Getting Started
Everything you need to start using the free WhatIsMyIP API. No keys, no signup, just HTTPS and JSON.
The Short Version
You want IP data. We have IP data. No API key. No signup form. No “enterprise tier” upsell email three days later. Just make an HTTPS request and get JSON back.
curl https://whatismyip.technology/api/me
That’s it. You just used the API. Congratulations.
What You Get
This is the same API that powers whatismyip.technology. Every lookup you see on that site hits these exact endpoints. Nothing is hidden behind a paywall, nothing is rate limited into uselessness, and nothing requires you to hand over your email so we can send you a newsletter about IP addresses (who would read that?).
The API returns JSON. Always. Every endpoint. No XML, no YAML, no CSV, no smoke signals. Just clean, predictable JSON with sensible field names.
Base URL
All endpoints live under:
https://whatismyip.technology/api/
So /api/me, /api/ip-lookup, /api/whois, and so on. HTTPS only. HTTP requests will not work.
The Seven Endpoints
Here’s what you can do:
1. Your IP + Geolocation
GET /api/me
Returns your IP address, city, country, ISP, ASN, and whether you’re behind a VPN or proxy. No parameters needed. We detect your IP from the request itself.
2. Lookup Any IP
GET /api/ip-lookup?ip=8.8.8.8
Same geolocation data as /api/me but for any IP address you specify. Give it an IPv4 or IPv6 address and get back the full picture.
3. WHOIS / RDAP
GET /api/whois?q=google.com
Domain registration data or IP network information. Registrar, dates, nameservers, abuse contacts. Works for both domains and IP addresses.
4. Blacklist Check
GET /api/blacklist?ip=203.0.113.42
Checks 15 DNSBL databases to see if an IP is flagged for spam or abuse. Great for email deliverability monitoring. IPv4 only for now.
5. Port Scan
GET /api/port-scan?host=example.com&port=443
Tests if a specific TCP port is open on a host. 2.5 second timeout. Blocks requests to internal/private ranges because we’re not going to help you scan your neighbor’s router.
6. SSL Certificate Check
GET /api/ssl-check?host=example.com
Certificate details from Certificate Transparency logs. Issuer, expiry date, days remaining, SANs. Tells you if the cert is expired or expiring soon.
7. HTTP Headers
GET /api/http-headers
Echoes back every HTTP header your client sent with the request. User agent, accept headers, encoding, language. Useful for debugging what your app actually sends.
Example Response
Here’s what you get back from /api/me:
{
"ip": "203.0.113.42",
"country": "United States",
"countryCode": "US",
"region": "Texas",
"city": "Dallas",
"zip": "75201",
"lat": 32.7767,
"lon": -96.797,
"timezone": "America/Chicago",
"isp": "AT&T Internet Services",
"org": "AT&T Services, Inc.",
"as": "AS7018 AT&T Services, Inc.",
"proxy": false,
"hosting": false,
"mobile": false
}
Every field is documented on the individual endpoint pages.
Things Worth Knowing
No authentication required. Seriously. No API keys, no OAuth dance, no Bearer tokens. Just make the request.
IPv4 and IPv6 both work. Pass either format to the IP lookup endpoints. The API figures it out.
CORS is enabled. You can call the API from browser JavaScript. We set Access-Control-Allow-Origin: * so your fetch() calls don’t get blocked.
It’s free. There’s no pricing page because there’s no price. Check the rate limits page for what counts as reasonable usage.
What’s Next
Pick an endpoint from the sidebar and read its docs. Each one has request/response examples, parameter tables, and code snippets in multiple languages. Or just start making requests. The API is pretty self explanatory once you poke at it.
If something breaks, check the error handling page. If something changed, check the changelog. If something is confusing, that’s probably our fault.