Authentication
All API endpoints require an API key for authentication.
Authentication Methods
IPSwamp API supports two methods for providing your API key:
Bearer Token (Recommended)
Use the Authorization header with a Bearer token:
http
Authorization: Bearer <your-api-key>Example:
bash
curl -X GET "https://ipswamp.com/api/v1/checkIP?ip=8.8.8.8" \
-H "Authorization: Bearer your-api-key-here"API Key Header
Alternatively, use the X-API-Key header:
http
X-API-Key: <your-api-key>Example:
bash
curl -X GET "https://ipswamp.com/api/v1/checkIP?ip=8.8.8.8" \
-H "X-API-Key: your-api-key-here"Getting Your API Key
- Log in to your IPSwamp dashboard
- Navigate to API Settings
- Generate a new API key or copy an existing one
- Store your API key securely (never commit it to version control)
Security Warning
Keep your API keys secure. Never expose them in client-side code or public repositories.
Authentication Errors
| Status Code | Description | Solution |
|---|---|---|
401 | API key not provided | Include API key in request headers |
403 | Invalid API key | Verify your API key is correct and active |
403 | Expired API key | Generate a new API key in the dashboard |
403 | Usage limit exceeded | Upgrade your plan or wait for usage reset |
Error Response Format
json
{
"error": true,
"statusCode": 401,
"message": "API key required..."
}Test API Key
Validates the API key and returns information about the key and associated organization.
Endpoint
http
GET /api/v1/test-keyRequest Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes* | Bearer <api-key> |
X-API-Key | Yes* | Alternative to Authorization header |
INFO
One of Authorization or X-API-Key is required.
Response
Success (200)
Returns API key validation status and usage information.
json
{
"success": true,
"message": "API key validation successful! -1 Request",
"timestamp": "2025-12-10T14:30:00.000Z",
"organization_id": "org_abc123",
"api_key_info": {
"uid": "key_xyz789",
"name": "Production API Key",
"current_usage": 1500,
"max_api_requests": 10000,
"created_at": "2025-01-15T09:00:00.000Z"
}
}Response Fields
| Field | Type | Description |
|---|---|---|
success | boolean | Whether validation was successful |
message | string | Validation status message |
timestamp | string | ISO timestamp of the validation |
organization_id | string | Unique identifier for your organization |
api_key_info | object | Detailed information about the API key |
API Key Info Object:
| Field | Type | Description |
|---|---|---|
uid | string | Unique identifier for the API key |
name | string | User-defined name for the API key |
current_usage | number | Number of API calls made in current billing period |
max_api_requests | number | Maximum allowed API calls per billing period |
created_at | string | ISO timestamp when the key was created |
Error Responses
| Status | Response | Description |
|---|---|---|
401 | { "statusCode": 401, "statusMessage": "Valid API key required" } | No API key provided |
403 | { "error": true, "statusCode": 403, "message": "Invalid API key" } | Invalid or expired API key |
Examples
Using Bearer Token
bash
curl -X GET "https://ipswamp.com/api/v1/test-key" \
-H "Authorization: Bearer your-api-key-here"Using X-API-Key Header
bash
curl -X GET "https://ipswamp.com/api/v1/test-key" \
-H "X-API-Key: your-api-key-here"JavaScript/TypeScript
typescript
const response = await fetch("https://ipswamp.com/api/v1/test-key", {
headers: {
Authorization: "Bearer your-api-key-here",
},
});
const data = await response.json();
console.log(
`Usage: ${data.api_key_info.current_usage} / ${data.api_key_info.max_api_requests}`
);Python
python
import requests
url = "https://ipswamp.com/api/v1/test-key"
headers = {
"Authorization": "Bearer your-api-key-here"
}
response = requests.get(url, headers=headers)
data = response.json()
if data['success']:
info = data['api_key_info']
print(f"Usage: {info['current_usage']} / {info['max_api_requests']}")Best Practices
- Use environment variables to store API keys
- Rotate keys regularly for enhanced security
- Create separate keys for development and production
- Monitor usage via the test-key endpoint
- Implement retry logic with exponential backoff for rate limits
- Startup Validation: Test your API key when your application starts
- Regular Monitoring: Periodically check usage to avoid hitting limits
- Error Handling: Implement proper error handling for key validation failures
- Alerting: Set up alerts when usage approaches the limit
- Logging: Log validation attempts for debugging and security auditing
Important
The test-key endpoint does increment your usage counter, so avoid calling it unnecessarily. Consider caching the validation result and checking usage only when needed, rather than on every request.