Is the HackMyIP API free?

Yes. The HackMyIP API is completely free. No API key, no signup, no authentication required. Just send HTTP requests and get JSON responses.

What is the rate limit?

60 requests per minute per IP address. Rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining) are included in every response.

Does the API support CORS?

Yes. All endpoints return Access-Control-Allow-Origin: * so you can call the API directly from browser JavaScript on any domain.

What data does the IP endpoint return?

The /api/v1/ip endpoint returns your public IP address, city, region, country, continent, latitude, longitude, timezone, postal code, ISP, ASN, VPN detection, and a privacy score.

Can I look up any IP address?

Yes. Use /api/v1/ip/{address} to look up geolocation and network information for any IPv4 or IPv6 address.

HackMyIP API v1

Free IP geolocation, DNS lookup, WHOIS, and HTTP header inspection API. No signup. No API key. Just send a request and get JSON back.

No Auth Required JSON Responses CORS Enabled 60 req/min Cloudflare Edge

Base URL

https://hackmyip.com/api/v1

GET /api/v1/ip Your IP address + geolocation + VPN status

Returns the caller's public IP address, geolocation, ISP, and privacy/VPN detection data. No parameters needed.

Example Request

# cURL
curl https://hackmyip.com/api/v1/ip

# JavaScript
const res = await fetch('https://hackmyip.com/api/v1/ip');
const data = await res.json();
console.log(data.data.ip);

# Python
import requests
data = requests.get('https://hackmyip.com/api/v1/ip').json()
print(data['data']['ip'])

Example Response

{
  "success": true,
  "data": {
    "ip": "2a06:98c0:3600::103",
    "location": {
      "city": "Columbus",
      "region": "Ohio",
      "country": "US",
      "continent": "NA",
      "latitude": 39.96118,
      "longitude": -82.99879,
      "timezone": "America/New_York",
      "postal_code": "43215",
      "is_eu": false
    },
    "network": {
      "asn": 13335,
      "isp": "Cloudflare, Inc.",
      "connection_type": "HTTP/1.1",
      "tls_version": "Unknown"
    },
    "privacy": {
      "type": "residential",
      "score": 90,
      "grade": "A",
      "label": "Clean",
      "is_vpn": false,
      "is_datacenter": false,
      "is_residential": true
    },
    "ipv6": false
  }
}

Response Fields

Field	Type	Description
ip	string	Public IP address (IPv4 or IPv6)
location.city	string	City based on IP geolocation
location.region	string	State or region
location.country	string	ISO 3166-1 alpha-2 country code
location.continent	string	Continent code (NA, EU, AS, etc.)
location.latitude	number	Approximate latitude
location.longitude	number	Approximate longitude
location.timezone	string	IANA timezone (e.g. America/New_York)
location.postal_code	string	Postal / ZIP code
location.is_eu	boolean	Whether IP is in an EU country
network.asn	number	Autonomous System Number
network.isp	string	ISP or organization name
privacy.type	string	residential, vpn, or datacenter
privacy.score	number	IP cleanliness score (0-100)
privacy.grade	string	Letter grade: A, B, C, or D
privacy.is_vpn	boolean	VPN provider detected
privacy.is_datacenter	boolean	Datacenter/hosting IP detected

GET /api/v1/ip/:address Lookup any IP address

Look up geolocation and network information for any IPv4 or IPv6 address.

Path Parameters

Parameter	Type	Description
address	string	Required. IPv4 or IPv6 address (e.g. 8.8.8.8)

Example Request

# cURL
curl https://hackmyip.com/api/v1/ip/8.8.8.8

# JavaScript
const res = await fetch('https://hackmyip.com/api/v1/ip/8.8.8.8');
const { data } = await res.json();
console.log(data.location.country);

Example Response

{
  "success": true,
  "data": {
    "ip": "8.8.8.8",
    "location": {
      "city": "Mountain View",
      "region": "California",
      "country": "US",
      "country_name": "United States",
      "latitude": 37.386,
      "longitude": -122.0838,
      "timezone": "America/Los_Angeles",
      "postal_code": "94035"
    },
    "network": {
      "asn": 15169,
      "isp": "Google LLC",
      "org": "Google Public DNS",
      "as_name": "GOOGLE"
    }
  }
}

GET /api/v1/dns/:domain DNS record lookup

Query DNS records for any domain. Supports A, AAAA, CNAME, MX, NS, TXT, SOA, SRV, CAA, and PTR record types.

Path Parameters

Parameter	Type	Description
domain	string	Required. Domain name (e.g. example.com)

Query Parameters

Parameter	Type	Description
type	string	DNS record type. Default: A. Options: A, AAAA, CNAME, MX, NS, TXT, SOA, SRV, CAA, PTR

Example Request

# A records
curl https://hackmyip.com/api/v1/dns/example.com

# MX records
curl "https://hackmyip.com/api/v1/dns/example.com?type=MX"

# NS records
curl "https://hackmyip.com/api/v1/dns/example.com?type=NS"

Example Response

{
  "success": true,
  "data": {
    "domain": "example.com",
    "type": "A",
    "records": [
      {
        "name": "example.com.",
        "type": 1,
        "ttl": 3600,
        "data": "93.184.216.34"
      }
    ],
    "authority": []
  }
}

GET /api/v1/headers Inspect your HTTP request headers

Returns the HTTP headers your client sent. Useful for debugging proxies, user agents, and custom headers.

Example Request

curl https://hackmyip.com/api/v1/headers

Example Response

{
  "success": true,
  "data": {
    "method": "GET",
    "url": "https://hackmyip.com/api/v1/headers",
    "headers": {
      "accept": "*/*",
      "accept-encoding": "gzip",
      "host": "hackmyip.com",
      "user-agent": "curl/8.7.1"
    },
    "ip": "2a06:98c0:3600::103"
  }
}

GET /api/v1/whois/:domain WHOIS / RDAP domain lookup

Look up WHOIS registration data for a domain via RDAP. Returns registrar, dates, nameservers, and status.

Path Parameters

Parameter	Type	Description
domain	string	Required. Domain name (e.g. google.com)

Example Request

curl https://hackmyip.com/api/v1/whois/google.com

Example Response

{
  "success": true,
  "data": {
    "domain": "google.com",
    "registrar": "MarkMonitor Inc.",
    "creation_date": "1997-09-15T04:00:00Z",
    "expiration_date": "2028-09-14T04:00:00Z",
    "last_updated": "2019-09-09T15:39:04Z",
    "name_servers": [
      "ns1.google.com",
      "ns2.google.com",
      "ns3.google.com",
      "ns4.google.com"
    ],
    "status": [
      "client delete prohibited",
      "client transfer prohibited",
      "client update prohibited",
      "server delete prohibited",
      "server transfer prohibited",
      "server update prohibited"
    ],
    "rdap_link": "https://rdap.verisign.com/com/v1/domain/google.com"
  }
}

Tool Endpoints

These endpoints power the newer tools and live directly under /api (no version prefix). Same rules: free, no key, JSON, CORS enabled.

GET /api/asn ASN lookup by IP, AS number, or organization

Resolve an IP to its originating ASN, look up an AS number directly, or search ASNs by organization name.

Query Parameters

Parameter	Type	Description
q	string	Required. An IP (8.8.8.8), AS number (AS15169), or org name (google)

Example Request

curl "https://hackmyip.com/api/asn?q=8.8.8.8"

GET /api/ports Real TCP port scan

Real TCP connect scan against a public host. With no ports parameter, a curated common-port catalog is scanned. Private, reserved, and internal addresses are rejected. Rate limited to 20 requests/min.

Query Parameters

Parameter	Type	Description
host	string	Hostname or public IP. Defaults to the caller's IP.
ports	string	Optional comma list, e.g. 22,80,443

Example Request

curl "https://hackmyip.com/api/ports?host=example.com&ports=22,80,443"

GET /api/security-headers HTTP security headers analyzer

Fetches the target site and grades its security headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, plus information-leak headers. Rate limited to 20 requests/min.

Query Parameters

Parameter	Type	Description
url	string	Required. Site to analyze (scheme optional, https assumed)

Example Request

curl "https://hackmyip.com/api/security-headers?url=example.com"

GET /api/email-auth MX / SPF / DMARC checker

Checks a domain's email authentication setup: MX records, SPF record, and DMARC policy, with a pass/fail analysis per mechanism.

Query Parameters

Parameter	Type	Description
domain	string	Required. Domain to check (e.g. github.com)

Example Request

curl "https://hackmyip.com/api/email-auth?domain=github.com"

Choosing between free IP APIs? See the source-verified comparisons: best free IP API (2026) · free IP API comparison · IPinfo free alternative · ipapi vs HackMyIP · BrowserLeaks alternative · whatismyipaddress.com alternative.

Rate Limiting

60 requests / minute Per IP address. Resets every 60 seconds. No burst limits.

Rate Limit Headers Every response includes X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Window headers.

429 Too Many Requests Returned when rate limit is exceeded. Includes Retry-After header.

Error Handling

All errors return the same JSON envelope with success: false and a human-readable error message.

// 400 Bad Request
{
  "success": false,
  "error": "Invalid IP address format. Provide a valid IPv4 or IPv6 address."
}

// 404 Not Found
{
  "success": false,
  "error": "Domain not found in RDAP."
}

// 429 Rate Limited
{
  "success": false,
  "error": "Rate limit exceeded. Maximum 60 requests per minute."
}

Quick Start

No API Key Start making requests immediately. Zero signup, zero authentication, zero cost.

JSON Responses All endpoints return application/json with pretty-printed output.

CORS Enabled Access-Control-Allow-Origin: * on all endpoints. Call from any browser or domain.

Global Edge Served from 300+ Cloudflare edge locations. Sub-50ms latency worldwide.