API Documentation - AbuseIPDB
AbuseIPDB provides a free API for reporting and checking IP addresses. Every day webmasters, system administrators, and other IT professionals use our API to report thousands of IP addresses engaging spamming, hacking, vulnerability scanning, and other malicious activity in real time.
This API allows you to protect your network by checking IP addresses against our database and allows you to contribute by submitting malicious IP addresses that you detect. The API is free to use, but you do have to create an account.
If you are a webmaster or sysadmin interested in automatically reporting abusive IPs via the AbuseIPDB API, we recommend you also see the Fail2Ban integration tutorial.
Each parameters listed below can be passed as either an GET parameter or a POST parameters.
|IPv4 or IPv6 Address|
|[DAYS]||No||30||30||Check for IP Reports in the last 30 days|
|[API_KEY]||Yes||NA||Tzmp1...quWvaiO||Your API Key (Get an API Key)|
|[CATEGORIES]||Yes||NA||10,12,15||Comma delineated list of category IDs (See all Categories)|
|[COMMENT]||No||blank||Brute forcing Wordpress login||Describe the type of malicious activity|
|[CIDR]||Yes||NA||126.96.36.199/20||IPv4 Address Block in CIDR notation|
|verbose flag||No||FALSE||/json?key=[API_KEY]&days=[DAYS]&verbose||When set, reports will include the comment (if any) and the reporter's user id number (0 if reported anonymously)|
All free accounts have a rate limit of 1,000 reports and checks per day. Webmaster accounts have a rate limit of 3,000 requests/day. You can view your rate limits and API usage information by going to the accounts page page and clicking on the "API Usage" tab.
To prevent duplicate reports being submitted automatically through our API (such as via Fail2Ban integration), we limit each accounts to reporting the same IP once per 15 minutes.
After registering, you can get your API key from the accounts page. Click on the "API Settings" tab to see your API key. You can generate a new API key at anytime. When you generate a new API key the old key will stop working immediately.
You should protect your API key like a password. Anyone who has access to your API key can submit reports on your behalf. You can pass your API key as a GET parameter, but for security reasons we recommend you pass your API key as a POST parameter.
Cross Origin Resource Sharing
Ordinarily, if you browse to domain A, domain A will not be able to access resource (i.e. an APIs) hosted on domain B. This is a security mechanism designed to prevent Cross Site Request Forgery (CSRF) attacks.
Cross Origin Resource Sharing (CORS) is a mechanism that allows a web browser to request resources from another domain outside the domain from which the request originated. This allows you to use AbuseIPDB's API from your own website.
In order to access our API from your domain, you must add your domain as a CORS Header in your Account page. Click on the "API Settings" tab. You can explicitly allow access to your domain or use the wildcard "*" to allow any domain to access the API with your API key. If your domain is example.com, set the CORS header to "http://example.com"