HackMyIP
EN

VPN Detection API

Free VPN, proxy, and datacenter detection — no key, no signup, CORS enabled

HackMyIP includes a free VPN / proxy / datacenter detection API — no API key, no signup, CORS enabled. It classifies an IP using the network that announces it (ASN, organization, and hosting flags), which is the same signal commercial fraud-scoring services start from. Use it to flag risky sign-ups, gate abuse, or enrich analytics. Full reference lives in the API docs.

Two endpoints, depending on whose IP

Classify the caller’s IP — GET /api/score

Returns a privacy grade and VPN/datacenter/residential classification for the IP making the request:

curl https://hackmyip.com/api/score

Example response shape (fields as returned by the worker):

{
  "success": true,
  "data": {
    "ip": "203.0.113.7",
    "location": { "city": "...", "country": "US", "timezone": "..." },
    "network": { "isp": "...", "asn": "AS...", "tls_version": "TLSv1.3" },
    "privacy": {
      "type": "datacenter",
      "score": 40,
      "grade": "C",
      "label": "...",
      "flags": ["..."],
      "is_vpn": false,
      "is_datacenter": true,
      "is_residential": false
    },
    "ipv6": false
  }
}

Look up any IP — GET /api/lookup

For an arbitrary IP, /api/lookup returns geolocation, ASN/ISP, and the hosting/proxy/mobile privacy flags:

curl 'https://hackmyip.com/api/lookup?ip=8.8.8.8'
{
  "success": true,
  "data": {
    "ip": "8.8.8.8",
    "location": { "city": "...", "region": "...", "country": "US",
                  "country_name": "United States", "latitude": 0, "longitude": 0,
                  "timezone": "...", "postal_code": "..." },
    "network": { "asn": 15169, "isp": "Google LLC", "org": "..." },
    "privacy": { "hosting": true, "proxy": false, "mobile": false }
  }
}

The hosting flag is the key datacenter signal; proxy flags known anonymizing proxies/VPN exits; mobile marks cellular-carrier IPs.

Code examples

JavaScript (fetch)

const res = await fetch('https://hackmyip.com/api/lookup?ip=8.8.8.8');
const { data } = await res.json();
const isDatacenter = data.privacy.hosting;
const isProxy = data.privacy.proxy;
console.log(data.ip, { isDatacenter, isProxy });

Python (requests)

import requests

r = requests.get('https://hackmyip.com/api/lookup', params={'ip': '8.8.8.8'})
data = r.json()['data']
print(data['ip'], 'datacenter:', data['privacy']['hosting'],
      'proxy:', data['privacy']['proxy'])

Honest limitations

  • Detection is network-based (ASN/hosting), not deep traffic inspection — a self-hosted VPN on a residential IP can read as residential, and some cloud ranges used by legitimate services read as datacenter. Use it as a risk signal.
  • Standard endpoints are rate-limited to 60 requests/minute per IP. For many IPs at once, see the bulk lookup approach below.

Frequently asked questions

Is there a free VPN detection API?

Yes. HackMyIP exposes VPN, proxy, and datacenter detection through its free REST API with no key and no signup. GET /api/score classifies the caller’s own IP, and GET /api/lookup?ip={ip} returns hosting/proxy/mobile flags for any IP you pass.

How does the VPN/proxy detection work?

Classification is based on the network that announces the IP — its autonomous system (ASN), organization, and hosting flags — not on real-time traffic analysis. Datacenter and hosting ranges are strong signals for VPNs, proxies, and bots, while residential ISP ranges indicate normal users. It is a heuristic, so treat it as a risk signal rather than absolute proof.

Do I need an API key or signup?

No. Every HackMyIP endpoint is keyless and requires no account. CORS is enabled (Access-Control-Allow-Origin: *) so you can call it directly from the browser, and standard endpoints are rate-limited at 60 requests per minute per IP with no daily cap.

Full API docs Proxy / VPN checker Bulk IP lookup