Response Fields

The Ipregistry API returns up to 82 unique data points. Here are the field names used in response payloads and their description:

JSON payloads always include all fields by default. In the case it was not possible to determine the correct value, the special value null is set as a field value.

You can inspect all fields with real values by opening the next page in your browser:
https://api.ipregistry.co/?key=tryout&pretty=true

IP Data fields

Here is the description for the fields returned with the IP lookup endpoints:

Field	Description
ip	The IP address that is analyzed.
type	The IP address type: either `IPv4` or `IPv6`.
carrier → name	The name of the mobile carrier that owns the IP address. If the value is not `null`, then it means with a very high likelihood that the IP address is used for mobile carrier traffic.
carrier → mcc	The Mobile Country Code (MCC) of the carrier, when available.
carrier → mnc	The Mobile Network Code (MNC) of the carrier, when available.
company → domain	The domain guessed for the company associated with the IP.
company → name	The company name for the company associated with the IP. The ability of Ipregistry to tell the company depends on the size of the company and how it runs its network. Let's say WeWork has rented its space to a startup. If someone from that startups visits your website, we might not be able to identify the company since it is small and uses its building's network. However, we are able to tell you that the IP is from WeWork.
company → type	Classifies the company type among `business`, `education`, `government`, `hosting`, and `isp`.
connection → asn	The Autonomous System (AS) Number associated with the IP.
connection → domain	The top-level domain name associated with the organization that owns the connection IP.
connection → organization	The name of the organization that owns the Autonomous System for the IP address that is analyzed. The value may fallback to the Autonomous System name if the organization name is not available.
connection → route	The AS route associated with the IP address as announced and used in Border Gateway Protocol (BGP) routing tables over the Internet.
connection → type	Classifies the connection type among `business`, `education`, `government`, `hosting`, `inactive`, and `isp`.
currency → code	The ISO 4217 3-letter currency code.
currency → name	The name of the currency in US locale.
currency → name_native	The name of the currency in native locale based on detected location and primary language.
currency → plural	The plural name of the given currency in US locale.
currency → plural_native	The plural name of the given currency in native locale based on detected location and primary language.
currency → symbol	The symbol of the given currency. For instance, `A$` for Australian dollars.
currency → symbol_native	The native (local) symbol of the given currency. For instance, `$` for Australian dollars.
currency → format → negative → prefix	The currency prefix for negative amounts. For instance, `-` for `-10` euros.
currency → format → negative → suffix	The currency suffix for negative amounts. For instance, `€` for `-10` euros.
currency → format → positive → prefix	The currency prefix for positive amounts. For instance, `$` for `10` US dollars.
currency → format → positive → suffix	The currency suffix for positive amounts. For instance, the empty string for `10` US dollars.
location → continent → code	The 2 letter ISO 3166-1 alpha-2 code associated with the IP.
location → continent → name	The name of the continent associated with the IP address.
location → country → area	The sum of land and water areas within international boundaries and coastlines in km².
location → country → borders	The 2 letter ISO 3166-1 alpha-2 code of the countries that border the country associated with this IP. An empty list is returned if the country has no land borders.
location → country → calling_code	The calling/dial code of the country associated with the IP.
location → country → capital	The capital city of the country associated with the IP.
location → country → code	The 2 letter ISO 3166-1 alpha-2 code associated with this IP.
location → country → name	The name of the country where the IP address is located.
location → country → population	The total population in number of residents for the country associated with the IP.
location → country → population_density	The number of residents per km² for the country associated with the IP.
location → country → flag → emoji	The emoji icon for the flag of the country associated with the IP.
location → country → flag → emoji_unicode	The unicode value of the emoji icon for the flag of the country associated with the IP.
location → country → flag → emojitwo	A link to the EmojiTwo SVG file associated with the flag of the country where the IP address is located. See the license for requirements about how to use these images.
location → country → flag → noto	A link to the Noto PNG file associated with the flag of the country where the IP address is located. See the license for requirements about how to use these images.
location → country → flag → twemoji	A link to the Twemoji SVG file associated with the flag of the country where the IP address is located. See the license for requirements about how to use these images.
location → country → flag → wikimedia	A link to the raw SVG file associated with the flag of the country where the IP address is located. The source files were taken from Wikipedia and are not under copyright protection since raw flags are in the public domain.
location → country → languages	A list of languages spoken in the country associated with the IP. Entries are sorted by popularity in descending order.
location → country → languages → code	The 2 letter ISO 639-1 code associated with the language.
location → country → languages → name	The name of the given language.
location → country → languages → native	The native name of the given language.
location → country → tld	The country code top-level domain (ccTLD) associated with the country as defined by Internet Assigned Numbers Authority (IANA).
location → region → code	The ISO 3166-2 subdivision/region code associated with the IP, when available. We provide complete and up-to-date ISO 3166 data sets on Github.
location → region → name	The name of the region associated with the IP address. When a region code is available, the region name is in the administrative language of the country.
location → city	The name of the city associated with the IP address.
location → postal	The ZIP code associated with the IP address.
location → latitude	The approximate WGS84 latitude of the location associated with the IP. The coordinates returned for a given IP address are not precise and should not be used to identify a particular street address or household (this applies to any IP geolocation service provider). Please refer to a larger geographical area such as the city, region or country.
location → longitude	The approximate WGS84 longitude of the location associated with the IP.
location → language → code	The 2 letter ISO 639-1 code of the main language associated with the IP location.
location → language → name	The name of the main language associated with the IP location.
location → language → native	The native name of the main language associated with the IP location.
location → in_eu	Boolean indicating whether the country is a recognized member of the European Union.
security → is_anonymous	Boolean with `true` value if `is_proxy`, `is_tor` OR `is_vpn` is satisfied.
security → is_abuser	Boolean indicating whether the IP Address is a known source of abuse (e.g. spam, harvesters, registration bots).
security → is_attacker	Boolean indicating whether the IP Address is a known source of malicious activity (e.g. attacks, malware, botnet activity).
security → is_bogon	Boolean indicating whether the IP Address is a Bogon: an unassigned, unaddressable IP address.
security → is_cloud_provider	Boolean indicating whether the IP address is used for hosting purposes (e.g. a node from Akamai, Cloudflare, Google Cloud Platform, Amazon EC2, and more).
security → is_proxy	Boolean indicating whether the IP Address is a known proxy. It includes HTTP/HTTPS/SSL/SOCKS/CONNECT and transparent proxies.
security → is_relay	Boolean indicating whether the IP Address is a known relay. Relay IP addresses are not designed to bypass geo-controls but instead pool multiple users behind the same IP. At this time, only Apple Private Relay IP addresses are detected.
security → is_threat	Boolean with `true` value if `is_abuser` or `is_attacker` is satisfied. The field `is_cloud_provider` is not considered. It is up to you to combine this last field with a logical OR or not.
security → is_tor	Boolean indicating whether the IP Address is a Tor relay: exit relay node, middle relay node or a bridge.
security → is_tor_exit	Boolean indicating whether the IP Address is a Tor exit relay node.
security → is_vpn	Returns `true` when the IP address under search is used by a Virtual Private Network (VPN), `false` otherwise. VPNs encrypt internet traffic and disguise online identity.
time_zone → id	The time zone associated with location, as specified by the IANA Time Zone Database.
time_zone → abbreviation	The abbreviation of the time zone associated with the IP.
time_zone → current_time	The current date and time using ISO 8601 format for the location associated with the IP address.
time_zone → name	The name of the time zone associated with the IP.
time_zone → offset	The GMT offset of the given time zone in seconds.
time_zone → in_daylight_saving	Boolean indicating whether or not the given time zone is considered in daylight saving time.

User-Agent fields

Here is the description for the fields returned by user-agent parsing endpoints.

Field	Description
user_agent → header	The raw User-Agent string that is extract from the user request.
user_agent → name	The name of the actual "Browser" that was used.
user_agent → type	The type of the actual "Browser" that was used. Here is a list of possible values: browser: a regular browser. browser-webview: a regular browser being used as part of a mobile app. cloud-application: something running in a cloud (but not a regular robot). email-client: an email application. hacker: a hacker, so it can really be anything. mobile-app: a mobile app. null: we don't know. robot: a robot that wants to be treated as a desktop device. robot-mobile: a robot that wants to be treated as a mobile device. special: something special we cannot fully classify. testclient: a website testing tool. voice: a voice driven "Browser" (i.e. ask a question and the page is read aloud).
user_agent → version	The version of the actual "Browser" that was used.
user_agent → version_major	The version major of the actual "Browser" that was used.
user_agent → device → brand	The brand of the hardware that was used.
user_agent → device → name	The name of the hardware that was used.
user_agent → device → type	The type of the hardware that was used. Here is a list of possible values: anonymized: in case the User-Agent has been altered by an anonymization software. desktop: the device is assessed as a Desktop/Laptop class device. ereader: similar to a tablet yet in most cases with an e-ink screen. game-console: "fixed" game systems like the PlayStation and Xbox. hacker: in case scripting is detected in the User-Agent string, also fallback in really broken situations. handheld-game-console: "mobile" game systems like the 3DS. mobile: a device that is mobile yet we do not know if it is a ereader/tablet/phone or watch. null: we really don't know, these are usually User-Agents that look normal yet contain almost no information about the device. phone: a mobile device with a small screen (usually lower than 7"). robot: a robot that visits the site. robot-imitator: a robot that visit the site pretending it is a robot like Google, but they are not. robot-mobile: a robot that visits the site and want to be seen as a mobile visitor. set-top-box: a connected device that allows interacting via a TV sized screen. tablet: a mobile device with a rather large screen (usually greater than 7"). tv: similar to set-top box yet here this is built into the TV. virtual-reality: a mobile device with a VR capabilities. voice: a voice driven device (i.e. ask a question and the page is read aloud). watch: a mobile device with a tiny screen (usually lower than 2").
user_agent → engine → name	The name of the underlying core that converts the 'HTML' into a visual/interactive.
user_agent → engine → type	The type of the underlying core that converts the 'HTML' into a visual/interactive. Here is a list of possible values: browser: a regular browser. mobile-app: a mobile app which probably includes a regular Web browser. hacker: a hacker, so it can really be anything (e.g. script injections). robot: a robot spidering the site. null: we don't know.
user_agent → engine → version	The version of the underlying core that converts the 'HTML' into a visual/interactive.
user_agent → os → name	The name of the resulting OS.
user_agent → os → type	The type of the resulting OS. Here is a list of possible values: cloud: looks like a thing that runs in a cloud environment. desktop: the type of OS you would run on a Desktop or Laptop. embedded: apparently embedded into something like a TV. game-console: a game console like a PlayStation or Xbox. hacker: a hacker, so it can really be anything (e.g. script injection). mobile: the type of OS you would run on a phone, tablet or watch. null: we don't known.
user_agent → os → version	The version of the resulting OS.

Response headers

In addition to the HTTP message body that contains the fields describe above, a response also includes specific Ipregistry headers:

Name	Description
Ipregistry-Credits-Consumed	The number of credits your request consumed.
Ipregistry-Credits-Remaining	The number of credits remaining on your account at the time the request was made.
Ipregistry-Pod	An internal identifier to know what node has executed your request. Please share it with support for troubleshooting.
Ipregistry-Version	The API version used by your account.