IP data is not just about location. It can also help you understand risk, detect suspicious traffic, and make smarter decisions in real time. In this guide, you will learn how to use IP intelligence to flag risky requests, enrich logs, and build simple security checks into your app using a single API.
Why IP intelligence matters for developers?
Every request hitting your app carries an IP address. Most apps ignore it beyond logging, but that IP can reveal useful signals such as:
- Whether the request is coming from a VPN or proxy
- If the IP is associated with known malicious activity
- The ASN and ISP behind the request
- Risk indicators you can use for rate limiting or blocking
Adding this layer helps you:
- Reduce fraud and abuse
- Improve login security
- Filter bot traffic
- Add context to analytics and logs
What you will build
By the end of this tutorial, you will have:
- A JavaScript function that checks an IP for risk signals
- A simple threat scoring logic for your app
- A middleware style pattern for Node.js
- A frontend example to display risk status
The API endpoint
We will use the following base endpoint:
https://api.ipgeolocation.io/v3/ipgeo
we will request security-related fields.
Step 1: Fetch IP security data
To access security details, a paid API key is required. You can view the pricing options here: IPGeolocation.io Pricing.
The Starter plan is a great option as it costs just $19/month and includes 150,000 credits, which should be enough for most basic use cases.
Here is a minimal JavaScript example:
async function checkIPSecurity(ip) {
const API_KEY = 'YOUR_API_KEY';
const res = await fetch(
`https://api.ipgeolocation.io/v3/ipgeo?apiKey=${API_KEY}&ip=${ip}&include=security&fields=security`
);
const data = await res.json();
return data.security;
}
// Example usage
checkIPSecurity('8.8.8.8').then(sec => {
console.log('Is VPN:', sec.is_vpn);
console.log('Is proxy:', sec.is_proxy);
console.log('Is Tor:', sec.is_tor);
console.log('Threat level:', sec.threat_score);
});
Example Response
{
"security": {
"is_vpn": false,
"is_proxy": false,
"is_tor": false,
"threat_score": 12
}
}
These fields give you quick signals without needing complex infrastructure.
Step 2: Create a simple threat scoring system
function evaluateRisk(security) {
let risk = 'low';
if (security.is_tor) return 'high';
if (security.is_proxy || security.is_vpn) risk = 'medium';
if (security.threat_score > 70) risk = 'high';
return risk;
}
checkIPSecurity('8.8.8.8').then(sec => {
const risk = evaluateRisk(sec);
console.log('Risk level:', risk);
});
Step 3: Use it in a Node.js middleware
export async function securityMiddleware(req, res, next) {
const ip =
req.headers['x-forwarded-for']?.split(',')[0].trim() ||
req.socket.remoteAddress;
try {
const response = await fetch(
`https://api.ipgeolocation.io/v3/ipgeo?apiKey=${process.env.API_KEY}&ip=${ip}&include=security&fields=security`
);
const data = await response.json();
const risk = evaluateRisk(data.security);
if (risk === 'high') {
return res.status(403).json({ error: 'Request blocked due to risk' });
}
req.riskLevel = risk;
next();
} catch (err) {
next();
}
}
Step 4: Add context to logs
console.log({
ip,
risk: req.riskLevel,
route: req.originalUrl,
timestamp: new Date().toISOString()
});
Step 5: Frontend risk indicator
function RiskBadge({ risk }) {
const color =
risk === 'high' ? 'red' :
risk === 'medium' ? 'orange' : 'green';
return (
<span style={{ color }}>
{risk.toUpperCase()}
</span>
);
}
Real-world use cases
Login protection
Flag suspicious logins and trigger additional verification
Rate limiting
Apply stricter limits for medium or high-risk IPs
Fraud detection
Block or review transactions from risky networks
Content protection
Restrict access to sensitive endpoints
Handling edge cases
VPN users
Not all VPN users are malicious. Treat them as medium risk instead of
blocking outright.
False positives
Always allow fallback paths, such as manual verification or email
confirmation.
API failure
Wrap calls in try-catch and default to safe behavior.
Top comments (0)