POSTIP Verification

Geo-locate and risk-score an IP address in real time — detect proxies, VPNs, and assess fraud risk.

POST/tools/kyc/ip

Submit any IPv4 address to receive its geolocation (country, region, city), proxy/VPN classification, and dual risk scores (city-level and proxy-type). Use inline during transactions for fraud prevention and geo-compliance enforcement.

Body parameters

Field	Type	Required	Description
`initiator_id`	string	required	Registered mobile number of the API user (see Platform Credentials).e.g. 9962981729
`user_code`	string	required	User code of the retailer/agent the service is run for.e.g. 20810200
`client_ref_id`	string	optional	Unique reference id per API call, generated by your system.e.g. REQ-20260101-001
`ip_address`	string	required	The IPv4 address to verify. Must be a valid, routable IP address.e.g. 103.21.58.193

initiator_idstringRequired

Registered mobile number of the API user (see Platform Credentials).

example: 9962981729

user_codestringRequired

User code of the retailer/agent the service is run for.

example: 20810200

client_ref_idstringoptional

Unique reference id per API call, generated by your system.

example: REQ-20260101-001

ip_addressstringRequired

The IPv4 address to verify. Must be a valid, routable IP address.

example: 103.21.58.193

Headers

Field	Type	Required	Description
`developer_key`	string	required	Static API key issued to your account after KYC.
`secret-key`	string	required	Dynamic per-request signature: base64(HMAC-SHA256(timestamp, base64(access_key))).
`secret-key-timestamp`	string	required	Current time in milliseconds since UNIX epoch, used to compute secret-key. Must match server time.
`content-type`	string	required	application/jsone.g. application/json

developer_keystringRequired

Static API key issued to your account after KYC.

secret-keystringRequired

Dynamic per-request signature: base64(HMAC-SHA256(timestamp, base64(access_key))).

secret-key-timestampstringRequired

Current time in milliseconds since UNIX epoch, used to compute secret-key. Must match server time.

content-typestringRequired

application/json

example: application/json

Responses

statusnumber
Primary success indicator (0 = success).
messagestring
Human-readable response / error message.
response_status_idnumber
Granular status id; see the shared error-codes table.
response_type_idnumber
A unique id for every possible response shape (success or error) — useful for client logic branching and analytics.
dataobject
API-specific response payload.
- ip_addressstring
  The IP address that was submitted for verification.
- proxy_typestring
  Classification of the connection type (e.g. None, VPN, DCH for data-centre hosting, RES for residential proxy, etc.).
- country_codestring
  ISO 3166-1 alpha-2 country code for the IP address.
- country_namestring
  Full country name corresponding to the country code.
- region_namestring
  State or region within the country where the IP is geolocated.
- city_namestring
  City within the region where the IP is geolocated.
- city_risk_scorestring
  Risk score (0–100) for the geolocated city, based on cybersecurity threat intelligence and historical crime/fraud data for that city. Higher scores indicate greater risk.
- proxy_type_risk_scorestring
  Risk score (0–100) for the detected proxy type. A score of 0 means a clean residential or direct connection; higher scores indicate proxy/VPN or data-centre traffic associated with fraud.