Bulk IP Lookup
Look up threat intelligence for multiple IP addresses in a single request.
Endpoint
http
POST https://ipswamp.com/api/v1/checkIP/bulkRequest
Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes* | Bearer <api-key> |
X-API-Key | Yes* | Alternative to Authorization header |
Content-Type | Yes | application/json |
INFO
One of Authorization or X-API-Key is required.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
ips | string[] | Yes | Array of IP addresses to check (maximum 100 IPs) |
json
{
"ips": ["1.2.3.4", "5.6.7.8"]
}Response
Success (200)
Returns threat intelligence data for each requested IP address.
json
{
"results": [
{
"ip": "1.2.3.4",
"data": {
"threat_score": 85,
"threat_level": "CRITICAL",
"ip": "1.2.3.4",
"last_attack": "2026-04-15T10:30:00.000Z",
"ip_rep": "known attacker",
"total_hits": 142,
"score": 85
},
"error": null
},
{
"ip": "5.6.7.8",
"data": {
"threat_score": 10,
"threat_level": "LOW",
"ip": "5.6.7.8",
"last_attack": null,
"ip_rep": "clean",
"total_hits": 0,
"score": 10
},
"error": null
}
],
"total": 2,
"successful": 2,
"failed": 0
}Response Fields
| Field | Type | Description |
|---|---|---|
results | array | Array of lookup results, one per requested IP |
total | number | Total number of IPs in the request |
successful | number | Number of IPs successfully looked up |
failed | number | Number of IPs that failed to look up |
Result Object
| Field | Type | Description |
|---|---|---|
ip | string | The queried IP address |
data | object | null | Threat intelligence details (null if lookup failed) |
error | string | null | Error message if this IP failed to look up |
The data object follows the same shape as the Check IP Address response details field.
Error Responses
| Status | Response | Description |
|---|---|---|
400 | { "error": true, "statusCode": 400, "message": "Invalid request body" } | Missing or invalid body |
400 | { "error": true, "statusCode": 400, "message": "Maximum 100 IPs per request" } | Too many IPs in request |
401 | { "error": true, "statusCode": 401, "message": "API key required..." } | No API key provided |
403 | { "error": true, "statusCode": 403, "message": "Invalid API key" } | Invalid or expired API key |
429 | { "error": true, "statusCode": 429, "message": "Rate limit exceeded" } | Too many requests |
500 | { "error": true, "statusCode": 500, "message": "Internal server error" } | Server error |
Quota
Each IP found in the database counts as 1 toward your usage quota. IPs not found in the database do not count.
Examples
Basic Request
bash
curl -X POST "https://ipswamp.com/api/v1/checkIP/bulk" \
-H "Authorization: Bearer your-api-key-here" \
-H "Content-Type: application/json" \
-d '{"ips": ["1.2.3.4", "5.6.7.8"]}'Using X-API-Key Header
bash
curl -X POST "https://ipswamp.com/api/v1/checkIP/bulk" \
-H "X-API-Key: your-api-key-here" \
-H "Content-Type: application/json" \
-d '{"ips": ["1.2.3.4", "5.6.7.8"]}'JavaScript/TypeScript
typescript
const response = await fetch("https://ipswamp.com/api/v1/checkIP/bulk", {
method: "POST",
headers: {
Authorization: "Bearer your-api-key-here",
"Content-Type": "application/json",
},
body: JSON.stringify({ ips: ["1.2.3.4", "5.6.7.8"] }),
});
const data = await response.json();
console.log(`Looked up ${data.successful} of ${data.total} IPs`);Python
python
import requests
url = "https://ipswamp.com/api/v1/checkIP/bulk"
headers = {
"Authorization": "Bearer your-api-key-here",
"Content-Type": "application/json"
}
payload = {"ips": ["1.2.3.4", "5.6.7.8"]}
response = requests.post(url, json=payload, headers=headers)
data = response.json()
for result in data["results"]:
if result["data"]:
print(f"{result['ip']}: {result['data']['threat_level']}")
else:
print(f"{result['ip']}: Error - {result['error']}")See Also
- Check IP Address — Single IP lookup
- Subnet Lookup — CIDR-based lookup