When you go to an online store and it brings up a message asking if you’d like to transfer from the US store to your local store, that’s IP geolocation services at work. But that’s just one facet of what it can offer. Alongside that it enables:
- Switching to local currency
- Switching to local language and content
- Fraud prevention
- Defense of your site
This is achieved by IP lookup during which the IP address of the user is matched to data supplied by their ISP (Internet Service Provider) or the order form the user has filled in. Then, the user’s location sourced by IP address is compared to the data they’ve entered. If it doesn’t match, then this could indicate a fraud attempt. However, fraudsters can also bypass or create fake geographical locations with technologies such as Virtual Private Networks (VPNs), anonymizers (TOR) or proxies. So, the capability to detect such attempts can be vital.
So, here are 10 of the best IP geolocation APIs to help support and protect your small business.
Abstract’s IP geolocation API
Abstract’s IP geolocation is a lightweight, fast and scalable service. It can source important geolocation information such as country and city, time zone, summertime, latitude/longitude, and more.
A REST API, it’s easy to implement, especially with the clear documentation available on the website. All you need to do is register and you’ll receive access to your own API key immediately. As IP addresses change, Abstract’s IP geolocation database is updated daily.
The free plan of this IP geolocation service offers up to 20,000 requests per month. Key functionality isn’t hidden away behind higher product tiers either. Those higher priced tiers make some additional data available to you and enable more API requests per second and per month.
Also, this geolocation API includes functionality for detecting attempts to circumvent fraud. It can detect proxies, VPNs and TOR. Importantly, this is included in this API at all pricing tiers rather than being split off into a separate product or high pricing tier.
Geolocation services such as the service provided by AbstractAPI can be used to ensure that the data you’re responsible for managing (e.g. customer data) is assigned a nationality. This can help ensure that it’s managed appropriately in the context of local law such as the EU’s GDPR (General Data Protection Regulation).
This geolocation API is a RESTful API that enables the sourcing of common IP geolocation data. This includes country code, currency code, language code, and calling. Its global server infrastructure minimizes latency or response time and custom options are available including private servers.
This API is divided into three product tiers, all of which are segmented three times to support higher levels of API requests. While threat detection is available, it’s only in the highest product tier: Extended.
ipapi is a JSON and XML IP geolocation API that’s easy to implement and scalable to varying use cases. Some of these use cases are presented visually on their homepage for maximum clarity. It can source geolocation data including city, language, ZIP or postal code, and currency.
There’s a free version available supporting 1,000 API requests per month and providing location data only. Higher product tiers add data, support and threat detection. This includes detecting TOR, crawlers and proxies to produce an overall threat level.
This API is capable of sourcing IP geolocation data including continent, country, city, and calling code. A test API key is available, but it’s “heavily limited”. Beyond that are five product tiers. All appear to support all key features including threat detection, with higher product tiers supplying SLAs and other enterprise level features.
Threat detection is provided by a combination of matching to over 600 million malicious IP addresses in the database and ongoing detection. This API can detect TOR and proxies.
ipstack sources a visitor’s location data. This includes latitude/longitude, country, country code, and city. It’s compatible with both IPv4 and IPv6 addresses. It’s capable of delivering this data in both JSON and XML formats. The free version can support up to 5,000 API requests, but is only capable of providing location data.
Data beyond location such as currency and time zone is limited to priced tiers. Also, threat detection capabilities only become available in Professional Plus, the second highest tier.
This is a very granular product in terms of the level of geolocation data that you can source and is based on a credit system. This means that you can source just the data you need to minimize credit use. However, it also means that you need to be clear about the data you need to ensure that you get the functionality that your business requires.
Also, while it can detect proxies, the full spectrum of threat detection functionality is split into a separate product.
This API can source common geolocation data such as latitude/longitude, ASN (internet service provider or ISP) and connection types. It can be implemented in JSON, XML and a range of other languages. The free API endpoint, which supports most functionality and 45 requests per minute, doesn’t even require an API key to begin using it. The two paid tiers add unlimited API requests and features such as SSL encryption, usage statistics and SLAs.
Threat detection capabilities are also available to detect VPNs, TOR and proxies.
This API can provide IP geolocation data such as country codes and flags, currency codes and symbols, and ASN. This data can be output in JSON and XML, and is encrypted using HTTPS, even in the free plan. This free API is limited to 1,000 API returns per day and 30,000 requests per month. All functionality is available at all product tiers. It’s unclear whether it offers more requests per day as well. So, you’ll need to contact them to assess.
Threat detection capabilities encompass TOR, proxy and cloud detection to create a threat score.
positionstack provides real-time geocoding to source common geolocation data. This data includes dialling code, language, currency, and latitude/longitude. It’s also capable of generating a map that can be embedded. This map becomes available at the first paid tier. The free API is limited to 25,000 API requests per month. Higher tiers offer additional functionality such as HTTPS encryption as well as the capability to output in JSON, XML and GeoJSON.
Unfortunately, there’s no mention of threat detection capabilities in the documentation, so you’d need to contact them to assess.
If your needs are particularly light or if you’re testing functionality, then you might consider the W3C. This is focused on supplying a baseline of standardized functionality rather than a fully fleshed out product or service like the other options on this list. The W3C Schools service makes it easy to practice and test the implementation of this core functionality, so this could also serve as a useful way for organizations light on IT skills to practice implementation.
Many IP geolocation services can provide the same location information. What tends to differentiate them from each other is whether all that data is available at all pricing and the capability to generate threat data.
These capabilities can be:
- Limited to higher product tiers
- Split into separate products
So, you need to be targeted in which product you select to ensure that you get the functionality you need to enable your business to function and defend your customer’s. Then, you need to be clear about the data that you’re going to need as well as manage that data responsibly in line with local laws.