All IPs
Retrieve the complete list of all malicious IP addresses in the IPSwamp database as a plain-text blocklist. Whitelisted IPs are automatically excluded from the response.
Endpoint
http
GET https://ipswamp.com/api/v1/allIPsRequest
Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes* | Bearer <api-key> |
X-API-Key | Yes* | Alternative to Authorization header |
INFO
One of Authorization or X-API-Key is required.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
version | string | No | Filter by IP version: ipv4 or ipv6. Returns all if omitted. |
Response
Success (200)
Returns a plain-text response with one IP address per line. The Content-Type is text/plain; charset=utf-8.
1.2.3.4
5.6.7.8
10.0.0.1
...TIP
This format is directly compatible with firewall blocklist imports and tools like ipset, pfBlockerNG, and fail2ban.
Error Responses
| Status | Response | Description |
|---|---|---|
400 | { "error": true, "statusCode": 400, "message": "Invalid version parameter..." } | Invalid version query value |
401 | { "error": true, "statusCode": 401, "message": "API key required..." } | No API key provided |
403 | { "error": true, "statusCode": 403, "message": "Invalid API key" } | Invalid or expired API key |
429 | { "error": true, "statusCode": 429, "message": "Rate limit exceeded" } | Too many requests |
500 | { "error": true, "statusCode": 500, "message": "Failed to retrieve IPs" } | Server error |
Quota
Each request to this endpoint counts as 1 toward your usage quota regardless of the number of IPs returned.
Examples
All IPs
bash
curl -X GET "https://ipswamp.com/api/v1/allIPs" \
-H "Authorization: Bearer your-api-key-here"IPv4 Only
bash
curl -X GET "https://ipswamp.com/api/v1/allIPs?version=ipv4" \
-H "Authorization: Bearer your-api-key-here"IPv6 Only
bash
curl -X GET "https://ipswamp.com/api/v1/allIPs?version=ipv6" \
-H "Authorization: Bearer your-api-key-here"Using X-API-Key Header
bash
curl -X GET "https://ipswamp.com/api/v1/allIPs" \
-H "X-API-Key: your-api-key-here"Save to File
bash
curl -X GET "https://ipswamp.com/api/v1/allIPs" \
-H "Authorization: Bearer your-api-key-here" \
-o blocklist.txtJavaScript/TypeScript
typescript
const response = await fetch("https://ipswamp.com/api/v1/allIPs", {
headers: {
Authorization: "Bearer your-api-key-here",
},
});
const text = await response.text();
const ips = text.split("\n").filter(Boolean);
console.log(`Retrieved ${ips.length} malicious IPs`);Python
python
import requests
url = "https://ipswamp.com/api/v1/allIPs"
headers = {"Authorization": "Bearer your-api-key-here"}
response = requests.get(url, headers=headers)
ips = [ip for ip in response.text.splitlines() if ip]
print(f"Retrieved {len(ips)} malicious IPs")See Also
- Check IP Address — Single IP threat intelligence lookup
- Bulk IP Lookup — Look up threat data for up to 100 IPs
- IP Export — Export threat data as CSV or JSON with full details