API Documentation

DetectThat API Documentation

Get started with the DetectThat API for IP intelligence, VPN detection, and risk scoring. Simple REST endpoints with powerful fraud prevention capabilities.

Introduction

DetectThat provides a comprehensive IP intelligence and risk detection API that helps you identify potential threats, detect anonymizers (VPN/Proxy/Tor), and score risk for fraud prevention.

Real-time Detection

Instantly identify VPN, proxy, and Tor exit nodes with high accuracy.

Risk Scoring

Get comprehensive risk scores based on multiple threat intelligence sources.

Built-in Caching

Smart caching reduces latency and saves on API requests.

Base URL

http://detectthat.com/api

Authentication

DetectThat uses API keys for authentication. Include your API key in the Authorization header using the Bearer token format.

API Key Format

All API keys are prefixed with dt_ for easy identification.

Authorization: Bearer dt_your_api_key_here

Example Request

curl -X GET "http://detectthat.com/api/ip/lookup/1.1.1.1" \
  -H "Authorization: Bearer dt_your_api_key_here" \
  -H "Content-Type: application/json"

🔑 Getting Your API Key

Sign up for free to get your API key.

Quick Start

Get up and running with the DetectThat API in under 5 minutes.

Step 1: Get Your API Key

Sign up for free and create your first API key.

Step 2: Make Your First Request

Test the IP lookup endpoint:

curl -s "http://detectthat.com/api/ip/lookup/1.1.1.1" \
  -H "Authorization: Bearer dt_your_api_key_here"

Step 3: Handle the Response

You'll receive a JSON response with detailed information:

{
  "ip": "1.1.1.1",
  "is_vpn": false,
  "is_proxy": false,
  "is_tor": false,
  "risk_score": 15,
  "country": "US",
  "city": "Los Angeles",
  "isp": "Cloudflare Inc",
  "asn": 13335,
  "threat_types": [],
  "cached": false
}

🚀 Try the Playground

Sign up to access our interactive API playground.

Rate Limits

Rate limits are enforced per API key to ensure fair usage and optimal performance for all users.

Free Plan

10

requests per minute

1,000

requests per month

Pro Plan

100

requests per minute

100,000

requests per month

Enterprise

Custom

requests per minute

1M+

requests per month

Rate Limit Headers

Every API response includes headers with your current rate limit status:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1640995200

⚠️ Rate Limit Exceeded

When you exceed your rate limit, you'll receive a 429 Too Many Requests response.

Consider upgrading your plan or implementing request queuing to handle higher volumes.

IP Lookup

Analyze IP addresses for anonymizer detection, geolocation, ISP information, and risk scoring.

Endpoint

GET http://detectthat.com/api/ip/lookup/{ip}

Parameters

Parameter Type Required Description
ip string Yes IPv4 or IPv6 address to analyze

Example Request

curl -X GET "http://detectthat.com/api/ip/lookup/8.8.8.8" \
  -H "Authorization: Bearer dt_your_api_key_here" \
  -H "Content-Type: application/json"

Example Response

{
  "ip": "8.8.8.8",
  "is_vpn": false,
  "is_proxy": false,
  "is_tor": false,
  "risk_score": 10,
  "country": "US",
  "country_code": "US",
  "region": "California",
  "city": "Mountain View",
  "latitude": 37.4056,
  "longitude": -122.0775,
  "timezone": "America/Los_Angeles",
  "isp": "Google LLC",
  "organization": "Google Public DNS",
  "asn": 15169,
  "asn_organization": "Google LLC",
  "threat_types": [],
  "is_hosting": false,
  "is_mobile": false,
  "cached": false,
  "cache_expires_at": null
}

📍 Response Fields

is_vpn/is_proxy/is_tor: Boolean flags for anonymizer detection

risk_score: Integer from 0-100 (0 = low risk, 100 = high risk)

threat_types: Array of detected threat categories

cached: Whether this result was served from cache

BIN Lookup

Analyze Bank Identification Numbers (BIN) to get card type, issuer information, and fraud prevention data.

Endpoint

GET http://detectthat.com/api/bin/lookup/{bin}

Parameters

Parameter Type Required Description
bin string Yes First 6-8 digits of credit card number

Example Request

curl -X GET "http://detectthat.com/api/bin/lookup/424242" \
  -H "Authorization: Bearer dt_your_api_key_here" \
  -H "Content-Type: application/json"

Example Response

{
  "bin": "424242",
  "scheme": "visa",
  "type": "debit",
  "category": "classic",
  "issuer": "Visa",
  "bank": "Test Bank",
  "country": "US",
  "country_code": "US",
  "country_name": "United States",
  "currency": "USD",
  "is_commercial": false,
  "is_prepaid": false,
  "length": 16,
  "luhn": true,
  "cached": false,
  "cache_expires_at": null
}

💳 BIN Analysis

scheme: Card network (visa, mastercard, amex, etc.)

type: Card type (credit, debit, prepaid)

is_commercial: Whether it's a business/corporate card

luhn: Whether the BIN passes Luhn algorithm validation

Response Format

All API responses are returned as JSON with consistent formatting and structure.

Success Response

Successful requests return HTTP status 200 OK with the requested data:

{
  "ip": "1.1.1.1",
  "is_vpn": false,
  "is_proxy": false,
  "risk_score": 15,
  // ... additional fields
}

Common Response Headers

Header Description
Content-Type application/json; charset=utf-8
X-RateLimit-Limit Your rate limit per minute
X-RateLimit-Remaining Remaining requests in current window
X-RateLimit-Reset Unix timestamp when limit resets

Data Types

Boolean Fields

True/false values for detection flags:

  • is_vpn, is_proxy, is_tor
  • is_hosting, is_mobile
  • cached

Numeric Fields

Integer or float values:

  • risk_score (0-100)
  • asn (Autonomous System Number)
  • latitude, longitude

✅ Best Practices

  • • Always check the response status code
  • • Handle rate limit headers appropriately
  • • Cache responses when appropriate to reduce API calls
  • • Use boolean fields for binary decisions (VPN detection, etc.)

Error Codes

DetectThat uses conventional HTTP response codes to indicate success or failure of API requests.

HTTP Status Codes

Code Meaning Description
200 OK Request successful
400 Bad Request Invalid request format or parameters
401 Unauthorized Invalid or missing API key
403 Forbidden API key lacks required permissions
404 Not Found Endpoint or resource not found
429 Too Many Requests Rate limit exceeded
500 Internal Server Error Something went wrong on our end

Error Response Format

Error responses include details to help you troubleshoot:

{
  "error": {
    "code": "invalid_ip",
    "message": "The provided IP address is not valid",
    "details": "IP address must be a valid IPv4 or IPv6 address"
  }
}

Common Error Codes

invalid_ip

The IP address format is invalid or not supported.

invalid_bin

The BIN format is invalid or too short.

api_key_invalid

The provided API key is invalid or has been revoked.

rate_limit_exceeded

You have exceeded your rate limit. Wait or upgrade your plan.

🛠️ Troubleshooting Tips

  • • Check your API key format (should start with dt_)
  • • Verify you're using the correct endpoint URL
  • • Ensure your IP/BIN format is valid
  • • Monitor rate limit headers to avoid 429 errors

Webhooks

Receive real-time notifications about API usage, rate limits, and security events via webhooks.

Webhook Events

api.usage.threshold

Triggered when API usage reaches specified thresholds (75%, 90%, 100%)

{
  "event": "api.usage.threshold",
  "data": {
    "api_key_id": "dt_abc123",
    "usage_percentage": 90,
    "requests_used": 900,
    "requests_limit": 1000,
    "period": "monthly"
  }
}

api.rate_limit.exceeded

Triggered when rate limits are exceeded

{
  "event": "api.rate_limit.exceeded",
  "data": {
    "api_key_id": "dt_abc123",
    "ip_address": "192.168.1.1",
    "endpoint": "/api/ip/lookup",
    "timestamp": "2024-01-15T10:30:00Z"
  }
}

security.threat.detected

Triggered when high-risk activity is detected

{
  "event": "security.threat.detected",
  "data": {
    "ip_address": "10.0.0.1",
    "risk_score": 95,
    "threat_types": ["tor", "malware"],
    "timestamp": "2024-01-15T10:30:00Z"
  }
}

Webhook Security

All webhook payloads are signed using HMAC-SHA256 for verification:

X-DetectThat-Signature: sha256=5d41402abc4b2a76b9719d911017c592

🔐 Verifying Signatures

Use your webhook secret to verify the signature and ensure the payload is authentic and unmodified.

⚡ Coming Soon

Webhook configuration is currently in development. Contact support for early access.

SDKs & Libraries

Official and community SDKs to integrate DetectThat into your applications quickly.

🐍

Python

Official Python SDK

pip install detectthat
📦

Node.js

Official Node.js SDK

npm install detectthat
🐘

PHP

Official PHP SDK

composer require detectthat/php
💎

Ruby

Official Ruby Gem

gem install detectthat
🦀

Rust

Community Crate

cargo add detectthat

Java

Community Library

Coming Soon

Python Example

import detectthat

client = detectthat.Client(api_key="dt_your_api_key_here")

# IP Lookup
result = client.ip.lookup("8.8.8.8")
print(f"Is VPN: {result.is_vpn}")
print(f"Risk Score: {result.risk_score}")

# BIN Lookup
bin_result = client.bin.lookup("424242")
print(f"Card Type: {bin_result.type}")
print(f"Issuer: {bin_result.issuer}")

Node.js Example

const DetectThat = require('detectthat');

const client = new DetectThat({
  apiKey: 'dt_your_api_key_here'
});

// IP Lookup
const result = await client.ip.lookup('8.8.8.8');
console.log(`Is VPN: ${result.is_vpn}`);
console.log(`Risk Score: ${result.risk_score}`);

// BIN Lookup
const binResult = await client.bin.lookup('424242');
console.log(`Card Type: ${binResult.type}`);
console.log(`Issuer: ${binResult.issuer}`);

📚 SDK Documentation

Each SDK includes comprehensive documentation, examples, and type definitions. Check the GitHub repositories for detailed usage instructions.

Code Examples

Real-world examples showing how to integrate DetectThat into common use cases.

🔐 User Registration Protection

Block suspicious registrations by checking IP risk during signup:

// Node.js/Express example
app.post('/register', async (req, res) => {
  const userIP = req.ip;
  
  // Check IP risk before allowing registration
  const ipData = await detectThat.ip.lookup(userIP);
  
  if (ipData.risk_score > 70 || ipData.is_vpn) {
    return res.status(403).json({
      error: 'Registration blocked due to high risk IP'
    });
  }
  
  // Continue with normal registration
  const user = await createUser(req.body);
  res.json({ user });
});

💳 Payment Fraud Prevention

Combine IP and BIN analysis for payment protection:

// Python/Django example
async def process_payment(request):
    user_ip = get_client_ip(request)
    card_bin = request.data['card_number'][:6]
    
    # Parallel IP and BIN lookups
    ip_task = detectthat.ip.lookup(user_ip)
    bin_task = detectthat.bin.lookup(card_bin)
    
    ip_data, bin_data = await asyncio.gather(ip_task, bin_task)
    
    # Calculate combined risk score
    risk_factors = []
    if ip_data.is_vpn or ip_data.is_proxy:
        risk_factors.append('anonymizer')
    if ip_data.risk_score > 50:
        risk_factors.append('high_risk_ip')
    if bin_data.is_prepaid:
        risk_factors.append('prepaid_card')
    
    # Require additional verification for risky transactions
    if len(risk_factors) >= 2:
        return require_3ds_verification()
    
    return process_payment_normally()

🚦 Dynamic Rate Limiting

Adjust rate limits based on IP reputation:

// PHP/Laravel example
class DynamicRateLimit
{
    public function handle($request, Closure $next)
    {
        $ip = $request->ip();
        
        // Check IP reputation
        $ipData = DetectThat::ip()->lookup($ip);
        
        // Adjust rate limit based on risk
        $rateLimit = match (true) {
            $ipData->risk_score > 80 => 10,  // Very restrictive
            $ipData->risk_score > 50 => 30,  // Moderate
            $ipData->is_vpn => 20,           // VPN users get lower limits
            default => 100                   // Normal limit
        };
        
        // Apply the dynamic rate limit
        if ($this->exceedsRateLimit($ip, $rateLimit)) {
            return response('Rate limit exceeded', 429);
        }
        
        return $next($request);
    }
}

📺 Content Access Control

Restrict content access based on geolocation and anonymizers:

// JavaScript/React example
const ContentGate = ({ children }) => {
  const [accessAllowed, setAccessAllowed] = useState(null);
  
  useEffect(() => {
    const checkAccess = async () => {
      try {
        const response = await fetch('/api/check-access', {
          headers: {
            'Authorization': `Bearer ${apiKey}`
          }
        });
        
        const ipData = await response.json();
        
        // Block access for VPN/proxy users in restricted regions
        const isBlocked = (
          ipData.is_vpn || 
          ipData.is_proxy || 
          ['CN', 'RU', 'IR'].includes(ipData.country_code)
        );
        
        setAccessAllowed(!isBlocked);
      } catch (error) {
        setAccessAllowed(false);
      }
    };
    
    checkAccess();
  }, []);
  
  if (accessAllowed === null) {
    return ;
  }
  
  if (!accessAllowed) {
    return ;
  }
  
  return children;
};

💡 Integration Tips

  • • Cache results to reduce API calls and improve performance
  • • Use async/parallel requests when checking multiple data points
  • • Implement graceful fallbacks when the API is unavailable
  • • Log and monitor API responses for debugging and analytics
  • • Consider user experience when blocking or challenging users