loc-string parsing, org ASN+name regex split, and Authorization-header edge-stripping gotchas.
• Migrate from ipapi.co to IP Geo API (2026 walkthrough) → — per-day rate-limit fragmentation, org ASN+name regex, attribution-backlink scrub for paid-tier customers.
• Migrate from ipgeolocation.io to IP Geo API (2026 walkthrough) → — separately-billed Security API SKU consolidation, apiKey-in-URL log-leak hardening, and latitude/longitude string-vs-number gotchas.
• Migrate from IP2Location to IP Geo API (2026 walkthrough) → — BIN/CSV/MMDB-download decommission, IP2Proxy SKU consolidation, USD-annual-prepay-to-EUR-monthly billing migration, and proxy_type enum-vs-split-booleans gotchas.
• Migrate from DB-IP to IP Geo API (2026 walkthrough) → — MMDB/CSV-download decommission, IP-to-Threat / Anonymous / Datacenter SKU consolidation, CC-BY-4.0 attribution-backlink scrub, and countryCode3 ISO-3 vs ISO-2 gotchas.

If you’re also comparing IP Geo API against the other providers most often shortlisted next to ipstack, the narrative deep-dives:

• IP Geo API vs ipinfo.io in 2026: When the EU Alternative Wins (and When It Doesn’t) → — code-level migration sketch + 2026 pricing math at 100K / 1M / 10M req/mo.
• IP Geo API vs MaxMind in 2026: SaaS vs DB Download — Which Stack Wins? → — when GeoIP2 binary still wins, when EU-hosted SaaS wins, and how the math changes at 1M+ req/mo.
• IP Geo API vs ipapi.co in 2026: Free-Tier Attribution, EU Residency, and the Threat-Detection Question → — attribution-free free tier, bundled VPN/proxy/Tor flags vs paid-only proxy/tor, EUR billing.
• IP Geo API vs ipgeolocation.io in 2026: Bundled Endpoints, Bundled Threat-Detection, and the EU-Residency Question → — separately-priced Security API vs bundled threat block, USD vs EUR billing, ~600B vs ~1.4KB payload.
• IP Geo API vs IP2Location in 2026: REST-First vs Database-Download — Which Model Wins for Your Stack? → — REST-only managed API vs annual BIN/CSV/MMDB licensing, IP2Proxy bundling cost, EU residency.
• IP Geo API vs DB-IP in 2026: REST-First vs DB-Download — Which EU Vendor Wins for Your Stack? → — attribution-free free tier, EU-edges-only, bundled threat detection vs per-axis subscription stack.

Try IP Geo API free

Start with 1.000 free requests/day →

HTTPS on every tier. No credit card. No attribution. EU-hosted. EUR billing. Cancel anytime.

Have a question? Reply to any onboarding email or open an issue at github.com/corem6/ip-geo-api.

Industry deep-dives

• IP Geolocation for Fintech — KYC, Sanctions Screening, Fraud, and EU Residency → — fintech-specific deep-dive: the three IP-control surfaces (KYC country-of-origin, OFAC/EU sanctions, payment-fraud risk), EU-hosted GDPR posture, EUR billing, ASN-level hosting detection, and ≤40 ms median EU-edge latency for 800-1200 ms PSP authorisation budgets.

• IP Geolocation for Ad-Tech — RTB Enrichment, SIVT/IVT Filtering, and Click-Fraud Attribution → — ad-tech-specific deep-dive: the three IP-control surfaces (RTB bid enrichment with ≤40 ms latency budget + OpenRTB 2.6 device.geo/device.ext, SIVT/IVT filtering with IAB-confirmed datacenter ASN block-list, click-fraud post-back attribution + risk scoring), EU-hosted GDPR + ePrivacy + IAB-TCF v2.2 posture, bundled threat fields, ASN-level granularity, and predictable EUR billing.

• IP Geolocation for iGaming — Licence-Jurisdiction Enforcement, VPN-Circumvention Scoring, and Self-Exclusion Register Routing → — iGaming-specific deep-dive: the three IP-control surfaces (licence-jurisdiction enforcement with hard-fail-closed posture across MGA/UKGC/KSA/DGOJ/ANJ/ADM/DAS, anti-circumvention scoring with residential-proxy ASN block-list covering Bright Data + Oxylabs + Smartproxy + IPRoyal, self-exclusion register routing to GamStop/CRUKS/ROFUS/Spelpaus/OASIS by IP-country), EU-hosted GDPR + EGBA posture, bundled threat fields, ASN-level granularity, and predictable EUR billing.

• IP Geolocation for SaaS Monetization — Geo-Pricing, EU-VAT/DAC7 Tax-Routing, Trial-Abuse Scoring, and OFAC/EAR Export-Controls → — SaaS-specific deep-dive: the four IP-control surfaces (PPP-anchored geo-pricing with ≤40 ms checkout-flow budget, EU-VAT-MOSS + OECD DAC7 tax-routing to the right Stripe/Adyen/Braintree/Paddle tax-id, trial-abuse detection with residential-proxy ASN block-list across Bright Data/Oxylabs/Smartproxy/IPRoyal, and OFAC SDN + EAR export-controls feature-gating), EU-hosted GDPR posture, bundled threat fields, ASN-level granularity, and predictable EUR billing.

• IP Geolocation for Streaming Media — Content Licensing, VPN-Bypass Defence, CDN POP Steering, and SSAI Ad-Insertion → — Streaming-media-specific deep-dive: the four IP-control surfaces (per-territory licensing enforcement with hard-fail-closed HTTP 451 on ambiguous resolve, VPN/proxy/Tor circumvention defence with residential-proxy ASN block-list across Bright Data/Oxylabs/Smartproxy/IPRoyal, CDN POP steering and adaptive bitrate-ladder selection across Akamai/Cloudflare/Fastly/BunnyCDN/Lumen, and SSAI ad-insertion targeting with sports blackout windows via Haversine GPS-distance), ≤40 ms session-init budget on EU edges, studio-grade 24-month audit trail, threat fields on every plan, ASN-level granularity, and EU-hosted GDPR + AVMSD (Directive 2018/1808) posture.

• IP Geolocation for E-commerce — Tax-Jurisdiction Routing, BIN-vs-IP Carding Defence, PPP-Adjusted Currency Display, and Shipping-Zone Fulfilment Routing → — E-commerce-specific deep-dive: the four IP-control surfaces (EU OSS distance-sales 27-rate map + UK VAT 20% + CH-VAT 7.7% + NO MVA 25% + US Wayfair 13-state nexus + CA GST/HST per-province + AU/SG/IN/BR/JP GST/ICMS/JCT with sanctions hard-stop on IR/KP/SY/CU/BY/RU/MM/VE at checkout; BIN-vs-IP carding + refund-fraud 6-factor weighted score at place-order with residential-proxy ASN block-list across Bright Data/Oxylabs/Smartproxy/IPRoyal/Tier3; PPP-adjusted 7-tier pricebook on first paint with VPN/proxy fall-back to BIN-billing-country; 9-warehouse fulfilment routing FRA/AMS/MAD/MIL/DOV/IAD/LAX/DEL/SIN with DDP/DDU duty pre-calc and lithium/aerosol/prescription destination-gates), ≤40 ms checkout-first-paint budget, DAC7/GDPR/EU OSS audit posture, bundled threat fields on every plan, ASN-level granularity, and EUR billing.

• IP Geolocation for Healthcare — Cross-Border Telehealth Licensing, HIPAA PHI/EPHI Access Geofencing, EU Patient-Data Residency w/ Schrems II Routing, and Cross-Border Pharma + DEA Schedule Gating → — Healthcare-specific deep-dive: the four IP-control surfaces (cross-border telehealth licensure match at consult-init w/ US IMLC 41-state partial + CA/FL/NY/TX independent + EU MRPQ Directive 2005/36/EC + DE Bundesärztekammer + NL BIG + FR ONM + UK GMC + HTTP 451 hard-fail-closed on jurisdiction-mismatch + NO_RECIPROCITY hard-stop on IR/KP/SY/CU/BY/RU/MM/VE/AF/SO; HIPAA 45 CFR §164.308(a)(4) PHI/EPHI access geofencing w/ clinical-ASN allowlist Epic/Cerner/Allscripts/Mayo/MGH/Cleveland/Kaiser + residential-proxy ASN reject Bright Data/Oxylabs/Smartproxy/IPRoyal/Tier3 + home-office BAA-attested workstation allowlist + risk_score < 30 soft-allow; EU patient-data residency w/ GDPR Art. 9 special-category + EDPB Recommendations 01/2020 supplementary technical measures + Schrems II SCC flag for US-shard + routing to 6 EHR shards EU-FRA/EU-AMS/UK-LON/US-IAD/CA-YYZ/AU-SYD w/ VPN/proxy → fall-back to EU-FRA highest protection; cross-border pharma + controlled-substance gating w/ DEA Schedules I-V + Ryan Haight Act §3 in-person-eval requirement for telemed Rx + EU Falsified Medicines Directive 2011/62/EU originator-country audit + per-country bans for cannabis/CBD/psilocybin/MDMA/kratom), ≤40 ms consult-init budget, HIPAA/GDPR Art. 9/Schrems II/DEA/EU FMD audit posture, bundled threat fields on every plan, ASN-level granularity, and EUR billing.

• IP Geolocation for Travel + Hospitality — Geo-Rate Enforcement + Dynamic-Pricing per Booking Origin, OTA Carding + ATO Defence, OFAC/EU CONSILIUM/UK OFSI Sanctions Screening at Booking-Init, and GDS + EU OSS / DAC7 Reporting → — Travel/hospitality-specific deep-dive: the four IP-control surfaces (geo-rate enforcement + dynamic-pricing per booking origin w/ 8-tier pricebook T1 EU-Lux 1.00x → T8 Africa 0.75x + VPN/proxy/Tor fall-back to T2_NA_LUX anti-arbitrage + SANCTIONS_HARDSTOP on IR/KP/SY/CU/BY/RU/MM/VE/AF/SO HTTP 451 at search-render + BIN-billing-country pin at checkout; OTA carding + ATO defence at booking checkout w/ corporate-travel-platform ASN allowlist AS-CWT/Amex GBT/BCD/FCM/Egencia/Navan/Amadeus/Sabre fast-lane + consumer-OTA reject on VPN/Tor/relay + residential-proxy ASN block Bright Data/Oxylabs/Smartproxy/IPRoyal/Tier3 + 6-factor carding score threshold ≥70; OFAC + EU CONSILIUM + UK OFSI sanctions screening at booking-init w/ sanctioned-origin hard-stop regardless of session residency + EU 6AMLD compelled-disclosure on VPN/proxy + US-Cuba 31 CFR §515 General License gate + luxury-segment AML thresholds yacht €10K / private jet €20K / villa €5K/night / heli €3K + PEP screen + source-of-funds eval; GDS + inventory routing + EU OSS / DAC7 reporting w/ Amadeus EU/UK + Sabre US/CA + Travelport APAC + 27 EU-MS destination-VAT rates DE 19% → HU 27% + NO 25% + CH 8.1% + UK 20% + DAC7 Directive 2021/514 reportable-platform-operator evidence-log 5-year retention + Jan-31 lead-MS annual report), ≤40 ms search-render budget, OFAC/EU CONSILIUM/UK OFSI/DAC7/EU OSS/HOTREC audit posture, bundled threat fields on every plan, ASN-level granularity, and EUR billing.

Last updated: 2026-04-23. Pricing and feature claims verified against vendor public pages on this date. Submit a correction → GitHub issue.