IP Export
Export threat intelligence data for one or more IP addresses as a downloadable file.
Endpoint
http
GET https://ipswamp.com/api/v1/exportRequest
Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes* | Bearer <api-key> |
X-API-Key | Yes* | Alternative to Authorization header |
INFO
One of Authorization or X-API-Key is required.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
ips | string | Yes* | Comma-separated list of IP addresses (e.g., 1.2.3.4,5.6.7.8) |
ip | string | Yes* | Single IP address to export |
format | string | No | Output format: csv (default) or json |
INFO
Either ips or ip is required. ips accepts up to 10,000 IPs.
Response
Success (200)
Returns a downloadable file with Content-Disposition header set to trigger a file download. The response Content-Type depends on the requested format:
| Format | Content-Type | Filename |
|---|---|---|
csv | text/csv; charset=utf-8 | ipswamp_export.csv |
json | application/json; charset=utf-8 | ipswamp_export.json |
CSV Columns
| Column | Description |
|---|---|
ip | The IP address |
threat_score | Threat score from 0 to 100 |
threat_level | Severity level |
ip_rep | Reputation classification |
total_hits | Total malicious hits recorded |
last_attack | ISO timestamp of last attack |
country_code | ISO country code |
asn | Autonomous System Number |
as_name | AS organization name |
JSON Format
json
{
"export": [
{
"ip": "1.2.3.4",
"threat_score": 85,
"threat_level": "CRITICAL",
"ip_rep": "known attacker",
"total_hits": 142,
"last_attack": "2026-04-15T10:30:00.000Z",
"country_code": "US",
"asn": "AS15169",
"as_name": "Google LLC"
},
{
"ip": "5.6.7.8",
"threat_score": 10,
"threat_level": "LOW",
"ip_rep": "clean",
"total_hits": 0,
"last_attack": null,
"country_code": "DE",
"asn": "AS3320",
"as_name": "Deutsche Telekom AG"
}
],
"total": 2,
"format": "json"
}Error Responses
| Status | Response | Description |
|---|---|---|
400 | { "error": true, "statusCode": 400, "message": "Either ip or ips is required" } | No IPs provided |
400 | { "error": true, "statusCode": 400, "message": "Invalid format" } | Unsupported format |
401 | { "error": true, "statusCode": 401, "message": "API key required..." } | No API key provided |
403 | { "error": true, "statusCode": 403, "message": "Invalid API key" } | Invalid or expired API key |
429 | { "error": true, "statusCode": 429, "message": "Rate limit exceeded" } | Too many requests |
500 | { "error": true, "statusCode": 500, "message": "Internal server error" } | Server error |
Examples
CSV Export (Multiple IPs)
bash
curl -X GET "https://ipswamp.com/api/v1/export?ips=1.2.3.4,5.6.7.8&format=csv" \
-H "Authorization: Bearer your-api-key-here" \
-o ipswamp_export.csvJSON Export (Single IP)
bash
curl -X GET "https://ipswamp.com/api/v1/export?ip=1.2.3.4&format=json" \
-H "Authorization: Bearer your-api-key-here" \
-o ipswamp_export.jsonJavaScript/TypeScript
typescript
const ips = ["1.2.3.4", "5.6.7.8"];
const format = "json";
const response = await fetch(
`https://ipswamp.com/api/v1/export?ips=${ips.join(",")}&format=${format}`,
{
headers: {
Authorization: "Bearer your-api-key-here",
},
},
);
// Save blob to file (browser)
const blob = await response.blob();
const url = URL.createObjectURL(blob);
const a = document.createElement("a");
a.href = url;
a.download = `ipswamp_export.${format}`;
a.click();
// Or in Node.js, pipe to file
// const fs = require("fs");
// const writer = fs.createWriteStream("ipswamp_export.json");
// response.body.pipe(writer);Python
python
import requests
url = "https://ipswamp.com/api/v1/export"
params = {
"ips": "1.2.3.4,5.6.7.8",
"format": "csv"
}
headers = {
"Authorization": "Bearer your-api-key-here"
}
response = requests.get(url, params=params, headers=headers)
with open("ipswamp_export.csv", "wb") as f:
f.write(response.content)
print(f"Exported {len(response.content)} bytes to ipswamp_export.csv")See Also
- Check IP Address — Single IP lookup
- Bulk IP Lookup — Multiple IP lookup via JSON