Authentication
The ReportedIP API uses API key authentication to identify callers and enforce rate limits. Some public endpoints work without authentication, but an API key unlocks higher limits and additional features.
API Key Authentication
Include your API key in every authenticated request. There are two methods — the X-Key header is recommended because it keeps
your key out of server access logs.
Method 1: X-Key Header (Recommended)
curl -H "X-Key: YOUR_API_KEY" \
"https://reportedip.de/wp-json/reportedip/v2/check?ip=1.2.3.4"Method 2: Query Parameter
curl "https://reportedip.de/wp-json/reportedip/v2/check?ip=1.2.3.4&key=YOUR_API_KEY"X-Key header instead.
Getting Your API Key
Follow these three steps to obtain your API key:
Create an Account
Register for free at reportedip.de/register and verify your email address.
Open Your Dashboard
After logging in, navigate to your Dashboard.
Generate API Key
Click "Generate API Key" to create your key. Copy it immediately — it will only be shown once.
User Roles & Permissions
Your API key is tied to your user role. Each role has different rate limits and feature access. You start with the Free role upon registration.
| Role | Checks / Day | Reports / Day | Features |
|---|---|---|---|
Public (no key) |
100 (per IP) | — | check-public only |
Free |
1,000 | 50 | Check, Report, Verify |
Contributor |
5,000 | 200 | Check, Report, Verify |
Professional |
25,000 | 1,000 | + Bulk Check, Trends, Reports |
Enterprise |
Unlimited | Unlimited | + Bulk Report, White-Label |
Honeypot |
Unlimited | Unlimited | Automated Systems |
Rate Limits
Every API response includes rate limit headers so you can track your usage in real time.
When you exceed your limit, the API responds with 429 Too Many Requests.
| Header | Description |
|---|---|
X-RateLimit-Limit |
Maximum number of requests allowed per day |
X-RateLimit-Remaining |
Requests remaining in the current window |
X-RateLimit-Reset |
UTC epoch timestamp when the limit resets |
Retry-After |
Seconds to wait before retrying (only on 429 responses) |
Example Response Headers
HTTP/1.1 200 OK
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 742
X-RateLimit-Reset: 1711929600
Content-Type: application/json; charset=UTF-8Hybrid Authentication
Public endpoints like /check-public, /search-public, and /stats-public
work without any authentication. However, they accept an optional API key to unlock higher rate limits.
# Without API key — 100 requests/day per IP
curl "https://reportedip.de/wp-json/reportedip/v2/check-public?ip=1.2.3.4"
# With API key — uses your role's daily limit
curl -H "X-Key: YOUR_API_KEY" \
"https://reportedip.de/wp-json/reportedip/v2/check-public?ip=1.2.3.4"Error Responses
Authentication errors return standard JSON responses. Always check meta.success and the HTTP status code.
401 Unauthorized
Returned when the API key is missing or invalid.
{
"meta": {
"success": false,
"code": 401,
"message": "Invalid or missing API key."
},
"data": null
}403 Forbidden
Returned when your role does not have permission for the requested endpoint.
{
"meta": {
"success": false,
"code": 403,
"message": "Your role does not have access to this endpoint."
},
"data": null
}429 Too Many Requests
Returned when you have exceeded your daily rate limit.
{
"meta": {
"success": false,
"code": 429,
"message": "Rate limit exceeded. Try again later."
},
"data": {
"retryAfter": 3600
}
}Best Practices
Cache Responses
IP reputations do not change every second. Cache check results for at least 15 minutes to reduce API calls and stay within your rate limit.
Use Exponential Backoff
If you receive a 429 response, wait for the duration specified in the Retry-After header. Do not retry immediately.
Choose the Right Role
Start with the Free tier. If you need bulk operations or higher limits, upgrade to Professional or Enterprise.
Keep Your Key Secret
Never expose your API key in client-side code, public repositories, or URLs. Use environment variables and the X-Key header.