--- title: "IP Verification API Reference" description: "Geo-locate and risk-score an IP address in real time — detect proxies, VPNs, and assess fraud risk." canonical: "https://eps.eko.in/docs/ip" --- > **Canonical URL:** https://eps.eko.in/docs/ip > This is a machine-readable Markdown version of the page for AI agents and LLMs. The primary (HTML) version lives at the canonical URL above. # IP Verification API Reference `POST https://staging.eko.in/ekoapi/v3/tools/kyc/ip` Geo-locate and risk-score an IP address in real time — detect proxies, VPNs, and assess fraud risk. Submit any IPv4 address to receive its geolocation (country, region, city), proxy/VPN classification, and dual risk scores (city-level and proxy-type). Use inline during transactions for fraud prevention and geo-compliance enforcement. > View product & pricing details: [IP Verification](https://eps.eko.in/products/ip-verification-api.md) ## Body parameters | Field | Type | Required | Description | | --- | --- | --- | --- | | initiator_id | string | yes | Registered mobile number of the API user (see Platform Credentials). e.g. 9962981729 | | user_code | string | yes | User code of the retailer/agent the service is run for. e.g. 20810200 | | client_ref_id | string | no | Unique reference id per API call, generated by your system. e.g. REQ-20260101-001 | | ip_address | string | yes | The IPv4 address to verify. Must be a valid, routable IP address. e.g. 103.21.58.193 | ## Headers | Field | Type | Required | Description | | --- | --- | --- | --- | | developer_key | string | yes | Static API key issued to your account after KYC. | | secret-key | string | yes | Dynamic per-request signature: base64(HMAC-SHA256(timestamp, base64(access_key))). | | secret-key-timestamp | string | yes | Current time in milliseconds since UNIX epoch, used to compute secret-key. Must match server time. | | content-type | string | yes | application/json e.g. application/json | ## Response ⭐ marks fields highlighted as verifiable. | Field | Type | Description | | --- | --- | --- | | status | number | Primary success indicator (0 = success). | | message | string | Human-readable response / error message. | | response_status_id | number | Granular status id; see the shared error-codes table. | | response_type_id | number | A unique id for every possible response shape (success or error) — useful for client logic branching and analytics. | | data | object | API-specific response payload. | | data.ip_address | string | The IP address that was submitted for verification. | | data.proxy_type ⭐ | string | Classification of the connection type (e.g. None, VPN, DCH for data-centre hosting, RES for residential proxy, etc.). | | data.country_code ⭐ | string | ISO 3166-1 alpha-2 country code for the IP address. | | data.country_name ⭐ | string | Full country name corresponding to the country code. | | data.region_name ⭐ | string | State or region within the country where the IP is geolocated. | | data.city_name ⭐ | string | City within the region where the IP is geolocated. | | data.city_risk_score ⭐ | string | Risk score (0–100) for the geolocated city, based on cybersecurity threat intelligence and historical crime/fraud data for that city. Higher scores indicate greater risk. | | data.proxy_type_risk_score ⭐ | string | Risk score (0–100) for the detected proxy type. A score of 0 means a clean residential or direct connection; higher scores indicate proxy/VPN or data-centre traffic associated with fraud. | ## Example request ```json { "initiator_id": "9962981729", "user_code": "20810200", "client_ref_id": "REQ-20260101-001", "ip_address": "103.21.58.193" } ``` ## Example response ```json { "status": 0, "response_status_id": 0, "message": "IP verification successful", "response_type_id": 1388, "data": { "ip_address": "103.21.58.193", "proxy_type": "None", "country_code": "IN", "country_name": "India", "region_name": "Maharashtra", "city_name": "Mumbai", "city_risk_score": "12", "proxy_type_risk_score": "0" } } ``` ## Error scenarios | Status | Scenario | | --- | --- | | 200 | Invalid or malformed IP address supplied | | 200 | Missing required parameter ip_address | | 403 | Authentication failure — wrong or expired secret-key |