Loading
Free REST API for IP reputation lookup, threat intelligence, and blocklist generation. Powered by a global honeypot network and community reports. See pricing & rate limits or read the FAQ.
All API requests require a valid API key passed in the Authorization header as a Bearer token.
API keys are prefixed with sk_ followed by the tier name (e.g. sk_free_, sk_tier_1_). You can generate a key from the dashboard.
Authorization: Bearer sk_free_...Free API key — 1,000 lookups, 1,000 reports, 5,000 blacklist IPs, and 1,000 TAXII indicators per day. No credit card required. Get your API key →
The API provides endpoints for IP reputation lookup, threat intelligence, and blacklist generation. Click on an endpoint to view detailed documentation with code examples.
| Method | Endpoint | Description |
|---|---|---|
| GET | /v1/key/check/{ip} | Look up reputation data for a single IP address. |
| GET | /v1/key/blacklist | Generate a blacklist of observed IPs with filtering options. |
| POST | /v1/key/report | Submit a report for a suspicious IP address. |
| POST | /v1/key/bulk-report | Submit up to 10,000 reports in a single request (JSON or CSV). |
| GET | /taxii2/collections/{id}/objects/ | TAXII 2.1 feed of STIX 2.1 threat intelligence indicators. |
$ curl "https://api.sikkerapi.com/v1/key/check/203.0.113.42" \ -H "Authorization: Bearer sk_free_..."
Rate limits are enforced per API key. Each key has a daily lookup quota and a daily blacklist quota. Limits depend on your plan tier.
| Tier | Daily Lookups | Blacklist Limit | TAXII Feed | Range Alerts |
|---|---|---|---|---|
| Free | 1,000 | 5,000 | 1,000 | 1 (/28) |
| Basic | 7,000 | 50,000 | 7,000 | 5 (/24) |
| Small Business | 14,000 | 75,000 | 14,000 | 10 (/20) |
| Medium Business | 30,000 | 150,000 | 30,000 | 20 (/16) |
| Large Business | 100,000 | 350,000 | 100,000 | 40 (/16) |
The blacklist endpoint has its own daily quota and does not count against your daily lookup quota.
Rate limit headers are included on every response:
| Header | Description |
|---|---|
| X-Daily-Limit | Daily lookup quota. |
| X-Daily-Remaining | Remaining lookups today. |
| Retry-After | Seconds until retry (only on 429). |
Errors return a JSON object with an error field describing what went wrong.
| Status | Meaning |
|---|---|
| 200 | Success. Response returned. |
| 400 | Invalid IP address or bad query parameter. |
| 401 | Missing or invalid API key. |
| 403 | API key is disabled or expired. |
| 404 | Endpoint not found. |
| 429 | Rate limit exceeded. Check Retry-After header. |
| 500 | Internal server error. |
{
"error": "Valid API key required. Use Authorization: Bearer sk_..."
}| Document | Description |
|---|---|
| Confidence Level | How IP reputation scores are calculated from sensor and contributor evidence. |
| Data Retention | How long threat intelligence data is stored and when it is purged. |
Integrate SikkerAPI with your security infrastructure to automatically report and block suspicious IPs. See the behind the scenes page for how threat data flows from honeypots to your firewall.
| Integration | Description |
|---|---|
| SikkerGuard | Docker container that automatically blocks known malicious IPs using iptables and ipset. Zero-config firewall protection. Installation guide. |
| Fail2Ban | Automatically report banned IPs from Fail2Ban jails. |
| CSF Firewall | Pre-emptive IP blocking and automatic attack reporting with ConfigServer Firewall. |
$ sudo curl -o /etc/fail2ban/action.d/sikkerapi.conf \ "https://sikkerapi.com/fail2ban/sikkerapi.conf"