IP geolocation services are capable of far more than serving website visitors in their local language and currency using IP lookup. They can also play a critical role in cybersecurity.
Geolocation data can source the IP address of DDoS (Distributed Denial of Service) attackers in real time. You can then take that data to the relevant ISP (Internet Service Provider) and ask them to block those IP addresses to stop the attack.
Some cybercriminals will also try to bypass geolocation services to commit fraud. This can be done by using VPNs (Virtual Private Networks) to create a spoof legitimate location. So, the capability to detect VPNs and other threats can prove critical, especially where customer data and money is involved.
So, here are six of the best IP geolocation APIs for cybersecurity.
6 Best IP Geolocation APIs
- Abstract IP geolocation
IP2Location.io provides a fast and accurate IP Geolocation API tool to determine a user’s geolocation information, such as country, region, city, latitude & longitude, ZIP code, time zone, ASN, ISP, domain, net speed, IDD code, area code, weather station data, MNC, MCC, mobile brand, elevation, usage type, address type, advertisement category and proxy data.
It supports IPv4 and IPv6 lookup and can be easily integrated into any application. You can get free up to 30,000 IP Geolocation API credits/month.
In addition, every plan comes with Domain WHOIS API credits – WHOIS API domain lookup that returns comprehensive WHOIS data, such as domain assigned owner contact information, registrar information, registrant information, location and much more. The Free package comes with 500 WHOIS API credits/month.
The ip2location IP geolocation web service uses a granular, pay-as-you-go, credit system. This means it can source simple geographical location information such as city and latitude/longitude and scale up to elevation and weather station.
This API is capable of threat detection which could be capable of supporting many use cases. However, the full spectrum of threat detection is only available in its sister product ip2proxy web service.
Abstract’s IP geolocation REST API is capable of sourcing IP geolocation information in real-time from IPv4 and IPv6 addresses. This includes country code and flag, city, ZIP or postal code, time zone, and more. This data can then be exported in JSON. Their IP geolocation database is updated daily through ongoing contact with ISPs.
The free API key can quickly be sourced by registering on their website. Documentation will support you in getting up and running quickly. Once you are, you’ll be able to serve up to 20,000 API returns per month at no more than 1 per second.
Threat data functionality is also available at all product tiers. This means that, whichever tier you acquire, you’ll be able to detect users trying to connect using VPNs, proxies and TOR (anonymizer).
This geolocation API can detect a user’s location, sourcing geolocation information including country flag and name, latitude/longitude, currency, and ASN (ISP). Free IP geolocation is available with a plan that supports up to 30,000 API requests per month at up to 1,000 per day. This API is organized into a range of modules, all of which are available at all tiers.
This includes the security module which can detect TOR, proxies and VPNs, and use this data to assign a threat score.
This RESTful API can source country name, language, currency code, calling code, and more. There are three product tiers. Each tier is segmented three times to support more API requests and each tier offers free trials.
It’s only the top tier (Extended) that features threat detection, and it can detect proxies and crawlers. It also checks IP addresses against a database of known malicious IP addresses.
ipdata can detect a visitor’s location by sourcing data including ZIP or postal code, flag code, calling code, and time zone. The free API key is suitable for non-commercial use and is limited to 1,500 API requests per day. Higher tiers mostly add more API requests, though the top two tiers also enable SLAs and other enterprise level options.
Threat detection functionalities can detect TOR, proxies and BOGON (unallocated IP addresses), and are available at all paid tiers.
ipinfo can detect visitor location data such as latitude/longitude, postal code, time zone, and ASN data including ISP abuse contact details. There’s a free demo option as well as four paid plans.
Threat detection only becomes available in the top two tiers, but includes the capability to detect VPNs, proxy, TOR, hosting, and relay attempts. While this may satisfy many use cases, a fuller suite of functionality has been split into a separate product.
If you have customers, process transactions or hold customer data, you must treat the potential for cybersecurity threats with the utmost seriousness. This isn’t just about fraud. It’s also about data protection regulations such as the EU’s GDPR (General Data Protection Regulation). This regulation can fine data breaches to the tune of 4% of global revenue or €25 million – whichever is higher. There’s also brand damage to consider as brand value is far easier to lose than gain.
So, it’s important that you also fully consider the level of cybersecurity functionality that you need from your IP geolocation API. Bear in mind that while many products have threat detection capabilities, they may not expose them at all product tiers. Also, some products go a step further and split off their best functionality into separate products.
Consider exploring what opportunities there are to test each product so that you can identify whether it’s capable of meeting your business needs.